Aller au contenu

JLM33

Membres
  • Compteur de contenus

    8
  • Inscription

  • Dernière visite

JLM33's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. OK ça marche, MERCI à vous tous
  2. Merci oGu et Desch. Je n'ai pas le mail que vous citez dans ma boite Thunderbird. Si je l'ai reçu, il a été mis automatiquement dans les indésirables qui sont systématiquement effacés lorsque je quitte Thunderbird. Pourtant malgré ça Avira me le signale toujours.
  3. Bonjour, Avira me signale une infection par PHISH/Paypalfraud.1, que je n'arrive pas à éradiquer. Ci-dessous les rapports d'Avira et HJT. Que puis-je faire ? Merci beaucoup pour votre aide. Avira AntiVir Personal Report file date: mardi 13 mai 2008 09:39 Scanning for 1262804 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PROGRÉCIF Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 12:24:37 AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 12:24:37 LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 12:24:37 LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 12:24:37 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 05:30:08 ANTIVIR3.VDF : 7.0.4.28 148992 Bytes 13/05/2008 07:34:25 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 12:24:38 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 19:37:57 AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 10:17:07 AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 22:16:52 AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 22:16:36 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 12:19:25 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 19:37:53 AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 12:19:20 AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 10:17:06 AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 10:17:04 AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 10:17:00 AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 12:24:37 AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 12:24:37 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 12:24:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 12:24:36 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 12:24:36 SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 12:24:37 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 12:24:37 NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 12:24:37 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 12:24:14 RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 12:24:15 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mardi 13 mai 2008 09:39 Starting search for hidden objects. '45904' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'cmdagent.exe' - '1' Module(s) have been scanned Scan process 'cfp.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 31 processes with 31 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' <Prog' Récif> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\HP_Propriétaire\Application Data\Thunderbird\Profiles\e46610lw.default\Mail\Local Folders\Inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[Message-ID: <dl9Bg9-1AI06K-82@cpanel.error> ][From: "support@membernotifier.com" <support@membernot][subject: Alert Regarding Your Paypal Account]3050.mim [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Paypalfraud.1 [WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: mardi 13 mai 2008 10:32 Used time: 52:59 min The scan has been done completely. 9185 Scanning directories 586603 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 586602 Files not concerned 37122 Archives were scanned 3 Warnings 0 Notes 45904 Objects were scanned with rootkit scan 0 Hidden objects were found Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:15:40, on 13/05/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O18 - Filter: AutorunsDisabled - (no CLSID) - (no file) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- End of file - 6440 bytes
  4. Hourra ! Les test effectués avec Avira et Ewido sont positifs. Un grand MERCI à toi pour m'avoir apporté ton aide
  5. Je n'arrive pas à désinstaller ComboFix : message "Windows ne trouve pas ComboFix. Vérifiez que vous avez entré le nom correctement et essayez à nouveau." Pourtant, il est bien sur mon bureau... Puis-je le supprimer par clic-droit et faire ce que tu m'as dit ensuite ?
  6. OK, revoici les rapports : 1/ il y a deux rapports combofix 2/ impossible d'avoir un rapport pour ewido malgré deux tentatives (le bouton était grisé, inactif). Ewido n'a rien détecté du tout les deux fois. Combofix (1/2) : ComboFix 07-08-09.3 - "HP_Propri‚taire" 2008-03-27 15:37:36.3 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.497 [GMT 1:00] Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\mbxmqlkl.ini C:\WINDOWS\system32\enmjvcdx.ini ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\temp C:\WINDOWS\system32\enmjvcdx.ini C:\WINDOWS\system32\mbxmqlkl.ini ((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))) 2008-03-27 15:37 51,200 --a------ C:\WINDOWS\nircmd.exe 2008-03-27 11:33 <REP> d-------- C:\Program Files\Avira 2008-03-27 11:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira 2008-03-27 00:11 <REP> d-------- C:\Program Files\MSXML 4.0 2008-03-26 23:58 <REP> d--h----- C:\WINDOWS\$hf_mig$ (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-03-27 12:58 --------- d-------- C:\Program Files\Mozilla Thunderbird 2008-03-27 12:18 --------- d-------- C:\Program Files\Paint Shop Pro 8 2008-03-27 11:23 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\OpenOffice.org2 2008-03-27 11:04 --------- d-------- C:\Program Files\Avast4 2008-03-27 10:27 --------- d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\SolidDocuments 2008-03-24 03:18 719480 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-24 03:18 173964 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-02-21 16:43 --------- d-------- C:\Program Files\POI Mixer 2008-02-21 16:36 --------- d-------- C:\Program Files\DivX 2008-02-17 14:02 --------- d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-02 18:38 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2008-01-09 12:18 524288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-01-09 12:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 12:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-01-09 12:18 129784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-09 12:18 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-01-09 12:18 118520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-01-09 12:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-01-09 12:16 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 12:16 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 12:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-01-09 12:16 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 12:16 682496 --a------ C:\WINDOWS\system32\DivX.dll 2008-01-09 12:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2005-09-25 19:05:34 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17] "mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22] "SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 C:\WINDOWS\SOUNDMAN.EXE] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-27 11:36] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 19:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56] UberIcon.lnk - C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe [2005-08-12 20:52:34] Y'z Shadow.lnk - C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe [2002-09-30 21:09:06] Y'z ToolBar.lnk - C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"=01000000 "ClearRecentDocsOnExit"=1 (0x1) "NoLogoff"=0 (0x0) "NoRecentDocsNetHood"=01000000 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] C:\Program Files\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL] IMOLApp.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN] C:\Program Files\TweakDUN\tweakdun.exe splash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "iPodService"=3 (0x3) "Fax"=3 (0x3) R1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys R3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS R3 USB_RNDIS;ADI Remote NDIS Network Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE26bus.sys S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE26mdm.sys S3 SE26mgmt;Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys S3 se26nd5;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS);C:\WINDOWS\system32\DRIVERS\se26nd5.sys S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE26obex.sys S3 se26unic;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM);C:\WINDOWS\system32\DRIVERS\se26unic.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}] AutoRun\command- G:\InstallTomTomHOME.exe *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB Contents of the 'Scheduled Tasks' folder 2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe 2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 15:38:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2008-03-27 15:39:31 C:\ComboFix-quarantined-files.txt ... 2008-03-27 15:39 --- E O F --- Combofix (2/2) : 2008-03-26 09:39 1580078 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\enmjvcdx.ini.vir 2008-03-26 12:46 1580198 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mbxmqlkl.ini.vir Structure du dossier pour le volume Prog' R‚cif Le num‚ro de s‚rie du volume est 94F9-F819 C:\QOOBOX \---Quarantine +---C | \---WINDOWS | \---system32 | enmjvcdx.ini.vir | mbxmqlkl.ini.vir | \---Registry_backups Avira : AntiVir PersonalEdition Classic Report file date: jeudi 27 mars 2008 17:11 Scanning for 1168332 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: HP_Propriétaire Computer name: PROGRÉCIF Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45 ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 10:36:45 ANTIVIR3.VDF : 7.0.3.82 107520 Bytes 27/03/2008 10:36:45 AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 10:36:45 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 10:36:45 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 27 mars 2008 17:11 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'Shareaza.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'ps2.EXE' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' <Prog' Récif> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: jeudi 27 mars 2008 18:05 Used time: 53:25 min The scan has been done completely. 8686 Scanning directories 563485 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 563485 Files not concerned 28697 Archives were scanned 3 Warnings 0 Notes HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:48, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\SOUNDMAN.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Shareaza\Shareaza.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- End of file - 8059 bytes
  7. Merci pour ton aide. J'ai fait la procédure intégralement et dans l'ordre, "apparemment" plus de Win32/TratBHO par contre TR/Trash.Gen et Takedawnload.a découverts. Voici les 4 rapports demandés : 1/Combofix : ComboFix 08-03-25.4 - HP_Propriétaire 2008-03-27 10:03:14.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.591 [GMT 1:00] Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))))))) . 2008-03-27 09:41 . 2008-03-27 09:41 <REP> d-------- C:\WINDOWS\LastGood 2008-03-27 00:11 . 2008-03-27 00:11 <REP> d-------- C:\Program Files\MSXML 4.0 2008-03-27 00:11 . 2008-03-27 00:11 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-03-26 23:58 . 2008-03-27 09:44 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-03-26 09:42 . 2008-03-26 12:46 1,580,198 ---hs---- C:\WINDOWS\system32\mbxmqlkl.ini 2008-03-25 09:39 . 2008-03-26 09:39 1,580,078 ---hs---- C:\WINDOWS\system32\enmjvcdx.ini 2008-03-24 03:19 . 2008-03-24 03:19 <REP> d-------- C:\temp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-27 08:59 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\utorrent 2008-03-27 08:49 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-03-27 08:40 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\OpenOffice.org2 2008-03-26 22:19 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\SolidDocuments 2008-02-21 15:43 --------- d-----w C:\Program Files\POI Mixer 2008-02-21 15:36 --------- d-----w C:\Program Files\DivX 2008-02-17 13:02 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-02-02 17:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-09 11:18 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-09 11:18 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-31 11:20 14 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat 2007-12-31 11:20 14 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat 2005-09-25 19:05 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ------- Sigcheck ------- 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 02:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll 2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll 2007-04-18 13:32 663040 ca6f58031096fc2509c57670129469f7 C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2gdr\wininet.dll 2007-04-18 13:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2qfe\wininet.dll 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\system32\wininet.dll 2007-01-04 14:55 663040 25d38ffa2b441e326850ae4cb67d1a91 C:\WINDOWS\system32\dllcache\wininet.dll 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe 2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-26_23.02.29.07 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-26 23:11:58 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe - 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll - 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll - 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll + 2007-06-11 22:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll - 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll + 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll - 2006-11-04 13:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll + 2007-05-08 14:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll - 2004-08-19 14:09:38 553,472 ------w C:\WINDOWS\system32\oleaut32.dll + 2007-12-04 18:41:36 550,912 ------w C:\WINDOWS\system32\oleaut32.dll + 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll + 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll - 2006-10-18 19:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll + 2007-06-11 22:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll - 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll - 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll - 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-03-27 08:39:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_208.dat + 2007-05-08 14:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64BDFD2-7DC9-493A-94F2-928604F2AF8D}] C:\WINDOWS\system32\geebx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-11 13:08 219952] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05 4354048] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21 1204224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112] "mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22 389632] "SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 90112 C:\WINDOWS\SOUNDMAN.EXE] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 15:09 138240] C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216] UberIcon.lnk - C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe [2005-08-12 20:52:34 180224] Y'z Shadow.lnk - C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe [2002-09-30 21:09:06 151552] Y'z ToolBar.lnk - C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"= 01000000 "NoLogoff"= 0 (0x0) "NoRecentDocsNetHood"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32] msldr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkj] rqromkj.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a--c--- 2005-02-18 21:32 2754560 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] --a------ 2005-01-19 16:34 128000 C:\Program Files\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-07-20 19:20 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN] --a------ 2001-09-19 23:29 720896 C:\Program Files\TweakDUN\tweakdun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "iPodService"=3 (0x3) "Fax"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26569:TCP"= 26569:TCP:eMule : TCP entrant "6224:UDP"= 6224:UDP:eMule : UDP entrant "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6346:TCP"= 6346:TCP:Shareaza tcp "6346:UDP"= 6346:UDP:Shareaza udp "25566:TCP"= 25566:TCP:uTorrent TCP "25566:UDP"= 25566:UDP:uTorrent udp R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-04-13 09:00] R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 19:54] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-27 10:04:54 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon.dll . Temps d'accomplissement: 2008-03-27 10:05:13 ComboFix-quarantined-files.txt 2008-03-27 09:05:11 . 2008-03-26 23:11:58 --- E O F --- 2/ Ewido : __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Not-A-Virus.PUP.Takedawnload.a Path: C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP501\A0137236.exe Risk: Low 3/ Avira : AntiVir PersonalEdition Classic Report file date: jeudi 27 mars 2008 11:40 Scanning for 1168332 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: HP_Propriétaire Computer name: PROGRÉCIF Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:36:45 ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 10:36:45 ANTIVIR3.VDF : 7.0.3.82 107520 Bytes 27/03/2008 10:36:45 AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 10:36:45 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 10:36:45 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 27 mars 2008 11:40 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'YzToolBar.exe' - '1' Module(s) have been scanned Scan process 'YzShadow.exe' - '1' Module(s) have been scanned Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'Shareaza.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'ps2.EXE' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 40 processes with 40 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' <Prog' Récif> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\C\WINDOWS\system32\rqromkj.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '485d8388.qua'! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: jeudi 27 mars 2008 12:35 Used time: 55:08 min The scan has been done completely. 8761 Scanning directories 564188 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 564187 Files not concerned 28704 Archives were scanned 3 Warnings 0 Notes 4/ HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:40:30, on 27/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\program files\a-squared free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\SOUNDMAN.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Shareaza\Shareaza.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E64BDFD2-7DC9-493A-94F2-928604F2AF8D} - C:\WINDOWS\system32\geebx.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing) O20 - Winlogon Notify: rqromkj - rqromkj.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- End of file - 8462 bytes
  8. Bonsoir, Avast! a détecté une infection de ma bécane par Win32:TratBHO, ce qui m'a fait supprimer quelques .dll. Malheureusement un second scan a montré que ce virus est toujours présent ! Voici les rapports HijackThis et ComboFix. Merci beaucoup pour votre aide à me débarrasser du virus. 1/ComboFix : ComboFix 08-03-25.4 - HP_Propriétaire 2008-03-26 22:56:16.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.581 [GMT 1:00] Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nnnnmkk.dll C:\WINDOWS\system32\pmnlklk.dll C:\WINDOWS\system32\pmnmnop.dll C:\WINDOWS\system32\rqromkj.dll C:\WINDOWS\system32\xbeeg.ini C:\WINDOWS\system32\xbeeg.ini2 D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))))))) . 2008-03-26 09:42 . 2008-03-26 12:46 1,580,198 ---hs---- C:\WINDOWS\system32\mbxmqlkl.ini 2008-03-25 09:39 . 2008-03-26 09:39 1,580,078 ---hs---- C:\WINDOWS\system32\enmjvcdx.ini 2008-03-24 03:19 . 2008-03-24 03:19 <REP> d-------- C:\temp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-26 18:43 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-21 15:43 --------- d-----w C:\Program Files\POI Mixer 2008-02-21 15:36 --------- d-----w C:\Program Files\DivX 2008-02-17 13:02 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-02-02 17:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2005-09-25 19:05 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ------- Sigcheck ------- 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-04-18 13:32 663040 ca6f58031096fc2509c57670129469f7 C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2gdr\wininet.dll 2007-04-18 13:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\SoftwareDistribution\Download\dbff4090d49b72fc9ddd97462ff51904\sp2qfe\wininet.dll 2007-01-04 14:55 1222656 d7480f073b70efc3ac82a8e02dea4937 C:\WINDOWS\system32\wininet.dll 2007-01-04 14:55 663040 25d38ffa2b441e326850ae4cb67d1a91 C:\WINDOWS\system32\dllcache\wininet.dll 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2007-11-26 12:17 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\TCPIP.SYS 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\explorer.exe 2004-08-19 15:09 1884672 2fb4f2728b5011fb7b1d62c2a23bc8b0 C:\WINDOWS\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64BDFD2-7DC9-493A-94F2-928604F2AF8D}] C:\WINDOWS\system32\geebx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-11 13:08 219952] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05 4354048] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21 1204224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112] "mspd"="C:\WINDOWS\system32\mspd.exe" [2003-08-27 21:22 389632] "SoundMan"="SOUNDMAN.EXE" [2005-02-21 21:49 90112 C:\WINDOWS\SOUNDMAN.EXE] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "avast!"="C:\Program Files\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 15:09 138240] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoUserNameInStartMenu"= 01000000 "NoLogoff"= 0 (0x0) "NoRecentDocsNetHood"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32] msldr32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqromkj] rqromkj.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a--c--- 2005-02-18 21:32 2754560 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP] --a------ 2005-01-19 16:34 128000 C:\Program Files\CursorXP\CursorXP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] --a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMOL] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-07-20 19:20 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2006-11-24 00:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN] --a------ 2001-09-19 23:29 720896 C:\Program Files\TweakDUN\tweakdun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "iPodService"=3 (0x3) "Fax"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26569:TCP"= 26569:TCP:eMule : TCP entrant "6224:UDP"= 6224:UDP:eMule : UDP entrant "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6346:TCP"= 6346:TCP:Shareaza tcp "6346:UDP"= 6346:UDP:Shareaza udp "25566:TCP"= 25566:TCP:uTorrent TCP "25566:UDP"= 25566:UDP:uTorrent udp R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [1998-04-13 09:00] R3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 19:54] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3c6130e-e2ee-11dc-bb44-00604c89e097}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-27 08:40:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-10-08 07:40:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-26 22:59:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\Ati2evxx.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN 2/HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:05:03, on 26/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\SOUNDMAN.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E64BDFD2-7DC9-493A-94F2-928604F2AF8D} - C:\WINDOWS\system32\geebx.dll (file missing) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mspd] C:\WINDOWS\system32\mspd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [avast!] "C:\Program Files\Avast4\ashDisp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\Vista Inspirat\YzToolbar\YzToolBar.exe O8 - Extra context menu item: Chercher avec Copernic 2001 - C:\Program Files\Copernic 2001 Pro\Search Extension.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistreur Vidéo Internet : rechercher des streams vidéo - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs O8 - Extra context menu item: Ouvrir avec Enregistreur Vidéo Internet - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\anchor.vbs O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Enregistreur Vidéo Internet : rechercher des streams vidéo - {211718FB-416D-44F4-B9BA-F07DCC36CC72} - file://C:\Program%20Files\DATA%20BECKER\Enregistreur%20Vid%E9o%20Internet\scan.vbs (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{03E10338-D64C-4205-A921-F86DC07FC2D5}: NameServer = 192.168.1.1 O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing) O20 - Winlogon Notify: rqromkj - rqromkj.dll (file missing) O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe --
×
×
  • Créer...