Aller au contenu

ginangelheart

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    7

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par ginangelheart

  1. ginangelheart
    Pour avast, je ne peux pas le supprimer car c'est un copain qui me l'a installé et je n'ai pas de cd d'install. rapport antivir AntiVir PersonalEdition Classic Report file date: jeudi 17 avril 2008 10:01 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Admin Computer name: XPSP2-F50B6F7C3 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: jeudi 17 avril 2008 10:01 Starting search for hidden objects. '28927' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'IMApp.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'emule.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'lxcrcoms.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ezprint.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'carpserv.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 44 processes with 44 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' <WINDOWS> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Admin\Bureau\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 327882R2FWJFW\NirCmdC.cfexe [DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D --> 327882R2FWJFW\psexec.cfexe [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 --> 327882R2FWJFW\pv.cfexe [DETECTION] Contains detection pattern of the SPR/Tool.PV program [iNFO] The file was moved to '48740488.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: jeudi 17 avril 2008 10:16 Used time: 15:39 min The scan has been done completely. 4147 Scanning directories 113661 Files were scanned 3 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 113658 Files not concerned 1792 Archives were scanned 4 Warnings 0 Notes 28927 Objects were scanned with rootkit scan 0 Hidden objects were found
  2. ginangelheart
    rapport combofix ComboFix 08-04-15.8 - Admin 2008-04-16 20:07:00.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.419 [GMT 2:00] Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Admin\Bureau\dossier important\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\E.tmp . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\eoRezo C:\Program Files\eoRezo\cmhost.cyp C:\Program Files\eoRezo\EoAdv\eoAdv.url C:\Program Files\eoRezo\EoAdv\EoRezoBho.old C:\Program Files\eoRezo\EoRezoImg_7.dll C:\Program Files\eoRezo\EoRezoTools_7.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Service_MEMSWEEP2 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))))))) . 2008-04-16 14:26 . 2008-04-16 14:27 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-04-15 14:22 . 2008-04-15 14:22 <REP> dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM 2008-04-15 14:22 . 2008-04-15 14:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-04-15 13:51 . 2008-04-15 13:51 <REP> d-------- C:\Funsta 2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Program Files\Avira 2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-14 22:09 . 2008-04-14 22:09 250 --a------ C:\WINDOWS\gmer.ini 2008-04-13 13:28 . 2008-04-13 13:28 <REP> d-------- C:\Program Files\Sophos 2008-04-13 12:35 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-04-12 09:25 . 2008-04-12 09:25 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-06 17:00 . 2008-04-06 17:00 38,280 --a------ C:\WINDOWS\macromix.dll 2008-04-06 17:00 . 2008-04-06 17:00 30,544 --a------ C:\WINDOWS\dirdib.drv 2008-04-06 17:00 . 2008-04-06 17:12 18 --a------ C:\WINDOWS\system\maxime.toy 2008-04-06 17:00 . 2008-04-06 17:00 6 --a------ C:\WINDOWS\system\toyland.nam 2008-04-06 16:15 . 2008-04-06 16:15 <REP> d-------- C:\WINDOWS\system32\Adobe 2008-04-06 16:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-06 16:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-05 23:29 . 2008-04-06 12:19 <REP> d-------- C:\Program Files\iWin.com 2008-04-05 22:41 . 2008-04-05 22:41 <REP> d-------- C:\Documents and Settings\Admin\Application Data\iWinArcade 2008-04-05 22:40 . 2008-04-06 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-04-03 14:04 . 2008-04-06 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2 2008-04-02 17:46 . 2008-04-04 14:29 <REP> d-------- C:\Program Files\Fashion Solitaire 2008-04-02 17:35 . 2008-04-03 15:10 <REP> d-------- C:\Program Files\Kitty Luv 2008-04-02 17:35 . 2008-04-05 15:46 <REP> d-------- C:\Program Files\Doggie Dash 2008-04-01 20:46 . 2008-04-02 16:30 <REP> d-------- C:\Program Files\Fashion Craze 2008-04-01 10:47 . 2008-04-01 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Runic 2008-03-30 13:35 . 2008-04-05 09:01 <REP> d-------- C:\Program Files\Runic 2008-03-27 17:10 . 2008-03-28 10:19 <REP> d-------- C:\Program Files\Microsoft SQL Server 2008-03-27 16:24 . 2008-03-27 16:24 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared 2008-03-27 15:59 . 2008-03-28 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-26 21:03 . 2005-09-27 15:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2008-03-26 21:03 . 2006-11-10 11:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll 2008-03-26 21:03 . 2005-03-11 18:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll 2008-03-26 20:45 . 2008-03-28 10:22 <REP> d-------- C:\Program Files\BoontyGames 2008-03-26 20:45 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Boonty 2008-03-23 22:44 . 2008-03-23 23:14 9,216 --ahs---- C:\WINDOWS\Thumbs.db 2008-03-22 19:31 . 2008-03-22 19:31 <REP> d-------- C:\Program Files\orange 2008-03-19 18:31 . 2008-03-19 18:31 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-03-19 14:34 . 2008-03-19 14:34 <REP> d-------- C:\My Download Files 2008-03-19 14:15 . 2008-03-19 14:15 774,144 --a------ C:\Program Files\RngInterstitial.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-16 18:10 --------- d-----w C:\Program Files\eMule 2008-04-16 09:57 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2 2008-04-15 08:42 --------- d-----w C:\Program Files\lx_cats 2008-04-06 10:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-02 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-02 16:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\PlayFirst 2008-04-01 08:47 --------- d-----w C:\Program Files\Zylom Games 2008-04-01 08:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\Zylom 2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 17:35 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 17:29 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 17:26 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 17:23 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr 2008-03-28 11:14 --------- d-----w C:\Program Files\Windows Live 2008-03-28 11:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\EoRezo 2008-03-28 11:12 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-03-23 20:44 --------- d-----w C:\Program Files\PC Inspector File Recovery 2008-03-23 20:44 --------- d-----w C:\Program Files\ma-config.com 2008-03-23 20:44 --------- d-----w C:\Program Files\FireTune 2008-03-22 09:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-19 15:41 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-19 12:15 --------- d-----w C:\Program Files\Real 2008-03-19 11:11 --------- d-----w C:\Program Files\BFG 2008-03-16 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-12 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-03-12 10:15 0 ----a-w C:\Program Files\temp01 2008-03-12 10:15 --------- d-----w C:\Program Files\bfgclient 2008-03-12 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2008-03-11 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2008-03-09 15:23 --------- d-----w C:\Program Files\Magic Match The Genies Journey 2008-03-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\SEGA 2008-03-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames 2008-03-06 08:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-03-06 08:25 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-03-06 08:25 --------- d-----w C:\Program Files\OpenAL 2008-03-02 13:24 --------- d-----w C:\Documents and Settings\Admin\Application Data\Gamelab 2008-03-01 17:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Total Eclipse 2008-02-22 20:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-20 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet 2008-01-23 11:44 8,464 -c--a-w C:\WINDOWS\system32\sporder.dll 2008-01-23 11:26 107,132 -c--a-w C:\WINDOWS\UninstallThunderbird.exe 2008-01-23 11:25 107,132 -c--a-w C:\WINDOWS\UninstallFirefox.exe 2008-01-23 11:20 737,280 -c--a-w C:\WINDOWS\iun6002.exe 2008-01-19 12:53 21,361 -c--a-w C:\WINDOWS\AegisP.sys 2008-01-17 18:55 745,547 -c--a-w C:\WINDOWS\system32\Magentic Screensaver.scr . ------- Sigcheck ------- 2005-07-26 15:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll 2005-10-12 10:25 662528 a2dd7ec3ac1ead13f65e2898fcabbd1a C:\WINDOWS\system32\wininet.dll 2005-09-18 12:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys 2005-10-12 10:33 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe 2005-07-26 15:01 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe 2005-07-26 15:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-12-19 18:16 200747] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 20:55 475180] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024] "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21 4857856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "CARPService"="carpserv.exe" [2003-03-19 15:00 4608 C:\WINDOWS\system32\carpserv.exe] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824] "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 19:45 286720] "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 07:10 98304] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 10:11 290816] "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 20:38 65536] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 11:24 341] "nlsf"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "C:\\Program Files\\Magentic\\bin\\MgApp.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 15:45] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-07-22 12:14] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-03-27 16:24] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-11 15:27:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-16 20:10:49 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-16 20:13:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-16 18:13:08 ComboFix2.txt 2008-04-16 15:23:31 Pre-Run: 9,139,961,856 octets libres Post-Run: 9,084,354,560 octets libres Rapport HJT Logfile of HijackThis v1.99.1 Scan saved at 20:14:05, on 16/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe C:\Program Files\eMule\emule.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Admin\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3842F0-7756-483F-8769-C15D6D4EBE4C}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  3. ginangelheart
    Pour Angélique rapport combo : ComboFix 08-04-15.4 - Admin 2008-04-16 17:21:43.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.473 [GMT 2:00] Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))))))) . 2008-04-16 14:26 . 2008-04-16 14:27 <REP> d-------- C:\WINDOWS\system32\NtmsData 2008-04-15 14:22 . 2008-04-15 14:22 <REP> dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM 2008-04-15 14:22 . 2008-04-15 14:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-04-15 13:51 . 2008-04-15 13:51 <REP> d-------- C:\Funsta 2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Program Files\Avira 2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-14 22:09 . 2008-04-14 22:09 250 --a------ C:\WINDOWS\gmer.ini 2008-04-13 13:28 . 2008-04-13 13:28 <REP> d-------- C:\Program Files\Sophos 2008-04-13 12:35 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-04-12 09:25 . 2008-04-12 09:25 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-06 17:00 . 2008-04-06 17:00 38,280 --a------ C:\WINDOWS\macromix.dll 2008-04-06 17:00 . 2008-04-06 17:00 30,544 --a------ C:\WINDOWS\dirdib.drv 2008-04-06 17:00 . 2008-04-06 17:12 18 --a------ C:\WINDOWS\system\maxime.toy 2008-04-06 17:00 . 2008-04-06 17:00 6 --a------ C:\WINDOWS\system\toyland.nam 2008-04-06 16:15 . 2008-04-06 16:15 <REP> d-------- C:\WINDOWS\system32\Adobe 2008-04-06 16:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-06 16:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-05 23:29 . 2008-04-06 12:19 <REP> d-------- C:\Program Files\iWin.com 2008-04-05 22:41 . 2008-04-05 22:41 <REP> d-------- C:\Documents and Settings\Admin\Application Data\iWinArcade 2008-04-05 22:40 . 2008-04-06 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-04-03 14:04 . 2008-04-06 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2 2008-04-02 17:46 . 2008-04-04 14:29 <REP> d-------- C:\Program Files\Fashion Solitaire 2008-04-02 17:35 . 2008-04-03 15:10 <REP> d-------- C:\Program Files\Kitty Luv 2008-04-02 17:35 . 2008-04-05 15:46 <REP> d-------- C:\Program Files\Doggie Dash 2008-04-01 20:46 . 2008-04-02 16:30 <REP> d-------- C:\Program Files\Fashion Craze 2008-04-01 10:47 . 2008-04-01 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Runic 2008-03-30 13:35 . 2008-04-05 09:01 <REP> d-------- C:\Program Files\Runic 2008-03-27 17:10 . 2008-03-28 10:19 <REP> d-------- C:\Program Files\Microsoft SQL Server 2008-03-27 16:24 . 2008-03-27 16:24 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared 2008-03-27 15:59 . 2008-03-28 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-26 21:03 . 2005-09-27 15:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2008-03-26 21:03 . 2006-11-10 11:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll 2008-03-26 21:03 . 2005-03-11 18:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll 2008-03-26 20:45 . 2008-03-28 10:22 <REP> d-------- C:\Program Files\BoontyGames 2008-03-26 20:45 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Boonty 2008-03-23 22:44 . 2008-03-23 23:14 9,216 --ahs---- C:\WINDOWS\Thumbs.db 2008-03-22 19:31 . 2008-03-22 19:31 <REP> d-------- C:\Program Files\orange 2008-03-19 18:31 . 2008-03-19 18:31 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-03-19 14:34 . 2008-03-19 14:34 <REP> d-------- C:\My Download Files 2008-03-19 14:15 . 2008-03-19 14:15 774,144 --a------ C:\Program Files\RngInterstitial.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-16 09:57 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2 2008-04-16 09:48 --------- d-----w C:\Program Files\eMule 2008-04-15 08:42 --------- d-----w C:\Program Files\lx_cats 2008-04-06 10:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-02 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-02 16:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\PlayFirst 2008-04-01 08:47 --------- d-----w C:\Program Files\Zylom Games 2008-04-01 08:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\Zylom 2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 17:35 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 17:29 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 17:26 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 17:23 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr 2008-03-28 11:14 --------- d-----w C:\Program Files\Windows Live 2008-03-28 11:14 --------- d-----w C:\Program Files\eoRezo 2008-03-28 11:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\EoRezo 2008-03-28 11:12 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-03-23 20:44 --------- d-----w C:\Program Files\PC Inspector File Recovery 2008-03-23 20:44 --------- d-----w C:\Program Files\ma-config.com 2008-03-23 20:44 --------- d-----w C:\Program Files\FireTune 2008-03-22 09:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-19 15:41 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-19 12:15 --------- d-----w C:\Program Files\Real 2008-03-19 11:11 --------- d-----w C:\Program Files\BFG 2008-03-16 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-12 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-03-12 10:15 0 ----a-w C:\Program Files\temp01 2008-03-12 10:15 --------- d-----w C:\Program Files\bfgclient 2008-03-12 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2008-03-11 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2008-03-09 15:23 --------- d-----w C:\Program Files\Magic Match The Genies Journey 2008-03-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\SEGA 2008-03-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames 2008-03-06 08:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-03-06 08:25 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-03-06 08:25 --------- d-----w C:\Program Files\OpenAL 2008-03-02 13:24 --------- d-----w C:\Documents and Settings\Admin\Application Data\Gamelab 2008-03-01 17:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Total Eclipse 2008-02-22 20:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-20 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet 2008-01-23 11:44 8,464 -c--a-w C:\WINDOWS\system32\sporder.dll 2008-01-23 11:26 107,132 -c--a-w C:\WINDOWS\UninstallThunderbird.exe 2008-01-23 11:25 107,132 -c--a-w C:\WINDOWS\UninstallFirefox.exe 2008-01-23 11:20 737,280 -c--a-w C:\WINDOWS\iun6002.exe 2008-01-19 12:53 21,361 -c--a-w C:\WINDOWS\AegisP.sys 2008-01-17 18:55 745,547 -c--a-w C:\WINDOWS\system32\Magentic Screensaver.scr . ------- Sigcheck ------- 2005-07-26 15:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll 2005-10-12 10:25 662528 a2dd7ec3ac1ead13f65e2898fcabbd1a C:\WINDOWS\system32\wininet.dll 2005-09-18 12:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys 2005-10-12 10:33 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe 2005-07-26 15:01 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe 2005-07-26 15:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-16_11.36.57.17 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-16 09:32:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-16 09:47:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-16 09:47:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_76c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-12-19 18:16 200747] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 20:55 475180] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024] "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21 4857856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "CARPService"="carpserv.exe" [2003-03-19 15:00 4608 C:\WINDOWS\system32\carpserv.exe] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824] "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 19:45 286720] "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 07:10 98304] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 10:11 290816] "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 20:38 65536] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328] "EoEngine"="" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 11:24 341] "nlsf"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544] C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\ BoontyBox 01net.lnk - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe [2008-03-26 21:03:28 902712] OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 18:01:20 61440] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423] Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 15:04:48 176128] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "C:\\Program Files\\Magentic\\bin\\MgApp.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 15:45] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-07-22 12:14] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-03-27 16:24] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\E.tmp [] *Newly Created Service* - NTMSSVC . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-11 15:27:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-16 17:22:52 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\C:\WINDOWS\system32\E.tmp" . Temps d'accomplissement: 2008-04-16 17:23:30 ComboFix-quarantined-files.txt 2008-04-16 15:23:26 ComboFix2.txt 2008-04-16 09:37:12 Pre-Run: 8,594,153,472 octets libres Post-Run: 8,584,388,608 octets libres Rapport HJT Logfile of HijackThis v1.99.1 Scan saved at 17:24:09, on 16/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe C:\Program Files\eMule\emule.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\PROGRA~1\INCRED~1\bin\IncMail.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Admin\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip\..\{960EE8BE-9717-4577-A312-3D755AB3D525}: NameServer = 217.169.242.2 217.169.242.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3842F0-7756-483F-8769-C15D6D4EBE4C}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  4. ginangelheart
    pour Angélique rapport combofix ComboFix 08-04-15.4 - Admin 2008-04-16 11:29:29.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.628 [GMT 2:00] Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\newdotnet C:\Program Files\newdotnet\readme.txt C:\WINDOWS\ntvdn.dll C:\WINDOWS\system32\config\47228506.Evt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3550P -------\Service_asc3550p ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))))))) . 2008-04-15 14:22 . 2008-04-15 14:22 <REP> dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM 2008-04-15 14:22 . 2008-04-15 14:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-04-15 13:51 . 2008-04-15 13:51 <REP> d-------- C:\Funsta 2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Program Files\Avira 2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-14 22:09 . 2008-04-14 22:09 250 --a------ C:\WINDOWS\gmer.ini 2008-04-13 13:28 . 2008-04-13 13:28 <REP> d-------- C:\Program Files\Sophos 2008-04-13 12:35 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-04-12 09:25 . 2008-04-12 09:25 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-04-06 17:00 . 2008-04-06 17:00 38,280 --a------ C:\WINDOWS\macromix.dll 2008-04-06 17:00 . 2008-04-06 17:00 30,544 --a------ C:\WINDOWS\dirdib.drv 2008-04-06 17:00 . 2008-04-06 17:12 18 --a------ C:\WINDOWS\system\maxime.toy 2008-04-06 17:00 . 2008-04-06 17:00 6 --a------ C:\WINDOWS\system\toyland.nam 2008-04-06 16:15 . 2008-04-06 16:15 <REP> d-------- C:\WINDOWS\system32\Adobe 2008-04-06 16:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-04-06 16:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-04-05 23:29 . 2008-04-06 12:19 <REP> d-------- C:\Program Files\iWin.com 2008-04-05 22:41 . 2008-04-05 22:41 <REP> d-------- C:\Documents and Settings\Admin\Application Data\iWinArcade 2008-04-05 22:40 . 2008-04-06 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-04-03 14:04 . 2008-04-06 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2 2008-04-02 17:46 . 2008-04-04 14:29 <REP> d-------- C:\Program Files\Fashion Solitaire 2008-04-02 17:35 . 2008-04-03 15:10 <REP> d-------- C:\Program Files\Kitty Luv 2008-04-02 17:35 . 2008-04-05 15:46 <REP> d-------- C:\Program Files\Doggie Dash 2008-04-01 20:46 . 2008-04-02 16:30 <REP> d-------- C:\Program Files\Fashion Craze 2008-04-01 10:47 . 2008-04-01 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Runic 2008-03-30 13:35 . 2008-04-05 09:01 <REP> d-------- C:\Program Files\Runic 2008-03-27 17:10 . 2008-03-28 10:19 <REP> d-------- C:\Program Files\Microsoft SQL Server 2008-03-27 16:24 . 2008-03-27 16:24 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared 2008-03-27 15:59 . 2008-03-28 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-26 21:03 . 2005-09-27 15:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2008-03-26 21:03 . 2006-11-10 11:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll 2008-03-26 21:03 . 2005-03-11 18:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll 2008-03-26 20:45 . 2008-03-28 10:22 <REP> d-------- C:\Program Files\BoontyGames 2008-03-26 20:45 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Boonty 2008-03-23 22:44 . 2008-03-23 23:14 9,216 --ahs---- C:\WINDOWS\Thumbs.db 2008-03-22 19:31 . 2008-03-22 19:31 <REP> d-------- C:\Program Files\orange 2008-03-19 18:31 . 2008-03-19 18:31 <REP> d-------- C:\Program Files\ReflexiveArcade 2008-03-19 14:34 . 2008-03-19 14:34 <REP> d-------- C:\My Download Files 2008-03-19 14:15 . 2008-03-19 14:15 774,144 --a------ C:\Program Files\RngInterstitial.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-16 09:34 --------- d-----w C:\Program Files\eMule 2008-04-15 11:25 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2 2008-04-15 08:42 --------- d-----w C:\Program Files\lx_cats 2008-04-06 10:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-02 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-04-02 16:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\PlayFirst 2008-04-01 08:47 --------- d-----w C:\Program Files\Zylom Games 2008-04-01 08:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\Zylom 2008-03-29 17:35 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 17:29 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 17:26 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-28 11:14 --------- d-----w C:\Program Files\Windows Live 2008-03-28 11:14 --------- d-----w C:\Program Files\eoRezo 2008-03-28 11:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\EoRezo 2008-03-28 11:12 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-03-23 20:44 --------- d-----w C:\Program Files\PC Inspector File Recovery 2008-03-23 20:44 --------- d-----w C:\Program Files\ma-config.com 2008-03-23 20:44 --------- d-----w C:\Program Files\FireTune 2008-03-22 09:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-03-19 15:41 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-19 12:15 --------- d-----w C:\Program Files\Real 2008-03-19 11:11 --------- d-----w C:\Program Files\BFG 2008-03-16 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-12 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-03-12 10:15 0 ----a-w C:\Program Files\temp01 2008-03-12 10:15 --------- d-----w C:\Program Files\bfgclient 2008-03-12 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2008-03-11 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2008-03-09 15:23 --------- d-----w C:\Program Files\Magic Match The Genies Journey 2008-03-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\SEGA 2008-03-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames 2008-03-06 08:25 --------- d-----w C:\Program Files\OpenAL 2008-03-02 13:24 --------- d-----w C:\Documents and Settings\Admin\Application Data\Gamelab 2008-03-01 17:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Total Eclipse 2008-02-22 20:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-20 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet 2008-01-23 11:26 107,132 -c--a-w C:\WINDOWS\UninstallThunderbird.exe 2008-01-23 11:25 107,132 -c--a-w C:\WINDOWS\UninstallFirefox.exe 2008-01-23 11:20 737,280 -c--a-w C:\WINDOWS\iun6002.exe 2008-01-19 12:53 21,361 -c--a-w C:\WINDOWS\AegisP.sys . ------- Sigcheck ------- 2005-07-26 15:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll 2005-10-12 10:25 662528 a2dd7ec3ac1ead13f65e2898fcabbd1a C:\WINDOWS\system32\wininet.dll 2005-09-18 12:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys 2005-10-12 10:33 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe 2005-07-26 15:01 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe 2005-07-26 15:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-12-19 18:16 200747] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 20:55 475180] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024] "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21 4857856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] "CARPService"="carpserv.exe" [2003-03-19 15:00 4608 C:\WINDOWS\system32\carpserv.exe] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824] "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 19:45 286720] "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 07:10 98304] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 10:11 290816] "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 20:38 65536] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328] "EoEngine"="" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 11:24 341] "nlsf"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "C:\\Program Files\\Magentic\\bin\\MgApp.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 15:45] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-07-22 12:14] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-03-27 16:24] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\E.tmp [] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-11 15:27:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-16 11:34:38 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\C:\WINDOWS\system32\E.tmp" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-16 11:37:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-16 09:37:08 Pre-Run: 8,623,329,280 octets libres Post-Run: 8,590,454,784 octets libres
  5. ginangelheart
    pour angélique Je n'arrive pas à éxécuter combofix.exe il me dit qu'il est corrompu
  6. ginangelheart
    réponse pour angélique Voici le rapport de nettoyage BTFix BTFix 1.098 (par bibi26) - 15/04/2008 20:39:36 - Nettoyage - Mode normal Lancé depuis C:\Documents and Settings\Admin\Bureau\BTFix\BTFix\BTFix.exe ---> Fichiers/dossiers supprimés (Première passe) - Fichiers temporaires effacés - C:\WINDOWS\system32\f3PSSavr.scr - C:\Program Files\MyWebSearch\bar\1.bin\ - C:\Program Files\MyWebSearch\bar\Avatar\ - C:\Program Files\MyWebSearch\bar\Cache\ - C:\Program Files\MyWebSearch\bar\Game\ - C:\Program Files\MyWebSearch\bar\History\ - C:\Program Files\MyWebSearch\bar\icons\ - C:\Program Files\MyWebSearch\bar\Message\ - C:\Program Files\MyWebSearch\bar\Notifier\ - C:\Program Files\MyWebSearch\bar\Settings\ - C:\Program Files\MyWebSearch\bar\ - C:\Program Files\MyWebSearch\SrchAstt\1.bin\ - C:\Program Files\MyWebSearch\SrchAstt\ - C:\Program Files\MyWebSearch\ - C:\Program Files\FunWebProducts\ScreenSaver\Images\ - C:\Program Files\FunWebProducts\ScreenSaver\ - C:\Program Files\FunWebProducts\Shared\Cache\ - C:\Program Files\FunWebProducts\Shared\ - C:\Program Files\FunWebProducts\ - C:\Program Files\VVSN\ - C:\Program Files\AskTBar\bar\1.bin\ - C:\Program Files\AskTBar\bar\Cache\ - C:\Program Files\AskTBar\bar\History\ - C:\Program Files\AskTBar\bar\Settings\ - C:\Program Files\AskTBar\bar\ - C:\Program Files\AskTBar\PopSwatr\History\ - C:\Program Files\AskTBar\PopSwatr\ - C:\Program Files\AskTBar\SrchAstt\1.bin\ - C:\Program Files\AskTBar\SrchAstt\ - C:\Program Files\AskTBar\ - C:\Program Files\GamesBar\ - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll ---> Nettoyage terminé le 15/04/2008 20:39:43
  7. ginangelheart
    Avast me dit qu'il a trouvé un rootkit dans c:\\windows\system32\drivers\asc3550p.sys Quand je scan avec sophos anti-rootkit, il me dit : Hidden registry key Area : Windows registry Description : Hidden registry key Location : \hkey_local_machine\system\controlset001\services\asc3550p Removable : No Notes : (no more detail available) Donc j'ai fait un scan avec antivir j'ai du supprimé une quinzaine de fichier infecté et voici le rapport hijack : Logfile of HijackThis v1.99.1 Scan saved at 13:20:29, on 15/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Admin\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3842F0-7756-483F-8769-C15D6D4EBE4C}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe En attente d'une réponse rapide sur ma messagerie car toujours le rootkit sur mon pc. Merci beaucoup
×
×
  • Créer...