Impossible de charger mqtgsvc.exe
Résolu/Fermé
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
-
15 déc. 2008 à 10:59
persan_ Messages postés 218 Date d'inscription mercredi 10 octobre 2007 Statut Membre Dernière intervention 29 août 2014 - 15 déc. 2008 à 23:24
persan_ Messages postés 218 Date d'inscription mercredi 10 octobre 2007 Statut Membre Dernière intervention 29 août 2014 - 15 déc. 2008 à 23:24
A voir également:
- Impossible de charger mqtgsvc.exe
- Charger pété - Télécharger - Outils Internet
- Instagram une erreur s'est produite impossible de charger la page ✓ - Forum Instagram
- Deezer impossible de charger cette page - Forum Réseaux sociaux
- Impossible de charger l'image haute résolution messenger - Forum Facebook Messenger
- Impossible de charger toutes les discussions chiffrées de bout en - Forum Facebook
54 réponses
hisaeh
Messages postés
2642
Date d'inscription
samedi 10 mars 2007
Statut
Membre
Dernière intervention
23 août 2019
572
15 déc. 2008 à 14:11
15 déc. 2008 à 14:11
Ok, fais ceci :
1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
! Déconnectes toi et fermes toute tes applications en cours !
Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,
:Processes
explorer.exe
:Services
:Reg
:Files
C:\Documents and Settings\jean\Application Data\Microsoft\logman.exe
C:\Documents and Settings\jean\Application Data\mstsc.exe
C:\WINDOWS\System\mqtgsvc.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)
-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...
( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)
-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).
1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
! Déconnectes toi et fermes toute tes applications en cours !
Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,
:Processes
explorer.exe
:Services
:Reg
:Files
C:\Documents and Settings\jean\Application Data\Microsoft\logman.exe
C:\Documents and Settings\jean\Application Data\mstsc.exe
C:\WINDOWS\System\mqtgsvc.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)
-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...
( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)
-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 14:20
15 déc. 2008 à 14:20
Error: Unable to interpret <Processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\jean\Application Data\Microsoft\logman.exe moved successfully.
C:\Documents and Settings\jean\Application Data\mstsc.exe moved successfully.
C:\WINDOWS\System\mqtgsvc.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_101229275891.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_111229280072.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_121229335337.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_131229284937.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_141229273660.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_161229198539.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_181228651334.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_201229342534.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_211229337505.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_41229269947.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_71229273787.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_81229346140.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_91229331740.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_131229284935.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_141229256135.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_151229259738.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_161229277734.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_171229338937.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_181229270542.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_201229342535.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_211229162537.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_221229263336.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_231229281334.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_241228086145.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_251229247156.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_261229241376.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_271229320938.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_281229329806.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_291229324877.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_301229334039.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_311229329952.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_41229266942.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_71229273785.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_3_2_11228832251.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_8_2_11223394495.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_8_2_21224089394.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_438.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_630.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_141754
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\jean\Application Data\Microsoft\logman.exe moved successfully.
C:\Documents and Settings\jean\Application Data\mstsc.exe moved successfully.
C:\WINDOWS\System\mqtgsvc.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_101229275891.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_111229280072.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_121229335337.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_131229284937.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_141229273660.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_161229198539.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_181228651334.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_201229342534.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_211229337505.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_41229269947.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_71229273787.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_81229346140.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_1_91229331740.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_131229284935.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_141229256135.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_151229259738.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_161229277734.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_171229338937.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_181229270542.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_201229342535.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_211229162537.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_221229263336.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_231229281334.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_241228086145.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_251229247156.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_261229241376.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_271229320938.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_281229329806.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_291229324877.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_301229334039.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_311229329952.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_41229266942.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_1_2_71229273785.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_3_2_11228832251.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_8_2_11223394495.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\jean\LOCALS~1\Temp\cteng_8_2_21224089394.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_438.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_630.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_141754
hisaeh
Messages postés
2642
Date d'inscription
samedi 10 mars 2007
Statut
Membre
Dernière intervention
23 août 2019
572
15 déc. 2008 à 14:25
15 déc. 2008 à 14:25
Ok, refais un scan hijackthis, please
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 14:27
15 déc. 2008 à 14:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:21, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\logman.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O1 - Hosts: 102.54.94.97 rhino.acme.com # serveur source
O1 - Hosts: 38.25.63.10 x.acme.com # hôte client x
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
Scan saved at 14:27:21, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\logman.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O1 - Hosts: 102.54.94.97 rhino.acme.com # serveur source
O1 - Hosts: 38.25.63.10 x.acme.com # hôte client x
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\WINDOWS\System\ieudinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
hisaeh
Messages postés
2642
Date d'inscription
samedi 10 mars 2007
Statut
Membre
Dernière intervention
23 août 2019
572
15 déc. 2008 à 14:37
15 déc. 2008 à 14:37
Ok, il est encore bien présent, mais il faut que j'y aille.
Ce que je te propose, c'est de créer un nouveau sujet dans le forum virus/securité avec comme titre TR/Agent.iob, et tu poste ton dernier log kijack
Là, des pros de la desinfection te prendront en charge efficacement.
Ok ?
Ce que je te propose, c'est de créer un nouveau sujet dans le forum virus/securité avec comme titre TR/Agent.iob, et tu poste ton dernier log kijack
Là, des pros de la desinfection te prendront en charge efficacement.
Ok ?
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 14:39
15 déc. 2008 à 14:39
O.K Merci ;)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 déc. 2008 à 17:15
15 déc. 2008 à 17:15
slt il faudra mettre internet explorer 7 par la suite
pour ceci:
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O1 - Hosts: 102.54.94.97 rhino.acme.com # serveur source
O1 - Hosts: 38.25.63.10 x.acme.com # hôte client x
_______________
# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
_______________
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
____________________
remets ensuite un rapport hijakhcits
pour ceci:
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O1 - Hosts: 102.54.94.97 rhino.acme.com # serveur source
O1 - Hosts: 38.25.63.10 x.acme.com # hôte client x
_______________
# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
_______________
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
____________________
remets ensuite un rapport hijakhcits
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 17:23
15 déc. 2008 à 17:23
Slt jlpjlp et merci, UsbFix.txt nettoyage ou vaccination?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 déc. 2008 à 17:24
15 déc. 2008 à 17:24
nettoyage
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 17:28
15 déc. 2008 à 17:28
-------------- UsbFix V2.413.4 ---------------
* User : jean - JEAN-WCG1YON6RY
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:26:35 le lun. 12/15/2008
* Windows Xp - Internet Explorer 6.0.2900.5512
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\jean\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur fixe
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[09/05/2008 22:00][--a------] C:\AUTOEXEC.BAT
[09/06/2008 10:17][-rahs----] C:\NTDETECT.COM
[09/06/2008 10:20][-rahs----] C:\boot.ini
[12/15/2008 17:26][--a------] C:\UsbFix.txt
[09/05/2008 22:00][--a------] C:\CONFIG.SYS
[09/05/2008 22:00][--a------] C:\IO.SYS
[09/05/2008 22:00][--a------] C:\MSDOS.SYS
[09/05/2008 22:00][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[03/17/2004 04:21][--a--c---] D:\fdx-sc2.exe
[03/17/2004 04:21][--a--c---] D:\Xtremsplit.exe
[07/24/2008 12:13][--a--c---] D:\BROTHERS CODES.txt
[07/24/2008 12:13][--a--c---] D:\lyon cand.txt
[07/24/2008 12:13][--a--c---] D:\PRINCE OF PERSIA.txt
[07/24/2008 12:13][--a--c---] D:\RETURN TO CASTLE.txt
[07/24/2008 12:13][--a--c---] D:\Tomb Raider.txt
[07/24/2008 12:13][--a--c---] D:\VIETCONG.txt
[07/24/2008 12:13][--a--c---] D:\web.txt
--------------- [ Lecteur F ] ----------------
F: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ccleaner="C:\Program Files\CCleaner\CCleaner.exe" /AUTO
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RTHDCPL=RTHDCPL.EXE
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Malwarebytes' Anti-Malware="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [10/16/2008 10:26][--a------] C:\WINDOWS\system32\tmp.reg
Supprimé ! - [10/16/2008 10:26][--a--c---] C:\WINDOWS\system32\tmp.txt
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[09/05/2008 22:00][--a------] C:\AUTOEXEC.BAT
[09/06/2008 10:17][-rahs----] C:\NTDETECT.COM
[09/06/2008 10:20][-rahs----] C:\boot.ini
[03/17/2004 04:21][--a--c---] D:\fdx-sc2.exe
[03/17/2004 04:21][--a--c---] D:\Xtremsplit.exe
--------------- ! Fin du rapport ! ----------------
* User : jean - JEAN-WCG1YON6RY
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:26:35 le lun. 12/15/2008
* Windows Xp - Internet Explorer 6.0.2900.5512
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\jean\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
F: - Lecteur fixe
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[09/05/2008 22:00][--a------] C:\AUTOEXEC.BAT
[09/06/2008 10:17][-rahs----] C:\NTDETECT.COM
[09/06/2008 10:20][-rahs----] C:\boot.ini
[12/15/2008 17:26][--a------] C:\UsbFix.txt
[09/05/2008 22:00][--a------] C:\CONFIG.SYS
[09/05/2008 22:00][--a------] C:\IO.SYS
[09/05/2008 22:00][--a------] C:\MSDOS.SYS
[09/05/2008 22:00][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[03/17/2004 04:21][--a--c---] D:\fdx-sc2.exe
[03/17/2004 04:21][--a--c---] D:\Xtremsplit.exe
[07/24/2008 12:13][--a--c---] D:\BROTHERS CODES.txt
[07/24/2008 12:13][--a--c---] D:\lyon cand.txt
[07/24/2008 12:13][--a--c---] D:\PRINCE OF PERSIA.txt
[07/24/2008 12:13][--a--c---] D:\RETURN TO CASTLE.txt
[07/24/2008 12:13][--a--c---] D:\Tomb Raider.txt
[07/24/2008 12:13][--a--c---] D:\VIETCONG.txt
[07/24/2008 12:13][--a--c---] D:\web.txt
--------------- [ Lecteur F ] ----------------
F: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ccleaner="C:\Program Files\CCleaner\CCleaner.exe" /AUTO
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RTHDCPL=RTHDCPL.EXE
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Malwarebytes' Anti-Malware="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [10/16/2008 10:26][--a------] C:\WINDOWS\system32\tmp.reg
Supprimé ! - [10/16/2008 10:26][--a--c---] C:\WINDOWS\system32\tmp.txt
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[09/05/2008 22:00][--a------] C:\AUTOEXEC.BAT
[09/06/2008 10:17][-rahs----] C:\NTDETECT.COM
[09/06/2008 10:20][-rahs----] C:\boot.ini
[03/17/2004 04:21][--a--c---] D:\fdx-sc2.exe
[03/17/2004 04:21][--a--c---] D:\Xtremsplit.exe
--------------- ! Fin du rapport ! ----------------
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 17:31
15 déc. 2008 à 17:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:31, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
Scan saved at 17:30:31, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 déc. 2008 à 17:33
15 déc. 2008 à 17:33
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 17:52
15 déc. 2008 à 17:52
Je reviens dans 1 hre.
ComboFix 08-12-14.05 - jean 2008-12-15 17:47:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.352.1036.18.2047.1655 [GMT 1:00]
Lancé depuis: D:\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jean\Application Data\comrepl.exe
c:\documents and settings\jean\Application Data\dllhst3g.exe
c:\windows\spoolsv.exe
c:\windows\system32\BReWErS.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-15 17:19 . 2008-12-15 17:26 <REP> d-------- c:\program files\UsbFix
2008-12-15 14:18 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\mqtgsvc.exe
2008-12-15 11:50 . 2008-12-15 11:50 <REP> d-------- c:\program files\Trend Micro
2008-12-15 11:28 . 2002-08-30 13:00 141,312 --a--c--- c:\windows\system32\dllcache\fxsclntr.dll
2008-12-15 11:28 . 2002-08-30 13:00 113,664 --a--c--- c:\windows\system32\dllcache\fxscfgwz.dll
2008-12-15 11:28 . 2002-08-30 13:00 31,744 --a--c--- c:\windows\system32\dllcache\fxsroute.dll
2008-12-15 11:28 . 2002-08-30 13:00 18,944 --a------ c:\windows\system32\simptcp.dll
2008-12-15 11:28 . 2002-08-30 13:00 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll
2008-12-15 11:28 . 2002-08-30 13:00 15,872 --a--c--- c:\windows\system32\dllcache\smierrsm.dll
2008-12-15 11:28 . 2002-08-30 13:00 11,776 --a--c--- c:\windows\system32\dllcache\fxssend.exe
2008-12-15 11:28 . 2002-08-30 13:00 10,240 --a--c--- c:\windows\system32\dllcache\snmpstup.dll
2008-12-15 11:28 . 2002-08-30 13:00 5,632 --a--c--- c:\windows\system32\dllcache\smimsgif.dll
2008-12-15 11:28 . 2002-08-30 13:00 5,632 --a--c--- c:\windows\system32\dllcache\smierrsy.dll
2008-12-15 11:28 . 2008-12-15 12:50 57 --a------ c:\windows\system32\mapisvc.inf
2008-12-14 09:15 . 2008-12-14 09:15 <REP> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-13 16:26 . 2008-12-13 16:27 <REP> d-------- c:\program files\Common Files
2008-12-06 09:23 . 2008-12-06 09:23 <REP> d-------- c:\documents and settings\jean\Application Data\Uniblue
2008-12-05 16:50 . 2008-12-05 16:50 <REP> d-------- c:\program files\Razer
2008-12-05 16:50 . 2005-12-08 13:43 65,536 --a------ c:\windows\system32\krait.cpl
2008-12-05 16:50 . 2005-12-07 17:27 13,324 --a------ c:\windows\system32\drivers\krait.sys
2008-12-03 15:11 . 2008-12-03 15:11 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-12-03 14:59 . 2008-12-03 15:13 <REP> d-------- c:\program files\TuneUp Utilities 2009
2008-12-03 14:59 . 2008-12-03 14:59 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-03 14:59 . 2008-12-03 14:59 603,904 --a------ c:\windows\system32\TUProgSt.exe
2008-12-03 14:58 . 2008-12-03 14:58 <REP> d-------- c:\program files\TuUt09
2008-12-02 15:30 . 2008-12-02 15:30 <REP> d-------- c:\program files\JCA2000
2008-11-30 19:41 . 2008-11-30 19:41 0 --a------ c:\windows\nsreg.dat
2008-11-30 16:45 . 2008-11-30 16:45 <REP> d-------- c:\program files\Focus
2008-11-29 10:09 . 2008-11-29 10:09 <REP> d-------- C:\NVIDIA
2008-11-28 19:08 . 2008-11-28 19:08 754 --a------ c:\windows\WORDPAD.INI
2008-11-26 15:32 . 2008-11-26 15:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-26 15:32 . 2008-11-26 15:32 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-26 15:32 . 2008-11-26 15:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-26 15:32 . 2008-11-26 15:32 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-26 15:27 . 2008-11-26 15:27 <REP> d-------- c:\program files\Ubisoft
2008-11-25 20:30 . 2008-11-25 20:35 92 --a------ c:\windows\ETAXP.ini
2008-11-25 10:15 . 2008-11-25 10:15 <REP> d-------- c:\program files\Gabest
2008-11-25 10:15 . 2008-11-25 10:15 <REP> d-------- c:\program files\DivXCodec
2008-11-25 10:15 . 2008-11-25 10:15 196,608 --a------ c:\windows\system32\avisynth.dll
2008-11-25 10:14 . 2008-11-25 10:15 <REP> d-------- c:\program files\GordianKnot
2008-11-25 10:14 . 2008-11-25 10:14 414,272 --a------ c:\windows\system32\DivXc32f.dll
2008-11-25 10:14 . 2008-11-25 10:14 414,272 --a------ c:\windows\system32\DivXc32.dll
2008-11-25 10:14 . 2008-11-25 10:14 291,408 --a------ c:\windows\system32\DivXa32.acm
2008-11-25 10:14 . 2008-11-25 10:14 240,400 --a------ c:\windows\system32\DivX_c32.ax
2008-11-25 10:14 . 2008-11-25 10:14 33,280 --a------ c:\windows\system32\HUFFYUV.DLL
2008-11-24 20:20 . 2008-11-24 20:20 3,120 --------- c:\windows\.lfa
2008-11-24 12:07 . 2008-11-24 12:07 <REP> d-------- c:\program files\Anuman Interactive
2008-11-24 12:07 . 1997-02-25 14:55 351,344 --a------ c:\windows\system\LTKRN70W.DLL
2008-11-24 12:07 . 1997-02-19 11:04 172,784 --a------ c:\windows\system\LFCMP70W.DLL
2008-11-24 12:07 . 1997-07-14 17:30 97,498 --a------ c:\windows\system\WALKER.DLL
2008-11-24 12:07 . 1997-05-12 18:16 72,046 --a------ c:\windows\system\GFXAPI.DLL
2008-11-24 12:07 . 1997-03-03 12:04 37,712 --a------ c:\windows\system\LTFIL70W.DLL
2008-11-24 12:07 . 1997-02-19 10:55 17,424 --a------ c:\windows\system\LTTWN70W.DLL
2008-11-24 12:07 . 1997-02-19 10:56 11,760 --a------ c:\windows\system\LFBMP70W.DLL
2008-11-24 12:07 . 1997-07-16 12:00 7,088 --a------ c:\windows\system\LFIMG70W.DLL
2008-11-22 17:58 . 2008-11-29 10:01 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-22 13:05 . 2008-11-22 13:05 <REP> d--h----- c:\windows\PIF
2008-11-21 12:56 . 2008-12-11 18:22 244 --ah----- C:\sqmnoopt19.sqm
2008-11-21 12:56 . 2008-12-11 18:22 232 --ah----- C:\sqmdata19.sqm
2008-11-21 05:43 . 2008-12-11 14:52 244 --ah----- C:\sqmnoopt18.sqm
2008-11-21 05:43 . 2008-12-11 14:52 232 --ah----- C:\sqmdata18.sqm
2008-11-21 01:00 . 2008-12-10 18:27 244 --ah----- C:\sqmnoopt17.sqm
2008-11-21 01:00 . 2008-12-10 18:27 232 --ah----- C:\sqmdata17.sqm
2008-11-20 17:17 . 2008-12-10 13:34 244 --ah----- C:\sqmnoopt16.sqm
2008-11-20 17:17 . 2008-12-10 13:34 232 --ah----- C:\sqmdata16.sqm
2008-11-20 15:45 . 2008-12-09 16:33 244 --ah----- C:\sqmnoopt15.sqm
2008-11-20 15:45 . 2008-12-09 16:33 232 --ah----- C:\sqmdata15.sqm
2008-11-20 15:21 . 2008-11-20 15:21 <REP> d-------- c:\program files\Windows Installer Clean Up
2008-11-20 14:03 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\cisvc.exe
2008-11-20 14:02 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\ieudinit(2).exe
2008-11-20 13:59 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\cisvc(2).exe
2008-11-20 13:56 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\spoolsv(2).exe
2008-11-20 13:55 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\cmstp(2).exe
2008-11-20 13:52 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\rsvp(2).exe
2008-11-20 13:51 . 2008-11-26 10:39 81,920 --a------ c:\windows\system\spoolsv(2).exe
2008-11-18 18:27 . 2008-12-09 12:34 244 --ah----- C:\sqmnoopt14.sqm
2008-11-18 18:27 . 2008-12-09 12:34 232 --ah----- C:\sqmdata14.sqm
2008-11-18 16:03 . 2008-12-08 01:14 244 --ah----- C:\sqmnoopt13.sqm
2008-11-18 16:03 . 2008-12-08 01:14 232 --ah----- C:\sqmdata13.sqm
2008-11-18 08:31 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\comrepl.exe
2008-11-18 08:20 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\rsvp.exe
2008-11-18 08:14 . 2008-11-14 15:26 81,920 --a------ c:\windows\mqtgsvc.exe
2008-11-18 08:13 . 2008-11-14 15:26 81,920 --a------ c:\windows\cmstp.exe
2008-11-18 08:04 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\ieudinit.exe
2008-11-18 08:02 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\mstsc.exe
2008-11-18 08:01 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\esentutl.exe
2008-11-18 07:59 . 2008-11-14 15:26 81,920 --a------ c:\windows\sessmgr.exe
2008-11-18 07:59 . 2008-11-14 15:26 81,920 --a------ c:\windows\ieudinit.exe
2008-11-18 07:57 . 2008-11-14 15:26 81,920 --a------ c:\windows\logman.exe
2008-11-18 07:54 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\esentutl.exe
2008-11-17 23:37 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\clipsrv.exe
2008-11-17 22:21 . 2008-12-07 17:36 244 --ah----- C:\sqmnoopt12.sqm
2008-11-17 22:21 . 2008-12-07 17:36 232 --ah----- C:\sqmdata12.sqm
2008-11-17 11:45 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\sessmgr.exe
2008-11-17 11:45 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\logman.exe
2008-11-17 11:44 . 2008-11-14 15:26 81,920 --a------ c:\windows\esentutl.exe
2008-11-17 10:06 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\clipsrv.exe
2008-11-17 10:06 . 2008-11-14 15:26 81,920 --a------ c:\windows\mstsc.exe
2008-11-17 10:05 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\mstinit.exe
2008-11-17 10:00 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\cmstp.exe
2008-11-17 09:58 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\dllhst3g.exe
2008-11-17 09:58 . 2008-11-14 15:26 81,920 --a------ c:\windows\dllhst3g.exe
2008-11-17 09:12 . 2008-11-14 15:26 81,920 --a------ c:\windows\rsvp.exe
2008-11-17 09:11 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\sessmgr.exe
2008-11-17 09:10 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\ieudinit.exe
2008-11-17 09:09 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\cmstp.exe
2008-11-17 09:08 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\rsvp.exe
2008-11-17 09:08 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\logman.exe
2008-11-17 09:08 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\sessmgr.exe
2008-11-17 09:05 . 2008-11-14 15:26 81,920 --a------ c:\windows\clipsrv.exe
2008-11-17 09:05 . 2008-11-14 15:26 81,920 --a------ c:\windows\cisvc.exe
2008-11-17 09:03 . 2008-11-14 15:26 81,920 --a------ c:\windows\mstinit.exe
2008-11-17 09:01 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\mqtgsvc.exe
2008-11-17 09:01 . 2008-12-07 13:54 244 --ah----- C:\sqmnoopt11.sqm
2008-11-17 09:01 . 2008-12-07 13:54 232 --ah----- C:\sqmdata11.sqm
2008-11-17 09:00 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\mstinit.exe
2008-11-17 09:00 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\esentutl.exe
2008-11-17 02:46 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\dllhst3g.exe
2008-11-17 02:45 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\clipsrv.exe
2008-11-17 02:45 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\cisvc.exe
2008-11-16 21:45 . 2008-12-12 22:22 50 --a------ c:\windows\MegaManager.INI
2008-11-16 21:42 . 2008-11-16 21:42 <REP> d-------- c:\documents and settings\jean\Application Data\Megaupload
2008-11-16 21:41 . 2008-11-16 21:41 <REP> d-------- c:\program files\MegauploadToolbar
2008-11-16 21:41 . 2008-11-16 21:41 <REP> d-------- c:\program files\Megaupload
2008-11-16 21:41 . 2008-11-23 19:39 <REP> d-------- c:\documents and settings\jean\Application Data\MegauploadToolbar
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 10:28 --------- d-----w c:\program files\SpeedFan
2008-12-06 18:10 --------- d-----w c:\program files\TVAnts
2008-12-05 15:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 12:38 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-04 11:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-26 14:32 22,328 ----a-w c:\documents and settings\jean\Application Data\PnkBstrK.sys
2008-11-26 08:32 --------- d-----w c:\program files\AGEIA Technologies
2008-11-24 19:21 --------- d-----w c:\program files\IncrediMail
2008-11-20 14:21 --------- d-----w c:\program files\MSECache
2008-11-13 10:21 --------- d-----w c:\documents and settings\jean\Application Data\My Games
2008-11-13 06:49 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-11-13 06:49 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-11-13 06:41 --------- d-----w c:\documents and settings\jean\Application Data\Anuman Interactive
2008-11-11 07:47 --------- d-----w c:\program files\CDBurnerXP
2008-10-30 15:15 --------- d-----w c:\documents and settings\jean\Application Data\XRay Engine
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 05:20 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 17:30 --------- d--h--r c:\documents and settings\jean\Application Data\SecuROM
2008-10-16 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-16 10:14 --------- d-----w c:\documents and settings\jean\Application Data\Malwarebytes
2008-10-16 10:14 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 21:44 1947080 --a------ c:\progra~1\MEGAUP~2\MEGAUP~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-20 68856]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-11-26 1406192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-11-24 214456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rsvp"="c:\docume~1\jean\APPLIC~1\MICROS~1\rsvp.exe" [2008-11-14 81920]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\windows\System\mqtgsvc.exe" [2008-11-14 81920]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="c:\docume~1\jean\APPLIC~1\MICROS~1\clipsrv.exe" [2008-11-14 81920]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\docume~1\jean\LOCALS~1\APPLIC~1\MICROS~1\dllhst3g.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Krait"=c:\program files\Razer\Krait\razerhid.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"f:\\JEUX\\Company of heroes sacred\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"f:\\JEUX\\Atari Act of war d.a\\Act of War - Direct Action\\ACTOFWAR.EXE"=
"f:\\JEUX\\B.i.a hell's\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\JEUX\\THQ C.O.H opp\\Company of Heroes\\RelicCOH.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-06 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-17 20560]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-10-16 170640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-03 603904]
R3 krait03;Razer krait USB Filter Driver;c:\windows\system32\Drivers\krait.sys [2008-12-05 13324]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-10-16 15504]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-08 93696]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys []
S3 FXDrv32;FXDrv32;\??\E:\FXDrv32.sys []
S3 jbridgep;jbridgep;\??\c:\docume~1\jean\LOCALS~1\Temp\jbridgep.sys []
S3 MSIGreenPower;MSIGreenPower;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys []
S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys []
S3 RushTopDevice_J;RushTopDevice_J;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'
2008-12-15 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 12:14]
2008-12-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for jean.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 19:52]
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-AtiExtEvent - (no file)
Notify-dimsntfy - (no file)
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 17:49:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\INCRED~1\bin\ImApp.exe
.
**************************************************************************
.
Heure de fin: 2008-12-15 17:50:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 16:50:34
Avant-CF: 16,887,955,456 octets libres
Après-CF: 16,843,927,552 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
320 --- E O F --- 2008-12-12 09:25:44
ComboFix 08-12-14.05 - jean 2008-12-15 17:47:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.352.1036.18.2047.1655 [GMT 1:00]
Lancé depuis: D:\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jean\Application Data\comrepl.exe
c:\documents and settings\jean\Application Data\dllhst3g.exe
c:\windows\spoolsv.exe
c:\windows\system32\BReWErS.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-15 17:19 . 2008-12-15 17:26 <REP> d-------- c:\program files\UsbFix
2008-12-15 14:18 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\mqtgsvc.exe
2008-12-15 11:50 . 2008-12-15 11:50 <REP> d-------- c:\program files\Trend Micro
2008-12-15 11:28 . 2002-08-30 13:00 141,312 --a--c--- c:\windows\system32\dllcache\fxsclntr.dll
2008-12-15 11:28 . 2002-08-30 13:00 113,664 --a--c--- c:\windows\system32\dllcache\fxscfgwz.dll
2008-12-15 11:28 . 2002-08-30 13:00 31,744 --a--c--- c:\windows\system32\dllcache\fxsroute.dll
2008-12-15 11:28 . 2002-08-30 13:00 18,944 --a------ c:\windows\system32\simptcp.dll
2008-12-15 11:28 . 2002-08-30 13:00 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll
2008-12-15 11:28 . 2002-08-30 13:00 15,872 --a--c--- c:\windows\system32\dllcache\smierrsm.dll
2008-12-15 11:28 . 2002-08-30 13:00 11,776 --a--c--- c:\windows\system32\dllcache\fxssend.exe
2008-12-15 11:28 . 2002-08-30 13:00 10,240 --a--c--- c:\windows\system32\dllcache\snmpstup.dll
2008-12-15 11:28 . 2002-08-30 13:00 5,632 --a--c--- c:\windows\system32\dllcache\smimsgif.dll
2008-12-15 11:28 . 2002-08-30 13:00 5,632 --a--c--- c:\windows\system32\dllcache\smierrsy.dll
2008-12-15 11:28 . 2008-12-15 12:50 57 --a------ c:\windows\system32\mapisvc.inf
2008-12-14 09:15 . 2008-12-14 09:15 <REP> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-13 16:26 . 2008-12-13 16:27 <REP> d-------- c:\program files\Common Files
2008-12-06 09:23 . 2008-12-06 09:23 <REP> d-------- c:\documents and settings\jean\Application Data\Uniblue
2008-12-05 16:50 . 2008-12-05 16:50 <REP> d-------- c:\program files\Razer
2008-12-05 16:50 . 2005-12-08 13:43 65,536 --a------ c:\windows\system32\krait.cpl
2008-12-05 16:50 . 2005-12-07 17:27 13,324 --a------ c:\windows\system32\drivers\krait.sys
2008-12-03 15:11 . 2008-12-03 15:11 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-12-03 14:59 . 2008-12-03 15:13 <REP> d-------- c:\program files\TuneUp Utilities 2009
2008-12-03 14:59 . 2008-12-03 14:59 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-03 14:59 . 2008-12-03 14:59 603,904 --a------ c:\windows\system32\TUProgSt.exe
2008-12-03 14:58 . 2008-12-03 14:58 <REP> d-------- c:\program files\TuUt09
2008-12-02 15:30 . 2008-12-02 15:30 <REP> d-------- c:\program files\JCA2000
2008-11-30 19:41 . 2008-11-30 19:41 0 --a------ c:\windows\nsreg.dat
2008-11-30 16:45 . 2008-11-30 16:45 <REP> d-------- c:\program files\Focus
2008-11-29 10:09 . 2008-11-29 10:09 <REP> d-------- C:\NVIDIA
2008-11-28 19:08 . 2008-11-28 19:08 754 --a------ c:\windows\WORDPAD.INI
2008-11-26 15:32 . 2008-11-26 15:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-26 15:32 . 2008-11-26 15:32 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-26 15:32 . 2008-11-26 15:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-26 15:32 . 2008-11-26 15:32 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-26 15:27 . 2008-11-26 15:27 <REP> d-------- c:\program files\Ubisoft
2008-11-25 20:30 . 2008-11-25 20:35 92 --a------ c:\windows\ETAXP.ini
2008-11-25 10:15 . 2008-11-25 10:15 <REP> d-------- c:\program files\Gabest
2008-11-25 10:15 . 2008-11-25 10:15 <REP> d-------- c:\program files\DivXCodec
2008-11-25 10:15 . 2008-11-25 10:15 196,608 --a------ c:\windows\system32\avisynth.dll
2008-11-25 10:14 . 2008-11-25 10:15 <REP> d-------- c:\program files\GordianKnot
2008-11-25 10:14 . 2008-11-25 10:14 414,272 --a------ c:\windows\system32\DivXc32f.dll
2008-11-25 10:14 . 2008-11-25 10:14 414,272 --a------ c:\windows\system32\DivXc32.dll
2008-11-25 10:14 . 2008-11-25 10:14 291,408 --a------ c:\windows\system32\DivXa32.acm
2008-11-25 10:14 . 2008-11-25 10:14 240,400 --a------ c:\windows\system32\DivX_c32.ax
2008-11-25 10:14 . 2008-11-25 10:14 33,280 --a------ c:\windows\system32\HUFFYUV.DLL
2008-11-24 20:20 . 2008-11-24 20:20 3,120 --------- c:\windows\.lfa
2008-11-24 12:07 . 2008-11-24 12:07 <REP> d-------- c:\program files\Anuman Interactive
2008-11-24 12:07 . 1997-02-25 14:55 351,344 --a------ c:\windows\system\LTKRN70W.DLL
2008-11-24 12:07 . 1997-02-19 11:04 172,784 --a------ c:\windows\system\LFCMP70W.DLL
2008-11-24 12:07 . 1997-07-14 17:30 97,498 --a------ c:\windows\system\WALKER.DLL
2008-11-24 12:07 . 1997-05-12 18:16 72,046 --a------ c:\windows\system\GFXAPI.DLL
2008-11-24 12:07 . 1997-03-03 12:04 37,712 --a------ c:\windows\system\LTFIL70W.DLL
2008-11-24 12:07 . 1997-02-19 10:55 17,424 --a------ c:\windows\system\LTTWN70W.DLL
2008-11-24 12:07 . 1997-02-19 10:56 11,760 --a------ c:\windows\system\LFBMP70W.DLL
2008-11-24 12:07 . 1997-07-16 12:00 7,088 --a------ c:\windows\system\LFIMG70W.DLL
2008-11-22 17:58 . 2008-11-29 10:01 <REP> d-------- c:\program files\SystemRequirementsLab
2008-11-22 13:05 . 2008-11-22 13:05 <REP> d--h----- c:\windows\PIF
2008-11-21 12:56 . 2008-12-11 18:22 244 --ah----- C:\sqmnoopt19.sqm
2008-11-21 12:56 . 2008-12-11 18:22 232 --ah----- C:\sqmdata19.sqm
2008-11-21 05:43 . 2008-12-11 14:52 244 --ah----- C:\sqmnoopt18.sqm
2008-11-21 05:43 . 2008-12-11 14:52 232 --ah----- C:\sqmdata18.sqm
2008-11-21 01:00 . 2008-12-10 18:27 244 --ah----- C:\sqmnoopt17.sqm
2008-11-21 01:00 . 2008-12-10 18:27 232 --ah----- C:\sqmdata17.sqm
2008-11-20 17:17 . 2008-12-10 13:34 244 --ah----- C:\sqmnoopt16.sqm
2008-11-20 17:17 . 2008-12-10 13:34 232 --ah----- C:\sqmdata16.sqm
2008-11-20 15:45 . 2008-12-09 16:33 244 --ah----- C:\sqmnoopt15.sqm
2008-11-20 15:45 . 2008-12-09 16:33 232 --ah----- C:\sqmdata15.sqm
2008-11-20 15:21 . 2008-11-20 15:21 <REP> d-------- c:\program files\Windows Installer Clean Up
2008-11-20 14:03 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\cisvc.exe
2008-11-20 14:02 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\ieudinit(2).exe
2008-11-20 13:59 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\cisvc(2).exe
2008-11-20 13:56 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\spoolsv(2).exe
2008-11-20 13:55 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\cmstp(2).exe
2008-11-20 13:52 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\rsvp(2).exe
2008-11-20 13:51 . 2008-11-26 10:39 81,920 --a------ c:\windows\system\spoolsv(2).exe
2008-11-18 18:27 . 2008-12-09 12:34 244 --ah----- C:\sqmnoopt14.sqm
2008-11-18 18:27 . 2008-12-09 12:34 232 --ah----- C:\sqmdata14.sqm
2008-11-18 16:03 . 2008-12-08 01:14 244 --ah----- C:\sqmnoopt13.sqm
2008-11-18 16:03 . 2008-12-08 01:14 232 --ah----- C:\sqmdata13.sqm
2008-11-18 08:31 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\comrepl.exe
2008-11-18 08:20 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\rsvp.exe
2008-11-18 08:14 . 2008-11-14 15:26 81,920 --a------ c:\windows\mqtgsvc.exe
2008-11-18 08:13 . 2008-11-14 15:26 81,920 --a------ c:\windows\cmstp.exe
2008-11-18 08:04 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\ieudinit.exe
2008-11-18 08:02 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\mstsc.exe
2008-11-18 08:01 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\esentutl.exe
2008-11-18 07:59 . 2008-11-14 15:26 81,920 --a------ c:\windows\sessmgr.exe
2008-11-18 07:59 . 2008-11-14 15:26 81,920 --a------ c:\windows\ieudinit.exe
2008-11-18 07:57 . 2008-11-14 15:26 81,920 --a------ c:\windows\logman.exe
2008-11-18 07:54 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\esentutl.exe
2008-11-17 23:37 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\clipsrv.exe
2008-11-17 22:21 . 2008-12-07 17:36 244 --ah----- C:\sqmnoopt12.sqm
2008-11-17 22:21 . 2008-12-07 17:36 232 --ah----- C:\sqmdata12.sqm
2008-11-17 11:45 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\sessmgr.exe
2008-11-17 11:45 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\logman.exe
2008-11-17 11:44 . 2008-11-14 15:26 81,920 --a------ c:\windows\esentutl.exe
2008-11-17 10:06 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\clipsrv.exe
2008-11-17 10:06 . 2008-11-14 15:26 81,920 --a------ c:\windows\mstsc.exe
2008-11-17 10:05 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\mstinit.exe
2008-11-17 10:00 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\cmstp.exe
2008-11-17 09:58 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\dllhst3g.exe
2008-11-17 09:58 . 2008-11-14 15:26 81,920 --a------ c:\windows\dllhst3g.exe
2008-11-17 09:12 . 2008-11-14 15:26 81,920 --a------ c:\windows\rsvp.exe
2008-11-17 09:11 . 2008-11-14 15:26 81,920 --a------ c:\windows\system32\drivers\sessmgr.exe
2008-11-17 09:10 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\ieudinit.exe
2008-11-17 09:09 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\cmstp.exe
2008-11-17 09:08 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\rsvp.exe
2008-11-17 09:08 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\logman.exe
2008-11-17 09:08 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\sessmgr.exe
2008-11-17 09:05 . 2008-11-14 15:26 81,920 --a------ c:\windows\clipsrv.exe
2008-11-17 09:05 . 2008-11-14 15:26 81,920 --a------ c:\windows\cisvc.exe
2008-11-17 09:03 . 2008-11-14 15:26 81,920 --a------ c:\windows\mstinit.exe
2008-11-17 09:01 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\mqtgsvc.exe
2008-11-17 09:01 . 2008-12-07 13:54 244 --ah----- C:\sqmnoopt11.sqm
2008-11-17 09:01 . 2008-12-07 13:54 232 --ah----- C:\sqmdata11.sqm
2008-11-17 09:00 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\mstinit.exe
2008-11-17 09:00 . 2008-11-14 15:26 81,920 --a------ c:\documents and settings\jean\Application Data\esentutl.exe
2008-11-17 02:46 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\dllhst3g.exe
2008-11-17 02:45 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\clipsrv.exe
2008-11-17 02:45 . 2008-11-14 15:26 81,920 --a------ c:\windows\system\cisvc.exe
2008-11-16 21:45 . 2008-12-12 22:22 50 --a------ c:\windows\MegaManager.INI
2008-11-16 21:42 . 2008-11-16 21:42 <REP> d-------- c:\documents and settings\jean\Application Data\Megaupload
2008-11-16 21:41 . 2008-11-16 21:41 <REP> d-------- c:\program files\MegauploadToolbar
2008-11-16 21:41 . 2008-11-16 21:41 <REP> d-------- c:\program files\Megaupload
2008-11-16 21:41 . 2008-11-23 19:39 <REP> d-------- c:\documents and settings\jean\Application Data\MegauploadToolbar
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 10:28 --------- d-----w c:\program files\SpeedFan
2008-12-06 18:10 --------- d-----w c:\program files\TVAnts
2008-12-05 15:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 12:38 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-04 11:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-26 14:32 22,328 ----a-w c:\documents and settings\jean\Application Data\PnkBstrK.sys
2008-11-26 08:32 --------- d-----w c:\program files\AGEIA Technologies
2008-11-24 19:21 --------- d-----w c:\program files\IncrediMail
2008-11-20 14:21 --------- d-----w c:\program files\MSECache
2008-11-13 10:21 --------- d-----w c:\documents and settings\jean\Application Data\My Games
2008-11-13 06:49 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-11-13 06:49 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-11-13 06:41 --------- d-----w c:\documents and settings\jean\Application Data\Anuman Interactive
2008-11-11 07:47 --------- d-----w c:\program files\CDBurnerXP
2008-10-30 15:15 --------- d-----w c:\documents and settings\jean\Application Data\XRay Engine
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 05:20 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 17:30 --------- d--h--r c:\documents and settings\jean\Application Data\SecuROM
2008-10-16 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-16 10:14 --------- d-----w c:\documents and settings\jean\Application Data\Malwarebytes
2008-10-16 10:14 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 21:44 1947080 --a------ c:\progra~1\MEGAUP~2\MEGAUP~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-20 68856]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-11-26 1406192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-11-24 214456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rsvp"="c:\docume~1\jean\APPLIC~1\MICROS~1\rsvp.exe" [2008-11-14 81920]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\windows\System\mqtgsvc.exe" [2008-11-14 81920]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="c:\docume~1\jean\APPLIC~1\MICROS~1\clipsrv.exe" [2008-11-14 81920]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\docume~1\jean\LOCALS~1\APPLIC~1\MICROS~1\dllhst3g.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Krait"=c:\program files\Razer\Krait\razerhid.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"f:\\JEUX\\Company of heroes sacred\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"f:\\JEUX\\Atari Act of war d.a\\Act of War - Direct Action\\ACTOFWAR.EXE"=
"f:\\JEUX\\B.i.a hell's\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\JEUX\\THQ C.O.H opp\\Company of Heroes\\RelicCOH.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-06 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-17 20560]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-10-16 170640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-03 603904]
R3 krait03;Razer krait USB Filter Driver;c:\windows\system32\Drivers\krait.sys [2008-12-05 13324]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-10-16 15504]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-08 93696]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\MSI\DualCoreCenter\NTGLM7X.sys []
S3 FXDrv32;FXDrv32;\??\E:\FXDrv32.sys []
S3 jbridgep;jbridgep;\??\c:\docume~1\jean\LOCALS~1\Temp\jbridgep.sys []
S3 MSIGreenPower;MSIGreenPower;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys []
S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushTop.sys []
S3 RushTopDevice_J;RushTopDevice_J;\??\c:\program files\MSI\DualCoreCenter\Green Power Center\RushJ.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'
2008-12-15 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 12:14]
2008-12-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for jean.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 19:52]
.
- - - - ORPHELINS SUPPRIMES - - - -
Notify-AtiExtEvent - (no file)
Notify-dimsntfy - (no file)
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 17:49:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\INCRED~1\bin\ImApp.exe
.
**************************************************************************
.
Heure de fin: 2008-12-15 17:50:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-15 16:50:34
Avant-CF: 16,887,955,456 octets libres
Après-CF: 16,843,927,552 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
320 --- E O F --- 2008-12-12 09:25:44
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 déc. 2008 à 17:57
15 déc. 2008 à 17:57
remets un rapport hijakhcits
et
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
et
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 18:34
15 déc. 2008 à 18:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:38, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\DOCUME~1\jean\APPLIC~1\MICROS~1\rsvp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
Scan saved at 18:33:38, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\DOCUME~1\jean\APPLIC~1\MICROS~1\rsvp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\logman.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\jean\APPLIC~1\MICROS~1\clipsrv.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 18:37
15 déc. 2008 à 18:37
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Default System BIOS
USER : jean ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081215-1] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:45 Go (Free:37 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( lun. 12/15/2008|18:36 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - lun. 12/15/2008|18:36 - Option : [1]
-----------\\ Fin du rapport a 18:36:49.71
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Default System BIOS
USER : jean ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081215-1] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:45 Go (Free:37 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( lun. 12/15/2008|18:36 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - lun. 12/15/2008|18:36 - Option : [1]
-----------\\ Fin du rapport a 18:36:49.71
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 déc. 2008 à 18:40
15 déc. 2008 à 18:40
analyse ceci sur virus total et colle nous le rapport: https://www.virustotal.com/gui/
C:\WINDOWS\logman.exe
__________________
vire : via ton panneau de configuration:
Megaupload Toolbar
___________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
C:\WINDOWS\logman.exe
__________________
vire : via ton panneau de configuration:
Megaupload Toolbar
___________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 18:48
15 déc. 2008 à 18:48
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.16.0 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.15 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 -
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.15 -
eTrust-Vet 31.6.6261 2008.12.15 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.15 Heur.Trojan.Generic
McAfee 5464 2008.12.14 -
McAfee+Artemis 5464 2008.12.14 -
Microsoft 1.4205 2008.12.15 -
NOD32 3693 2008.12.15 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.15 Suspicious file
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.15 Cloaked Malware
Rising 21.08.02.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.15 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 -
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.15.1518 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.15 -
Information additionnelle
File size: 81920 bytes
MD5...: 28c6d4900430b2d08fcac389b6f752be
SHA1..: 8d91b3df6d58c9e9472285ebac465dc4b3d1ef90
SHA256: 8da342937ea02199dec3aceaf5dff67414207130bb391b22f9fc2c5c9b530aa1
SHA512: 645ba5272fa97b2be2c0832b5afc712e68ae6a600099b0a99c67164a19067993
01e2607988c13a893195415959182a5dee4b675058f25edbc7674dee84f7dfe2
ssdeep: 1536:o8xq7CMXOLvncYi4PiY6n4RqBGYPTZB7zAW1AliloWt:bq7uTi4Ps4UFPD1
AliloWt
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40af56
timedatestamp.....: 0x491d890f (Fri Nov 14 14:19:59 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf7ef 0x10000 6.25 eecd7508a27ad92965a8b8dd5629cc5e
.rdata 0x11000 0x1fe2 0x2000 5.47 be309fa6a8b1d695b312957feb7b806a
.data 0x13000 0x3798 0x1000 1.45 ad1862eb200c8e9646fa1c6d92060b99
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetFileTime, GetStartupInfoA, CreateDirectoryA, GetFileType, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, GetSystemDirectoryA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E597C54200C9793C40990136EFD839009BB18D2F' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E597C54200C9793C40990136EFD839009BB18D2F</a>
AhnLab-V3 2008.12.16.0 2008.12.15 -
AntiVir 7.9.0.45 2008.12.15 -
Authentium 5.1.0.4 2008.12.15 -
Avast 4.8.1281.0 2008.12.15 -
AVG 8.0.0.199 2008.12.15 -
BitDefender 7.2 2008.12.15 -
CAT-QuickHeal 10.00 2008.12.15 -
ClamAV 0.94.1 2008.12.15 -
Comodo 754 2008.12.14 -
DrWeb 4.44.0.09170 2008.12.15 -
eSafe 7.0.17.0 2008.12.15 -
eTrust-Vet 31.6.6261 2008.12.15 -
Ewido 4.0 2008.12.15 -
F-Prot 4.4.4.56 2008.12.15 -
F-Secure 8.0.14332.0 2008.12.15 -
Fortinet 3.117.0.0 2008.12.14 -
GData 19 2008.12.15 -
Ikarus T3.1.1.45.0 2008.12.15 -
K7AntiVirus 7.10.554 2008.12.15 -
Kaspersky 7.0.0.125 2008.12.15 Heur.Trojan.Generic
McAfee 5464 2008.12.14 -
McAfee+Artemis 5464 2008.12.14 -
Microsoft 1.4205 2008.12.15 -
NOD32 3693 2008.12.15 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.15 Suspicious file
PCTools 4.4.2.0 2008.12.15 -
Prevx1 V2 2008.12.15 Cloaked Malware
Rising 21.08.02.00 2008.12.15 -
SecureWeb-Gateway 6.7.6 2008.12.15 -
Sophos 4.36.0 2008.12.15 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.15 -
TheHacker 6.3.1.4.188 2008.12.14 -
TrendMicro 8.700.0.1004 2008.12.15 -
VBA32 3.12.8.10 2008.12.15 -
ViRobot 2008.12.15.1518 2008.12.15 -
VirusBuster 4.5.11.0 2008.12.15 -
Information additionnelle
File size: 81920 bytes
MD5...: 28c6d4900430b2d08fcac389b6f752be
SHA1..: 8d91b3df6d58c9e9472285ebac465dc4b3d1ef90
SHA256: 8da342937ea02199dec3aceaf5dff67414207130bb391b22f9fc2c5c9b530aa1
SHA512: 645ba5272fa97b2be2c0832b5afc712e68ae6a600099b0a99c67164a19067993
01e2607988c13a893195415959182a5dee4b675058f25edbc7674dee84f7dfe2
ssdeep: 1536:o8xq7CMXOLvncYi4PiY6n4RqBGYPTZB7zAW1AliloWt:bq7uTi4Ps4UFPD1
AliloWt
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40af56
timedatestamp.....: 0x491d890f (Fri Nov 14 14:19:59 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf7ef 0x10000 6.25 eecd7508a27ad92965a8b8dd5629cc5e
.rdata 0x11000 0x1fe2 0x2000 5.47 be309fa6a8b1d695b312957feb7b806a
.data 0x13000 0x3798 0x1000 1.45 ad1862eb200c8e9646fa1c6d92060b99
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetFileTime, GetStartupInfoA, CreateDirectoryA, GetFileType, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, GetSystemDirectoryA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E597C54200C9793C40990136EFD839009BB18D2F' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E597C54200C9793C40990136EFD839009BB18D2F</a>
persan_
Messages postés
218
Date d'inscription
mercredi 10 octobre 2007
Statut
Membre
Dernière intervention
29 août 2014
40
15 déc. 2008 à 19:12
15 déc. 2008 à 19:12
[b]SDFix: Version 1.240 [/b]
Run by jean on lun. 12/15/2008 at 19:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\mstinit.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 19:09:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:35,a2,f9,78,63,a5,3e,a7,bb,1a,38,79,92,da,2b,e5,70,e8,79,f3,dc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d8,fa,5d,46,9b,43,56,43,55,61,e0,df,a5,f3,41,19,7e,c9,48,48,01,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,49,db,fa,a9,87,23,3a,b8,61,04,18,0e,77,b2,79,9f,7f,..
"khjeh"=hex:bd,2b,0f,2a,db,87,8e,14,c8,13,52,5d,9a,15,70,1b,14,18,36,9c,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,cf,4c,27,27,ff,b9,d6,13,ed,75,03,6a,ae,d0,d6,7b,9a,25,81,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d8,0f,b5,e4,7d,64,c4,4a,86,e3,ca,0e,48,c5,8b,1b,10,86,04,f2,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:ef,b5,8b,74,73,cf,ce,07,09,c4,c7,7e,d8,ae,13,08,86,40,08,ee,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:35,a2,f9,78,63,a5,3e,a7,bb,1a,38,79,92,da,2b,e5,70,e8,79,f3,dc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d8,fa,5d,46,9b,43,56,43,55,61,e0,df,a5,f3,41,19,7e,c9,48,48,01,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,49,db,fa,a9,87,23,3a,b8,61,04,18,0e,77,b2,79,9f,7f,..
"khjeh"=hex:bd,2b,0f,2a,db,87,8e,14,c8,13,52,5d,9a,15,70,1b,14,18,36,9c,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,cf,4c,27,27,ff,b9,d6,13,ed,75,03,6a,ae,d0,d6,7b,9a,25,81,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d8,0f,b5,e4,7d,64,c4,4a,86,e3,ca,0e,48,c5,8b,1b,10,86,04,f2,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:ef,b5,8b,74,73,cf,ce,07,09,c4,c7,7e,d8,ae,13,08,86,40,08,ee,3f,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"F:\\JEUX\\Company of heroes sacred\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"="F:\\JEUX\\Company of heroes sacred\\THQ\\Company of Heroes\\BugReport\\BugReport.exe:*:Enabled:BugReport"
"F:\\JEUX\\Atari Act of war d.a\\Act of War - Direct Action\\ACTOFWAR.EXE"="F:\\JEUX\\Atari Act of war d.a\\Act of War - Direct Action\\ACTOFWAR.EXE:*:Enabled:ACTOFWAR"
"F:\\JEUX\\B.i.a hell's\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"="F:\\JEUX\\B.i.a hell's\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe:*:Enabled:biahh"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editeur"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\\JEUX\\THQ C.O.H opp\\Company of Heroes\\RelicCOH.exe"="F:\\JEUX\\THQ C.O.H opp\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\\Documents and Settings\\jean\\Local Settings\\temp\\~tmp\\mdnk25\\mdm.exe"="C:\\Documents and Settings\\jean\\Local Settings\\temp\\~tmp\\mdnk25\\mdm.exe:*:Enabled:mdm"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 19 Sep 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 13 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 1 Dec 2008 1,332 ...HR --- "C:\Documents and Settings\jean\Application Data\SecuROM\UserData\securom_v7_01.bak"
[b]Finished![/b]
Run by jean on lun. 12/15/2008 at 19:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\mstinit.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 19:09:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:35,a2,f9,78,63,a5,3e,a7,bb,1a,38,79,92,da,2b,e5,70,e8,79,f3,dc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d8,fa,5d,46,9b,43,56,43,55,61,e0,df,a5,f3,41,19,7e,c9,48,48,01,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,49,db,fa,a9,87,23,3a,b8,61,04,18,0e,77,b2,79,9f,7f,..
"khjeh"=hex:bd,2b,0f,2a,db,87,8e,14,c8,13,52,5d,9a,15,70,1b,14,18,36,9c,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,cf,4c,27,27,ff,b9,d6,13,ed,75,03,6a,ae,d0,d6,7b,9a,25,81,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d8,0f,b5,e4,7d,64,c4,4a,86,e3,ca,0e,48,c5,8b,1b,10,86,04,f2,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:ef,b5,8b,74,73,cf,ce,07,09,c4,c7,7e,d8,ae,13,08,86,40,08,ee,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:35,a2,f9,78,63,a5,3e,a7,bb,1a,38,79,92,da,2b,e5,70,e8,79,f3,dc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:d8,fa,5d,46,9b,43,56,43,55,61,e0,df,a5,f3,41,19,7e,c9,48,48,01,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,49,db,fa,a9,87,23,3a,b8,61,04,18,0e,77,b2,79,9f,7f,..
"khjeh"=hex:bd,2b,0f,2a,db,87,8e,14,c8,13,52,5d,9a,15,70,1b,14,18,36,9c,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d3,cf,4c,27,27,ff,b9,d6,13,ed,75,03,6a,ae,d0,d6,7b,9a,25,81,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d8,0f,b5,e4,7d,64,c4,4a,86,e3,ca,0e,48,c5,8b,1b,10,86,04,f2,9f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:ef,b5,8b,74,73,cf,ce,07,09,c4,c7,7e,d8,ae,13,08,86,40,08,ee,3f,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"F:\\JEUX\\Company of heroes sacred\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"="F:\\JEUX\\Company of heroes sacred\\THQ\\Company of Heroes\\BugReport\\BugReport.exe:*:Enabled:BugReport"
"F:\\JEUX\\Atari Act of war d.a\\Act of War - Direct Action\\ACTOFWAR.EXE"="F:\\JEUX\\Atari Act of war d.a\\Act of War - Direct Action\\ACTOFWAR.EXE:*:Enabled:ACTOFWAR"
"F:\\JEUX\\B.i.a hell's\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"="F:\\JEUX\\B.i.a hell's\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe:*:Enabled:biahh"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="C:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editeur"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\\JEUX\\THQ C.O.H opp\\Company of Heroes\\RelicCOH.exe"="F:\\JEUX\\THQ C.O.H opp\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\\Documents and Settings\\jean\\Local Settings\\temp\\~tmp\\mdnk25\\mdm.exe"="C:\\Documents and Settings\\jean\\Local Settings\\temp\\~tmp\\mdnk25\\mdm.exe:*:Enabled:mdm"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 19 Sep 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 13 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 1 Dec 2008 1,332 ...HR --- "C:\Documents and Settings\jean\Application Data\SecuROM\UserData\securom_v7_01.bak"
[b]Finished![/b]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 déc. 2008 à 19:14
15 déc. 2008 à 19:14
remets un rapport hijakhcits