Valou-tm
-
Compteur de contenus
24 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Valou-tm
-
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Bon je n'ouvre pas de nouveau sujet mis j'ai eu 4 fois de suite l'erreur 8024200D lors de l'installatino du SP1 de windows ... -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Bonjour, J'ai lancé les installations windows update, on verra bien ensuite. Il semble parfois atteint par la grace car le cavier refonctionne correctement et parfois il refait son difficile ... -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Merci pour l'aide, le service informatque est passé ce matin et pense peut être à un souci de bios sur les TOSHIBA. (je précise que le service en question m'avait conseillé de simplement taper moins vite car il n'avait pas le temps de se pencher sur le problème ...) J'ai eu un semblan de mieux après l'utilsation de UBIX,mais clà commencce depuis 1h eviron.. Merc de vote aide ntout cas. (voici un exemple e phrase tapée "san fautes" sr mon clvier àvitese normal de frappe) -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Bonjour, de retour au bureau, voici le rapport USBfix : ############################## | UsbFix V 7.088 | [Recherche] Utilisateur: nwa (Administrateur) # TOSH Mis à jour le 16/05/2012 par El Desaparecido Lancé à 08:15:21 | 05/06/2012 Site Web: http://eldesaparecido.com Forum: http://forum.eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.php Contact: contact@eldesaparecido.com PC: TOSHIBA (Satellite Pro L670) (x64-based PC) # Notebook CPU: Intel® Core i3 CPU M 380 @ 2.53GHz (2533) RAM -> [ Total : 3955 | Free : 2323 ] BIOS: Phoenix SecureCore Version 1.90 BOOT: Normal boot OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: Microsoft Security Essentials [ Enabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Disque fixe # 233 Go (169 Go libre(s) - 72%) [WINDOWS] # NTFS D:\ -> Disque fixe # 232 Go (218 Go libre(s) - 94%) [Data] # NTFS E:\ -> CD-ROM G:\ -> Disque amovible # 2 Go (1 Go libre(s) - 71%) [uSB DISK] # FAT ################## | Processus Actif | C:\Windows\system32\csrss.exe (456) C:\Windows\system32\wininit.exe (536) C:\Windows\system32\csrss.exe (556) C:\Windows\system32\services.exe (592) C:\Windows\system32\lsass.exe (608) C:\Windows\system32\lsm.exe (616) C:\Windows\system32\svchost.exe (740) C:\Windows\system32\winlogon.exe (808) C:\Windows\system32\svchost.exe (864) C:\Program Files\Microsoft Security Client\MsMpEng.exe (928) C:\Windows\system32\atiesrxx.exe (1016) C:\Windows\System32\svchost.exe (360) C:\Windows\System32\svchost.exe (516) C:\Windows\system32\svchost.exe (680) C:\Windows\system32\svchost.exe (1072) C:\Windows\system32\svchost.exe (1212) C:\Windows\system32\WLANExt.exe (1380) C:\Windows\system32\conhost.exe (1388) C:\Windows\System32\spoolsv.exe (1556) C:\Windows\system32\svchost.exe (1588) C:\Windows\system32\atieclxx.exe (1652) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1892) C:\Windows\system32\svchost.exe (1964) C:\Windows\system32\LMabcoms.exe (2020) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (1092) C:\Windows\system32\svchost.exe (2036) C:\Windows\system32\TODDSrv.exe (1452) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (1868) C:\Program Files\TOSHIBA\TECO\TecoService.exe (2092) c:\postgres\PostgreSQL\8.4\bin\postgres.exe (2144) C:\Windows\system32\conhost.exe (2152) C:\Program Files (x86)\TightVNC\tvnserver.exe (2204) c:\postgres\PostgreSQL\8.4\bin\postgres.exe (2212) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2292) c:\postgres\PostgreSQL\8.4\bin\postgres.exe (2368) c:\postgres\PostgreSQL\8.4\bin\postgres.exe (2376) c:\postgres\PostgreSQL\8.4\bin\postgres.exe (2384) c:\postgres\PostgreSQL\8.4\bin\postgres.exe (2392) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2516) C:\Windows\system32\taskhost.exe (2796) C:\Windows\system32\Dwm.exe (2724) C:\Windows\Explorer.EXE (2880) C:\Windows\system32\taskeng.exe (2448) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (2268) C:\Windows\system32\svchost.exe (2240) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (3452) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3464) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (3480) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3488) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3500) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (3508) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (3608) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (3668) C:\Program Files\TOSHIBA\TECO\Teco.exe (3908) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (4000) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (4032) C:\Program Files\Microsoft Security Client\msseces.exe (4068) C:\Program Files\Windows Sidebar\sidebar.exe (4084) C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (340) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3340) C:\Windows\system32\SearchIndexer.exe (3368) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (3276) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (2360) C:\Program Files\Windows Media Player\wmpnetwk.exe (3720) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3876) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (4100) C:\Program Files (x86)\TightVNC\tvnserver.exe (4108) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (4468) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4524) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4872) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3384) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (4792) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (5044) c:\Program Files (x86)\Nero\Update\NASvc.exe (2464) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (3824) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (3248) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (2432) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (4416) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (3164) C:\Windows\system32\wuauclt.exe (3880) C:\Windows\system32\wbem\wmiprvse.exe (4968) C:\Windows\system32\WUDFHost.exe (4024) C:\UsbFix\Go.exe (4580) C:\Windows\system32\wbem\wmiprvse.exe (3964) ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | ################## | Vaccin | G:\autorun.inf -> Vaccin créé par Flash_Disinfector (sUBs) ################## | E.O.F | Pour la réponse rapide et l'édit de post c'est pas un soucis, je me fais taper sur les doigts quand je n'édit pas et que je fais des doublons -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Voicile rapport SFT : Lien CJoint.com BFeplAbl4G4 rapport malware (auncun élément détecté): Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Version de la base de données: v2012.06.04.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 nwa :: TOSH [administrateur] 04/06/2012 15:08:21 mbam-log-2012-06-04 (15-08-21).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 416204 Temps écoulé: 44 minute(s), 53 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
rapport ZHPfix : Lien CJoint.com BFeojx5I7Qd rapport Adwcleaner : Lien CJoint.com BFeokkrBTDM # AdwCleaner v1.608 - Rapport créé le 04/06/2012 à 14:03:27 # Mis à jour le 27/05/2012 par Xplode # Système d'exploitation : Windows 7 Professional (64 bits) # Nom d'utilisateur : nwa - TOSH # Exécuté depuis : C:\Users\nwa\Desktop\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** ***** [Registre] ***** [x64] Clé Supprimée : HKLM\SOFTWARE\Software ***** [Registre - GUID] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v12.0 (fr) Nom du profil : default Fichier : C:\Users\nwa\AppData\Roaming\Mozilla\Firefox\Profiles\5wyktdee.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[s1].txt - [909 octets] - [04/06/2012 14:03:27] ########## EOF - C:\AdwCleaner[s1].txt - [1036 octets] ########## -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
rapport ZHPDiag Lien CJoint.com BFen21FSi7H -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Voici : RogueKiller V7.5.2 [30/05/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/54) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: nwa [Droits d'admin] Mode: DNS RAZ -- Date: 04/06/2012 13:34:27 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{88011BA3-9ADB-4418-A9DA-504697CF5B3A} : NameServer (10.23.20.5,10.23.20.2) -> REPLACED () [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CBFDBD82-82CA-4588-844B-115AC279F859} : NameServer (10.23.20.5,10.23.20.2) -> REPLACED () [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{88011BA3-9ADB-4418-A9DA-504697CF5B3A} : NameServer (10.23.20.5,10.23.20.2) -> REPLACED () [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{CBFDBD82-82CA-4588-844B-115AC279F859} : NameServer (10.23.20.5,10.23.20.2) -> REPLACED () Termine : << RKreport[1].txt >> RKreport[1].txt -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Quelle version veux tu que je télécharge? la 7.5.2 étant la dernière que je trouve. Voici le rapport après suppression : RogueKiller V7.5.2 [30/05/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/54) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: nwa [Droits d'admin] Mode: Suppression -- Date: 04/06/2012 13:15:29 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 8 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{88011BA3-9ADB-4418-A9DA-504697CF5B3A} : NameServer (10.23.20.5,10.23.20.2) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CBFDBD82-82CA-4588-844B-115AC279F859} : NameServer (10.23.20.5,10.23.20.2) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{88011BA3-9ADB-4418-A9DA-504697CF5B3A} : NameServer (10.23.20.5,10.23.20.2) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{CBFDBD82-82CA-4588-844B-115AC279F859} : NameServer (10.23.20.5,10.23.20.2) -> NOT REMOVED, USE DNSFIX [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5065GSXN +++++ --- User --- [MBR] 4cef8d0f3e6823e2f08a61f822d7cd14 [bSP] bdb1536c4011eb4318591339e3aab221 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 238470 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 489207808 | Size: 238069 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++ --- User --- [MBR] 9ed9af76695322514281dfd6362ad184 [bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 8064 | Size: 1908 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Bonjour, Désolé pour l'absence de réponse depuis février. Une nouvelle mission de travail m'ayant été confiée, j'avais changé de pc. Etant revenu dans mon ancien bureau j'ai eu la joie de retrouver mon ancien pc et donc ce problème de clavier lettrovore ... J'ai suivi les indications de tomtom95, par contre les mises à jour de windows doivent être faites demain pour le service informatique. rapport ZHPfix : Lien CJoint.com BFelM06UZAR rapport RogueKiller : RogueKiller V7.5.2 [30/05/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/54) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: nwa [Droits d'admin] Mode: Recherche -- Date: 04/06/2012 11:38:15 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 8 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{88011BA3-9ADB-4418-A9DA-504697CF5B3A} : NameServer (10.23.20.5,10.23.20.2) -> FOUND [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CBFDBD82-82CA-4588-844B-115AC279F859} : NameServer (10.23.20.5,10.23.20.2) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{88011BA3-9ADB-4418-A9DA-504697CF5B3A} : NameServer (10.23.20.5,10.23.20.2) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{CBFDBD82-82CA-4588-844B-115AC279F859} : NameServer (10.23.20.5,10.23.20.2) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK5065GSXN +++++ --- User --- [MBR] 4cef8d0f3e6823e2f08a61f822d7cd14 [bSP] bdb1536c4011eb4318591339e3aab221 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 238470 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 489207808 | Size: 238069 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: USB DISK 2.0 USB Device +++++ --- User --- [MBR] 9ed9af76695322514281dfd6362ad184 [bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 8064 | Size: 1908 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt Encore toutes mes excuses pour le retard. A bientôt -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Double post pour la bonne cause voici le lien cjoint.com : Lien CJoint.com BBpiyPkBlHi -
Problème d'écriture avec le clavier
Valou-tm a répondu à un(e) sujet de Valou-tm dans Analyses et éradication malwares
Je ferai cela demain matin, en effet je suis sur un autre pc le soir. Merci de ton aide. -
Bonjour, j'ai depuis peu un nouveau portable de travail. Depuis environ 2 semaines j'ai la désagréable surprise de voir que mon clavier ne suit pas mon rythme d'écriture, à savoir qu'il n'écrit pas toutes les lettres que je tape ou bien m'en écrit 2, notament les espaces. Il y a de cela 3ans et demi, j'avais eu un problème similaire sur un autre pc portable et vous aviez pu m'aider. J'espère que vous serez encore aussi efficient cette fois ci. je vous joins le rapport Hijackthis fait cet après-midi. Merci d'avance. Nicolas Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:46:37, on 13/02/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16912) Boot mode: Normal Running processes: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\TightVNC\tvnserver.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\nwa\Desktop\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Toshiba | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Toshiba | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Système') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = creuse.chambagri.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{88011BA3-9ADB-4418-A9DA-504697CF5B3A}: NameServer = 10.23.20.5,10.23.20.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{CBFDBD82-82CA-4588-844B-115AC279F859}: NameServer = 10.23.20.5,10.23.20.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = creuse.chambagri.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = creuse.chambagri.fr O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing) O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:/postgres/PostgreSQL/8.4/bin/pg_ctl.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 24545 bytes
-
voici le rapport antivir et merci beaucoup de ton aide il n'y a plus rien par spybot non plus alors qu'avant il trouvé le virtuamonde et le zlob.downloader. Avira AntiVir Personal Report file date: mercredi 28 mai 2008 15:23 Scanning for 1295437 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NOM-74CE8B1576C Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 10:02:58 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 09:43:38 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 09:41:24 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 09:28:42 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:58 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 07:58:44 ANTIVIR3.VDF : 7.0.4.106 279040 Bytes 28/05/2008 12:31:48 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:22 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 21/05/2008 07:59:04 AESCN.DLL : 8.1.0.18 119156 Bytes 21/05/2008 07:59:02 AERDL.DLL : 8.1.0.20 418165 Bytes 21/05/2008 07:59:00 AEPACK.DLL : 8.1.1.5 364918 Bytes 21/05/2008 07:58:58 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 21/05/2008 07:58:56 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 21/05/2008 07:58:56 AEHELP.DLL : 8.1.0.14 115063 Bytes 21/05/2008 07:58:52 AEGEN.DLL : 8.1.0.21 303477 Bytes 21/05/2008 07:58:50 AEEMU.DLL : 8.1.0.6 430451 Bytes 21/05/2008 07:58:50 AECORE.DLL : 8.1.0.29 168311 Bytes 21/05/2008 07:58:48 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 18:07:54 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 11:37:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:26:48 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 18:07:50 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:24 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 09:31:32 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:04 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 18:08:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:12 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 15:37:26 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:02:12 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 28 mai 2008 15:23 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned Scan process 'TosBtProc.exe' - '1' Module(s) have been scanned Scan process 'TosOBEX.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'CLI.EXE' - '1' Module(s) have been scanned Scan process 'CLI.EXE' - '1' Module(s) have been scanned Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned Scan process 'DSLAGENT.EXE' - '1' Module(s) have been scanned Scan process 'GSICON.EXE' - '1' Module(s) have been scanned Scan process 'Demon.exe' - '1' Module(s) have been scanned Scan process 'WINAMPA.EXE' - '1' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned Scan process 'ACEngSvr.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'CLI.EXE' - '1' Module(s) have been scanned Scan process 'EHMSAS.EXE' - '1' Module(s) have been scanned Scan process 'ACMON.EXE' - '1' Module(s) have been scanned Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned Scan process 'HControl.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'RemoteControlService.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned Scan process 'SCHED.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 66 processes with 66 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '37' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' End of the scan: mercredi 28 mai 2008 15:56 Used time: 32:55 min The scan has been done completely. 6831 Scanning directories 217624 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 217624 Files not concerned 7168 Archives were scanned 2 Warnings 0 Notes
-
voici le rapport hijackthis après la manip que tu m'a demandée. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:19:34, on 28/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 9938 bytes
-
Voici le rapport de combofix ComboFix 08-05-27.4 - BUREAU 2008-05-28 12:02:23.2 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1480 [GMT 1:00] Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\BUREAU\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\exnk.exe C:\WINDOWS\mpfanvqg.dll C:\WINDOWS\oadkxrts.exe C:\WINDOWS\pvnsmfor.dll C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\avjwfxln.dll C:\WINDOWS\system32\ceynllbk.dll C:\WINDOWS\System32\drivers\elI63.sys C:\WINDOWS\System32\drivers\kpV74.sys C:\WINDOWS\System32\drivers\lrW73.sys C:\WINDOWS\System32\drivers\rxF17.sys C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\hgGvuTNE.dll C:\WINDOWS\system32\IEDFix.exe C:\WINDOWS\system32\iifcCvWm.dll C:\WINDOWS\system32\mlJDuUKa.dll C:\WINDOWS\system32\opnooOfD.dll C:\WINDOWS\system32\Process.exe C:\WINDOWS\system32\rqRKBRlm.dll C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\VACFix.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\vtUKcCvW.dll C:\WINDOWS\system32\WinCtrl32.dl_ C:\WINDOWS\system32\WS2Fix.exe C:\WINDOWS\system32\ybopsatq.dll C:\WINDOWS\vbksrofa.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\CableRouting C:\Program Files\CableRouting\uninstall.dat C:\Program Files\CableRouting\Uninstall.exe C:\WINDOWS\mpfanvqg.dll C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\avjwfxln.dll C:\WINDOWS\system32\ceynllbk.dll C:\WINDOWS\system32\DfOoonpo.ini C:\WINDOWS\system32\DfOoonpo.ini2 C:\WINDOWS\system32\dumphive.exe C:\WINDOWS\system32\IEDFix.exe C:\WINDOWS\system32\kbllnyec.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\Process.exe C:\WINDOWS\system32\rqRKBRlm.dll C:\WINDOWS\system32\SrchSTS.exe C:\WINDOWS\system32\VACFix.exe C:\WINDOWS\system32\VCCLSID.exe C:\WINDOWS\system32\WS2Fix.exe C:\WINDOWS\system32\ybopsatq.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_elI63 -------\Service_kpV74 -------\Service_lrW73 -------\Service_rxF17 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))))))) . 2008-05-22 16:19 . 2008-05-22 16:19 <REP> d-------- C:\Program Files\Lavasoft 2008-05-22 16:19 . 2008-05-22 16:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-22 16:12 . 2008-05-22 16:12 <REP> d-------- C:\Program Files\Trend Micro 2008-05-22 16:05 . 2008-05-22 16:05 <REP> d--hs---- C:\FOUND.007 2008-05-21 10:35 . 2008-05-28 11:50 2,192 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2008-05-21 09:26 . 2008-05-21 09:26 <REP> d-------- C:\Program Files\Sunbelt Software 2008-05-21 09:00 . 2008-05-21 09:00 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents 2008-05-21 08:55 . 2008-05-21 08:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-21 08:54 . 2008-05-21 08:55 <REP> d-------- C:\Program Files\Avira 2008-05-20 16:17 . 2008-05-20 16:17 <REP> d--hs---- C:\FOUND.006 2008-05-20 14:58 . 2008-05-20 14:58 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-20 13:59 . 2008-05-27 10:24 3,602 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-19 01:42 . 2008-05-19 01:42 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-18 15:24 . 2008-05-18 15:24 <REP> d--hs---- C:\FOUND.005 2008-05-16 17:16 . 2008-05-19 16:20 492 --a------ C:\WINDOWS\wininit.ini 2008-05-16 16:38 . 2008-05-16 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-05-14 15:42 . 2008-05-14 15:42 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\skypePM 2008-05-14 15:42 . 2008-05-14 15:42 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-14 15:40 . 2008-05-14 15:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Program Files\Windows Live 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-11 22:19 . 2008-05-11 22:19 <REP> d--hs---- C:\FOUND.004 2008-04-30 08:35 . 2008-04-30 08:35 <REP> d--hs---- C:\FOUND.003 2008-04-29 14:11 . 2008-04-29 14:11 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-04-29 14:09 . 2008-04-29 14:09 <REP> d-------- C:\Program Files\Google 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-27 17:16 --------- d-----w C:\Program Files\Virtools 2008-04-03 14:47 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Ahead 2008-04-03 14:29 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-04-03 14:29 --------- d-----w C:\Program Files\Ahead 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-13 18:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-01 17:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 09:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 09:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65DBDFF1-42FD-4BA8-BC93-31E0FE74F72E}] C:\WINDOWS\system32\opnooOfD.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 14:16 68856] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 17:19 1189104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 21:40 106496] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-11-08 11:23 17920] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 07:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2002-11-12 16:34 20480] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2002-11-12 16:34 45056] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 16855552 C:\WINDOWS\RTHDCPL.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352] "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 11:26 40960] "GSICONEXE"="GSICON.EXE" [2002-01-22 22:01 90112 C:\WINDOWS\system32\gsicon.exe] "DSLAGENTEXE"="dslagent.exe" [2002-01-22 22:01 16384 C:\WINDOWS\system32\dslagent.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "00f011d9"="C:\WINDOWS\system32\ceynllbk.dll" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Cyanide\\Chaos-League MS\\ChaosLeagueEx.exe"= "C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "D:\\Strangelite\\Starship Troopers\\STGame.exe"= "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"= "D:\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21] R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-12-12 09:55] R3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-25 02:32] R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03] R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-06-20 11:48] R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-06-20 11:48] S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-01-22 22:01] S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21] S3 bDMusicb;bDMusicb;C:\DOCUME~1\BUREAU\LOCALS~1\Temp\bDMusicb.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\OblivionLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27800014-f390-11dc-9856-0017313db864}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL protector.exe \Shell\infected\command - protector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{339d55a0-130b-11dd-986f-0017313db864}] \Shell\AutoRun\command - F:\EmDesk.exe \Shell\EmDesk\command - F:\EmDesk.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-28 12:10:18 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\WINDOWS\EHOME\EHRECVR.EXE C:\WINDOWS\EHOME\EHSCHED.EXE C:\WINDOWS\SYSTEM32\FTRTSVC.EXE C:\PROGRAM FILES\ELECTRONIC ARTS\MEDAL OF HONOR AIRBORNE\UNREALENGINE3\MOHAGAME\PB\PNKBSTRA.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\EHOME\EHMSAS.EXE C:\WINDOWS\SYSTEM32\ACENGSVR.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE C:\PROGRAM FILES\MESSAGER WANADOO\DEMON.EXE C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTMNG.EXE C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSA2DP.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-28 12:12:46 - machine was rebooted [bUREAU] ComboFix2.txt 2008-05-20 15:24:16 ComboFix-quarantined-files.txt 2008-05-28 11:12:40 Pre-Run: 13,597,507,584 octets libres Post-Run: 13,607,010,304 octets libres 238 --- E O F --- 2008-05-19 00:42:40 et celui de hijackthis aussi Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:16:49, on 28/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {65DBDFF1-42FD-4BA8-BC93-31E0FE74F72E} - C:\WINDOWS\system32\opnooOfD.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [00f011d9] rundll32.exe "C:\WINDOWS\system32\ceynllbk.dll",b O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
-
Je fait ca dès que je peux merci. Je pense en fin de matinée (réunion de boulot tt de suite lol)
-
Re bonjour Juste pour vous préciser que j'ai installé antivir jeudi dernier et il apparait un message d'alerte de ce programme à chaque fois que je lance une nouvelle application. Ce message est en rapport avec le virtuamonde je pense (mais je n'arrive pas à copier l'imprimécran)
-
voici le rapport de désinfection de smitfraudfix SmitFraudFix v2.323 Rapport fait à 10:24:25,51, 27/05/2008 Executé à partir de C:\Documents and Settings\BUREAU\Bureau\SmitfraudFix\Policies.exe\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD56522F-A85E-43ED-A018-3C193BA23D7C}: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=149.155.200.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin et le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:51, on 27/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\RemoteControlService.exe C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0AC8CA82-3B9A-4CD0-81AB-DB2BA0E15526} - C:\WINDOWS\system32\hgGvuTNE.dll (file missing) O2 - BHO: CableRouting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CableRouting\CableRouting.dll (file missing) O2 - BHO: (no name) - {4B116313-62F6-4EB5-99A6-A0E331EF0AFE} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {65DBDFF1-42FD-4BA8-BC93-31E0FE74F72E} - C:\WINDOWS\system32\opnooOfD.dll (file missing) O2 - BHO: (no name) - {6FFFABCC-0613-4828-9FBA-0B1E26EA6A0F} - C:\WINDOWS\system32\mlJDuUKa.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {D86CBAFF-A4AB-4921-8984-92B0DE4B08F2} - C:\WINDOWS\system32\vtUKcCvW.dll (file missing) O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\WINDOWS\system32\rqRKBRlm.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: pvnsmfor - {91549F7B-90F9-4BBA-8599-7515EB4D87C1} - C:\WINDOWS\pvnsmfor.dll (file missing) O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [00f011d9] rundll32.exe "C:\WINDOWS\system32\ceynllbk.dll",b O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O20 - Winlogon Notify: rqRKBRlm - C:\WINDOWS\SYSTEM32\rqRKBRlm.dll O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) O21 - SSODL: vbksrofa - {08156810-3A3A-43AD-9D03-BCEE7F0F3DA8} - C:\WINDOWS\vbksrofa.dll (file missing) O21 - SSODL: mpfanvqg - {88048FF1-21DE-4CA0-8667-F4E69F6BB6A2} - C:\WINDOWS\mpfanvqg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 11615 bytes
-
Bonjour, dsl pour le retard je n'avais pas accés a internet ce we et hier c'était un jour férié en angleterre. Donc voici le rapport de recherche de smitfraudfix SmitFraudFix v2.323 Rapport fait à 10:16:53,42, 27/05/2008 Executé à partir de C:\Documents and Settings\BUREAU\Bureau\SmitfraudFix\Policies.exe\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\RemoteControlService.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BUREAU »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BUREAU\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BUREAU\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 149.155.200.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD56522F-A85E-43ED-A018-3C193BA23D7C}: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD56522F-A85E-43ED-A018-3C193BA23D7C}: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD56522F-A85E-43ED-A018-3C193BA23D7C}: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=149.155.200.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
-
SmitFraudFix v2.320 Rapport fait à 15:38:02,71, 23/05/2008 Executé à partir de C:\Documents and Settings\BUREAU\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RemoteControlService.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BUREAU »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BUREAU\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BUREAU\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 149.155.200.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CD56522F-A85E-43ED-A018-3C193BA23D7C}: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CD56522F-A85E-43ED-A018-3C193BA23D7C}: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{CD56522F-A85E-43ED-A018-3C193BA23D7C}: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=149.155.200.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=149.155.200.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
-
voici mon rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:13:08, on 22/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\WANADOO\TaskbarIcon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\RemoteControlService.exe C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\ACEngSvr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0AC8CA82-3B9A-4CD0-81AB-DB2BA0E15526} - C:\WINDOWS\system32\hgGvuTNE.dll (file missing) O2 - BHO: CableRouting module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\CableRouting\CableRouting.dll (file missing) O2 - BHO: (no name) - {4B116313-62F6-4EB5-99A6-A0E331EF0AFE} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {65DBDFF1-42FD-4BA8-BC93-31E0FE74F72E} - C:\WINDOWS\system32\opnooOfD.dll (file missing) O2 - BHO: (no name) - {6FFFABCC-0613-4828-9FBA-0B1E26EA6A0F} - C:\WINDOWS\system32\mlJDuUKa.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {D86CBAFF-A4AB-4921-8984-92B0DE4B08F2} - C:\WINDOWS\system32\vtUKcCvW.dll (file missing) O2 - BHO: (no name) - {EF4CC146-43C9-4741-8D21-EB5035A4EBEC} - C:\WINDOWS\system32\rqRKBRlm.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: pvnsmfor - {91549F7B-90F9-4BBA-8599-7515EB4D87C1} - C:\WINDOWS\pvnsmfor.dll (file missing) O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [00f011d9] rundll32.exe "C:\WINDOWS\system32\ceynllbk.dll",b O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe O20 - Winlogon Notify: rqRKBRlm - C:\WINDOWS\SYSTEM32\rqRKBRlm.dll O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) O21 - SSODL: vbksrofa - {08156810-3A3A-43AD-9D03-BCEE7F0F3DA8} - C:\WINDOWS\vbksrofa.dll (file missing) O21 - SSODL: mpfanvqg - {88048FF1-21DE-4CA0-8667-F4E69F6BB6A2} - C:\WINDOWS\mpfanvqg.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 11315 bytes
-
Bonjour à tous. J'ai été infecté il y a deux jour pour les virus zlob... et virtuamonde. J'ai utilisé combofix et voici mon rapport. ComboFix 08-05-19.4 - BUREAU 2008-05-20 16:11:50.1 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1510 [GMT 1:00] Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\BUREAU\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\aKUuDJlm.ini C:\WINDOWS\system32\aKUuDJlm.ini2 C:\WINDOWS\system32\DfOoonpo.ini C:\WINDOWS\system32\DfOoonpo.ini2 C:\WINDOWS\system32\ENTuvGgh.ini C:\WINDOWS\system32\ENTuvGgh.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nlxfwjva.ini C:\WINDOWS\system32\qtaspoby.ini C:\WINDOWS\system32\rnlgngty.ini C:\WINDOWS\system32\WvCcKUtv.ini C:\WINDOWS\system32\WvCcKUtv.ini2 C:\WINDOWS\system32\yuainmss.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))))))) . 2008-05-20 16:17 . 2008-05-20 16:17 <REP> d--hs---- C:\FOUND.006 2008-05-20 15:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-20 15:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-20 15:41 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-20 15:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-20 15:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-20 15:41 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-20 15:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-20 15:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-20 14:58 . 2008-05-20 14:58 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-20 13:59 . 2008-05-20 15:58 3,574 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-20 09:19 . 2008-05-20 09:19 91,264 --a------ C:\WINDOWS\system32\ybopsatq.dll 2008-05-20 09:18 . 2008-05-20 09:18 319,360 --a------ C:\WINDOWS\system32\opnooOfD.dll 2008-05-19 01:42 . 2008-05-19 01:42 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-18 15:29 . 2008-05-18 15:29 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dl_ 2008-05-18 15:24 . 2008-05-18 15:24 <REP> d--hs---- C:\FOUND.005 2008-05-18 14:09 . 2008-05-18 14:09 90,752 --a------ C:\WINDOWS\system32\avjwfxln.dll 2008-05-16 17:16 . 2008-05-19 16:20 492 --a------ C:\WINDOWS\wininit.ini 2008-05-16 16:38 . 2008-05-16 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-16 16:02 . 2008-05-16 16:02 <REP> d-------- C:\Program Files\CableRouting 2008-05-16 14:26 . 2008-05-16 01:01 241,664 --a------ C:\WINDOWS\mpfanvqg.dll 2008-05-16 14:26 . 2008-05-16 01:03 159,744 --a------ C:\WINDOWS\exnk.exe 2008-05-16 14:26 . 2008-05-16 01:03 94,208 --a------ C:\WINDOWS\oadkxrts.exe 2008-05-16 14:26 . 2008-05-16 14:26 29,824 --a------ C:\WINDOWS\system32\rqRKBRlm.dll 2008-05-16 14:26 . 2008-05-16 14:26 29,824 --a------ C:\WINDOWS\system32\iifcCvWm.dll 2008-05-14 15:42 . 2008-05-14 15:42 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\skypePM 2008-05-14 15:42 . 2008-05-14 15:42 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-14 15:40 . 2008-05-14 15:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Program Files\Windows Live 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-11 22:19 . 2008-05-11 22:19 <REP> d--hs---- C:\FOUND.004 2008-04-30 08:35 . 2008-04-30 08:35 <REP> d--hs---- C:\FOUND.003 2008-04-29 14:11 . 2008-04-29 14:11 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-04-29 14:09 . 2008-04-29 14:09 <REP> d-------- C:\Program Files\Google 2008-04-27 18:16 . 2008-04-27 18:16 <REP> d-------- C:\Program Files\Virtools . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 14:47 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Ahead 2008-04-03 14:29 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-04-03 14:29 --------- d-----w C:\Program Files\Ahead 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-13 18:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-01 17:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 09:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 09:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 07:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 07:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 06:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 06:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 06:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AC8CA82-3B9A-4CD0-81AB-DB2BA0E15526}] C:\WINDOWS\system32\hgGvuTNE.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] 2008-03-27 14:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B116313-62F6-4EB5-99A6-A0E331EF0AFE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFFABCC-0613-4828-9FBA-0B1E26EA6A0F}] C:\WINDOWS\system32\mlJDuUKa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D86CBAFF-A4AB-4921-8984-92B0DE4B08F2}] C:\WINDOWS\system32\vtUKcCvW.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD3DDE3D-AB11-447F-9717-DBC426394688}] 2008-05-20 09:18 319360 --a------ C:\WINDOWS\system32\opnooOfD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}] 2008-05-16 14:26 29824 --a------ C:\WINDOWS\system32\rqRKBRlm.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91549F7B-90F9-4BBA-8599-7515EB4D87C1}"= "C:\WINDOWS\pvnsmfor.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{91549f7b-90f9-4bba-8599-7515eb4d87c1}] [HKEY_CLASSES_ROOT\pvnsmfor.1] [HKEY_CLASSES_ROOT\TypeLib\{9209A88A-455F-4DE4-97D9-0B32E537DBF7}] [HKEY_CLASSES_ROOT\pvnsmfor] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 14:16 68856] "SpybotSD TeaTimer"="d:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 21:40 106496] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-11-08 11:23 17920] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 07:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2002-11-12 16:34 20480] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2002-11-12 16:34 45056] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 16855552 C:\WINDOWS\RTHDCPL.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352] "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 11:26 40960] "GSICONEXE"="GSICON.EXE" [2002-01-22 22:01 90112 C:\WINDOWS\system32\gsicon.exe] "DSLAGENTEXE"="dslagent.exe" [2002-01-22 22:01 16384 C:\WINDOWS\system32\dslagent.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\WINDOWS\system32\rqRKBRlm.dll [2008-05-16 14:26 29824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "vbksrofa"= {08156810-3A3A-43AD-9D03-BCEE7F0F3DA8} - C:\WINDOWS\vbksrofa.dll [ ] "mpfanvqg"= {88048FF1-21DE-4CA0-8667-F4E69F6BB6A2} - C:\WINDOWS\mpfanvqg.dll [2008-05-16 01:01 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKBRlm] rqRKBRlm.dll 2008-05-16 14:26 29824 C:\WINDOWS\system32\rqRKBRlm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32] WinCtrl32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\elI63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kpV74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW73.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rxF17.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Cyanide\\Chaos-League MS\\ChaosLeagueEx.exe"= "C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "D:\\Strangelite\\Starship Troopers\\STGame.exe"= "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"= "D:\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-12-12 09:55] R3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-25 02:32] R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03] R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-06-20 11:48] R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-06-20 11:48] S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-01-22 22:01] S3 bDMusicb;bDMusicb;C:\DOCUME~1\BUREAU\LOCALS~1\Temp\bDMusicb.sys [] S3 elI63;elI63;C:\WINDOWS\System32\drivers\elI63.sys [] S3 kpV74;kpV74;C:\WINDOWS\System32\drivers\kpV74.sys [] S3 lrW73;lrW73;C:\WINDOWS\System32\drivers\lrW73.sys [] S3 rxF17;rxF17;C:\WINDOWS\System32\drivers\rxF17.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\OblivionLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27800014-f390-11dc-9856-0017313db864}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL protector.exe \Shell\infected\command - protector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{339d55a0-130b-11dd-986f-0017313db864}] \Shell\AutoRun\command - F:\EmDesk.exe \Shell\EmDesk\command - F:\EmDesk.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 16:20:15 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\rqRKBRlm.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ACEngSvr.exe C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-20 16:24:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-20 15:24:10 Pre-Run: 12,904,300,544 octets libres Post-Run: 12,790,071,296 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 252 --- E O F --- 2008-05-19 00:42:40 Bravo pour avoir tout lu.
-
Bonjour à tous. J'ai été infecté il y a deux jour pour les virus zlob... et virtuamonde. J'ai utilisé combofix et voici mon rapport. ComboFix 08-05-19.4 - BUREAU 2008-05-20 16:11:50.1 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1510 [GMT 1:00] Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\BUREAU\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\aKUuDJlm.ini C:\WINDOWS\system32\aKUuDJlm.ini2 C:\WINDOWS\system32\DfOoonpo.ini C:\WINDOWS\system32\DfOoonpo.ini2 C:\WINDOWS\system32\ENTuvGgh.ini C:\WINDOWS\system32\ENTuvGgh.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nlxfwjva.ini C:\WINDOWS\system32\qtaspoby.ini C:\WINDOWS\system32\rnlgngty.ini C:\WINDOWS\system32\WvCcKUtv.ini C:\WINDOWS\system32\WvCcKUtv.ini2 C:\WINDOWS\system32\yuainmss.ini . ((((((((((((((((((((((((((((( Fichiers crs 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))))))) . 2008-05-20 16:17 . 2008-05-20 16:17 <REP> d--hs---- C:\FOUND.006 2008-05-20 15:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-20 15:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-20 15:41 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-20 15:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-20 15:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-20 15:41 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-20 15:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-20 15:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-20 14:58 . 2008-05-20 14:58 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-20 13:59 . 2008-05-20 15:58 3,574 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-20 09:19 . 2008-05-20 09:19 91,264 --a------ C:\WINDOWS\system32\ybopsatq.dll 2008-05-20 09:18 . 2008-05-20 09:18 319,360 --a------ C:\WINDOWS\system32\opnooOfD.dll 2008-05-19 01:42 . 2008-05-19 01:42 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-18 15:29 . 2008-05-18 15:29 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dl_ 2008-05-18 15:24 . 2008-05-18 15:24 <REP> d--hs---- C:\FOUND.005 2008-05-18 14:09 . 2008-05-18 14:09 90,752 --a------ C:\WINDOWS\system32\avjwfxln.dll 2008-05-16 17:16 . 2008-05-19 16:20 492 --a------ C:\WINDOWS\wininit.ini 2008-05-16 16:38 . 2008-05-16 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-16 16:02 . 2008-05-16 16:02 <REP> d-------- C:\Program Files\CableRouting 2008-05-16 14:26 . 2008-05-16 01:01 241,664 --a------ C:\WINDOWS\mpfanvqg.dll 2008-05-16 14:26 . 2008-05-16 01:03 159,744 --a------ C:\WINDOWS\exnk.exe 2008-05-16 14:26 . 2008-05-16 01:03 94,208 --a------ C:\WINDOWS\oadkxrts.exe 2008-05-16 14:26 . 2008-05-16 14:26 29,824 --a------ C:\WINDOWS\system32\rqRKBRlm.dll 2008-05-16 14:26 . 2008-05-16 14:26 29,824 --a------ C:\WINDOWS\system32\iifcCvWm.dll 2008-05-14 15:42 . 2008-05-14 15:42 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\skypePM 2008-05-14 15:42 . 2008-05-14 15:42 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-14 15:40 . 2008-05-14 15:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Program Files\Windows Live 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-11 22:19 . 2008-05-11 22:19 <REP> d--hs---- C:\FOUND.004 2008-04-30 08:35 . 2008-04-30 08:35 <REP> d--hs---- C:\FOUND.003 2008-04-29 14:11 . 2008-04-29 14:11 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-04-29 14:09 . 2008-04-29 14:09 <REP> d-------- C:\Program Files\Google 2008-04-27 18:16 . 2008-04-27 18:16 <REP> d-------- C:\Program Files\Virtools . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 14:47 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Ahead 2008-04-03 14:29 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-04-03 14:29 --------- d-----w C:\Program Files\Ahead 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-13 18:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-01 17:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 09:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 09:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-22 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 07:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 07:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 06:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 06:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 06:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les lments vides & les lments initiaux lgitimes ne sont pas lists [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AC8CA82-3B9A-4CD0-81AB-DB2BA0E15526}] C:\WINDOWS\system32\hgGvuTNE.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] 2008-03-27 14:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B116313-62F6-4EB5-99A6-A0E331EF0AFE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFFABCC-0613-4828-9FBA-0B1E26EA6A0F}] C:\WINDOWS\system32\mlJDuUKa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D86CBAFF-A4AB-4921-8984-92B0DE4B08F2}] C:\WINDOWS\system32\vtUKcCvW.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD3DDE3D-AB11-447F-9717-DBC426394688}] 2008-05-20 09:18 319360 --a------ C:\WINDOWS\system32\opnooOfD.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}] 2008-05-16 14:26 29824 --a------ C:\WINDOWS\system32\rqRKBRlm.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91549F7B-90F9-4BBA-8599-7515EB4D87C1}"= "C:\WINDOWS\pvnsmfor.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{91549f7b-90f9-4bba-8599-7515eb4d87c1}] [HKEY_CLASSES_ROOT\pvnsmfor.1] [HKEY_CLASSES_ROOT\TypeLib\{9209A88A-455F-4DE4-97D9-0B32E537DBF7}] [HKEY_CLASSES_ROOT\pvnsmfor] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 14:16 68856] "SpybotSD TeaTimer"="d:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 21:40 106496] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-11-08 11:23 17920] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 07:26 761945] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413] "WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2002-11-12 16:34 20480] "WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2002-11-12 16:34 45056] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 16855552 C:\WINDOWS\RTHDCPL.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352] "Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 11:26 40960] "GSICONEXE"="GSICON.EXE" [2002-01-22 22:01 90112 C:\WINDOWS\system32\gsicon.exe] "DSLAGENTEXE"="dslagent.exe" [2002-01-22 22:01 16384 C:\WINDOWS\system32\dslagent.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}"= C:\WINDOWS\system32\rqRKBRlm.dll [2008-05-16 14:26 29824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "vbksrofa"= {08156810-3A3A-43AD-9D03-BCEE7F0F3DA8} - C:\WINDOWS\vbksrofa.dll [ ] "mpfanvqg"= {88048FF1-21DE-4CA0-8667-F4E69F6BB6A2} - C:\WINDOWS\mpfanvqg.dll [2008-05-16 01:01 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKBRlm] rqRKBRlm.dll 2008-05-16 14:26 29824 C:\WINDOWS\system32\rqRKBRlm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32] WinCtrl32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\elI63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kpV74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrW73.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rxF17.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Cyanide\\Chaos-League MS\\ChaosLeagueEx.exe"= "C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"= "D:\\Strangelite\\Starship Troopers\\STGame.exe"= "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"= "C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"= "D:\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-12-12 09:55] R3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-25 02:32] R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03] R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-06-20 11:48] R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-06-20 11:48] S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-01-22 22:01] S3 bDMusicb;bDMusicb;C:\DOCUME~1\BUREAU\LOCALS~1\Temp\bDMusicb.sys [] S3 elI63;elI63;C:\WINDOWS\System32\drivers\elI63.sys [] S3 kpV74;kpV74;C:\WINDOWS\System32\drivers\kpV74.sys [] S3 lrW73;lrW73;C:\WINDOWS\System32\drivers\lrW73.sys [] S3 rxF17;rxF17;C:\WINDOWS\System32\drivers\rxF17.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\OblivionLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27800014-f390-11dc-9856-0017313db864}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL protector.exe \Shell\infected\command - protector.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{339d55a0-130b-11dd-986f-0017313db864}] \Shell\AutoRun\command - F:\EmDesk.exe \Shell\EmDesk\command - F:\EmDesk.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 16:20:15 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachs ... Balayage cach autostart entries ... Balayage des fichiers cachs ... Scan termin avec succs Les fichiers cachs: 0 ************************************************************************** . --------------------- DLLs a charg sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\rqRKBRlm.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\ACEngSvr.exe C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-20 16:24:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-20 15:24:10 Pre-Run: 12,904,300,544 octets libres Post-Run: 12,790,071,296 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 252 --- E O F --- 2008-05-19 00:42:40 Bravo pour avoir tout lu.