Aller au contenu

djidane

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par djidane

  1. djidane
    ComboFix 08-12-28.04 - Maison Botte 2008-12-29 19:24:37.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535.946 [GMT 1:00] Lancé depuis: c:\documents and settings\Maison Botte\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Maison Botte\Bureau\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\aom4144.exe c:\documents and settings\Maison Botte\Application Data\mchost.exe C:\fildfe45fd.exe C:\filledout.exe C:\sqmdata02.sqm C:\sqmnoopt02.sqm c:\windows\DSC00001.zip c:\windows\DSC00003.zip c:\windows\DSC00005.zip c:\windows\DSC00006.zip c:\windows\DSC00008.zip c:\windows\DSC00012.zip c:\windows\DSC00034.zip c:\windows\DSC00102.zip c:\windows\DSC00106.zip c:\windows\DSC00107.zip c:\windows\DSC00113.zip c:\windows\DSC00116.zip c:\windows\DSC00121.zip c:\windows\DSC00130.zip c:\windows\DSC00133.zip c:\windows\mchost.exe c:\windows\pic0382.zip c:\windows\unvise32qt.exe c:\windows\windsvc.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\aom4144.exe c:\documents and settings\Maison Botte\Application Data\mchost.exe C:\fildfe45fd.exe C:\filledout.exe c:\program files\Alwil Software c:\program files\Alwil Software\Avast4\Setup\setup.ini C:\sqmdata02.sqm C:\sqmnoopt02.sqm c:\windows\DSC00001.zip c:\windows\DSC00003.zip c:\windows\DSC00005.zip c:\windows\DSC00006.zip c:\windows\DSC00008.zip c:\windows\DSC00012.zip c:\windows\DSC00034.zip c:\windows\DSC00102.zip c:\windows\DSC00106.zip c:\windows\DSC00107.zip c:\windows\DSC00113.zip c:\windows\DSC00116.zip c:\windows\DSC00121.zip c:\windows\DSC00130.zip c:\windows\DSC00133.zip c:\windows\mchost.exe c:\windows\pic0382.zip c:\windows\unvise32qt.exe c:\windows\windsvc.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 )))))))))))))))))))))))))))))))))))) . 2008-12-29 14:49 . 2008-12-29 14:49 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-12-29 14:49 . 2008-12-29 14:49 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-12-29 14:48 . 2008-12-29 14:48 <REP> d-------- c:\program files\Kaspersky Lab 2008-12-29 14:48 . 2008-12-29 18:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-29 14:07 . 2008-12-29 14:07 203 --a------ c:\windows\GSdx9.INI 2008-12-29 09:58 . 2008-12-29 09:58 <REP> d-------- C:\VundoFix Backups 2008-12-29 09:57 . 2008-12-29 09:57 3,048,982 --a------ C:\upload_moi_XPSP2-FCDDCF03A.tar.gz 2008-12-29 09:52 . 2008-12-29 09:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-18 13:31 . 2008-12-29 16:55 <REP> d-------- c:\program files\Pcsx2_0.9.4 2008-12-17 17:27 . 2008-12-17 17:27 <REP> d-------- c:\program files\CSO-DAX Compressor 2008-12-15 14:35 . 2008-12-15 14:36 <REP> d--h----- c:\windows\msdownld.tmp 2008-12-15 14:35 . 2008-12-15 14:35 <REP> d-------- c:\windows\Logs 2008-12-15 14:35 . 2008-12-15 14:37 <REP> d-------- c:\program files\VBAM 2008-12-15 01:10 . 2008-12-15 01:10 8,192 --a------ c:\windows\d3dx.dat 2008-12-14 22:40 . 2008-12-14 22:57 <REP> d-------- c:\program files\WinAce 2008-12-14 22:25 . 2008-12-14 22:25 <REP> d-------- c:\program files\CCleaner 2008-12-11 12:30 . 2008-12-11 12:30 248 --a------ c:\windows\RomeTW.ini 2008-12-11 12:18 . 2008-12-11 12:18 <REP> d-------- c:\program files\Activision 2008-12-10 17:03 . 2008-12-10 17:03 <REP> d-------- c:\documents and settings\Maison Botte\My Games 2008-12-10 17:03 . 2008-12-10 17:03 <REP> d-------- c:\documents and settings\All Users\Microsoft 2008-12-09 16:18 . 2008-12-09 16:18 <REP> d-------- c:\windows\system32\QuickTime 2008-12-09 16:18 . 2008-12-09 16:19 <REP> d-------- c:\program files\QuickTime 2008-12-09 16:18 . 2008-12-20 00:24 <REP> d-------- c:\documents and settings\All Users\Application Data\QuickTime 2008-12-09 16:18 . 2008-12-09 16:21 575 --a------ c:\windows\BADMOJO.INI 2008-12-08 16:19 . 2008-12-08 16:19 1,226 --a------ c:\windows\system32\SHORTCUT.INI 2008-12-08 16:19 . 2008-12-08 16:31 130 --a------ c:\windows\system32\REMOTEDEVICE.INI 2008-12-08 16:18 . 2008-12-29 18:31 5,982 --a------ c:\windows\system32\LOCALSERVICE.INI 2008-12-08 16:18 . 2008-12-08 16:31 107 --a------ c:\windows\system32\LOCALDEVICE.INI 2008-12-08 16:16 . 2008-12-08 16:16 0 --a------ c:\windows\system32\BSPRINT.INI 2008-12-08 16:15 . 2008-12-08 16:15 <REP> d-------- c:\program files\IVT Corporation 2008-12-08 16:15 . 2008-12-08 16:16 32 --a------ c:\windows\0 2008-12-08 16:15 . 2008-12-08 16:15 0 --a------ c:\windows\system32\0 2008-12-04 12:03 . 2008-12-04 12:03 <REP> d-------- c:\program files\vixy.net 2008-12-03 21:41 . 2008-12-03 21:41 <REP> d-------- c:\documents and settings\Maison Botte\Application Data\Media Player Classic 2008-11-29 22:38 . 2007-06-21 09:53 32,768 --a------ c:\windows\system32\mf.dll 2008-11-29 21:11 . 2008-11-29 21:11 <REP> d-------- c:\documents and settings\botte\Bureau 2008-11-29 21:11 . 2008-11-29 21:11 <REP> d-------- c:\documents and settings\botte . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-29 18:23 --------- d-----w c:\program files\Wanadoo 2008-12-29 18:23 --------- d-----w c:\documents and settings\Maison Botte\Application Data\Skype 2008-12-29 18:08 --------- d-----w c:\documents and settings\Maison Botte\Application Data\skypePM 2008-12-29 13:03 --------- d-----w c:\documents and settings\Maison Botte\Application Data\Azureus 2008-12-28 17:07 --------- d-----w c:\documents and settings\Maison Botte\Application Data\dvdcss 2008-12-11 11:31 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys 2008-12-11 11:31 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-28 17:13 --------- d-----w c:\documents and settings\Maison Botte\Application Data\Leadertech 2008-11-26 13:50 --------- d-----w c:\program files\DAEMON Tools Lite 2008-11-26 13:47 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-26 13:47 --------- d-----w c:\documents and settings\Maison Botte\Application Data\DAEMON Tools 2008-11-26 13:38 451,072 ----a-w c:\windows\uninstall.exe 2008-11-23 22:19 --------- d-----w c:\program files\SHARP 2008-11-23 14:24 --------- d-----w c:\program files\Azureus 2008-11-20 17:58 --------- d-----w c:\program files\Lavalys 2008-11-19 22:52 22 ----a-w c:\windows\system32\drivers\adidsl.cfg 2008-11-19 22:52 --------- d-----w c:\program files\SAGEM 2008-11-18 14:53 --------- d-----w c:\program files\7-Zip 2008-11-17 21:33 --------- d-----w c:\program files\Oxin's Style! 2008-11-17 20:15 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-11-17 20:02 --------- d-----w c:\program files\IDETOOL 2008-11-17 20:01 --------- d-----w c:\program files\VIA 2008-11-17 20:01 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-11-17 19:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-17 19:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2008-11-17 19:52 --------- d-----w c:\program files\Microsoft IntelliType Pro 2008-11-17 19:51 --------- d-----w c:\program files\MSXML 6.0 2008-11-17 19:42 --------- d-----w c:\program files\ma-config.com 2008-11-17 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-11-16 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-16 22:44 --------- d-----w c:\program files\Lavasoft 2008-11-16 22:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-11-16 10:58 --------- d-----w c:\program files\MSXML 4.0 2008-11-14 13:15 --------- d-----w c:\program files\Microsoft.NET 2008-11-14 12:55 --------- d-----w c:\program files\HP 2008-11-14 12:47 --------- d-----w c:\program files\Fichiers communs\HP 2008-11-14 12:46 --------- d-----w c:\program files\Hewlett-Packard 2008-11-14 12:46 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard 2008-11-14 12:44 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard 2008-11-13 18:30 --------- d-----w c:\documents and settings\Maison Botte\Application Data\vlc 2008-11-12 21:06 --------- d-----w c:\program files\Thrustmaster 2008-11-12 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus! 2008-11-12 20:59 --------- d-----w c:\program files\Satsuki Decoder Pack 2008-11-12 20:58 --------- d-----w c:\program files\Intel Desktop Board 2008-11-12 20:31 --------- d-----w c:\program files\Realtek AC97 2008-11-12 20:04 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-12 20:04 --------- d-----w c:\program files\Java 2008-11-12 19:36 --------- d-----w c:\program files\VIA Technologies, Inc 2008-11-12 19:35 --------- d-----w c:\program files\Realtek Sound Manager 2008-11-12 19:35 --------- d-----w c:\program files\AvRack 2008-11-12 19:30 --------- d-----w c:\program files\Windows Live 2008-11-12 19:30 --------- d-----w c:\program files\MSN Messenger 2008-11-12 19:30 --------- d-----w c:\program files\Messenger Plus! Live 2008-11-12 19:26 --------- d-----w c:\program files\Fichiers communs\Ahead 2008-11-12 19:26 --------- d-----w c:\program files\Ahead 2008-11-12 19:22 --------- d-----w c:\program files\Logitech 2008-11-12 19:22 --------- d-----w c:\program files\Fichiers communs\FotoWire 2008-11-12 19:22 --------- d-----w c:\documents and settings\Maison Botte\Application Data\FotoWire 2008-11-12 19:20 --------- d-----w c:\program files\Fichiers communs\Logitech 2008-11-12 19:12 --------- d-----w c:\program files\Skype 2008-11-12 19:12 --------- d-----w c:\program files\Fichiers communs\Skype 2008-11-12 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-11-12 19:09 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-11-12 19:07 --------- d-----w c:\program files\VideoLAN 2008-11-12 18:56 --------- d-----w c:\program files\Messager Wanadoo 2008-11-12 18:46 --------- d-----w c:\program files\microsoft frontpage 2008-11-12 18:45 --------- d-----w c:\program files\Services en ligne 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat 2008-11-01 08:33 9,728 ----a-w c:\windows\system32\BsMonUI.dll 2008-11-01 08:33 18,432 ----a-w c:\windows\system32\BsMonSvr.dll 2008-11-01 08:32 622,693 ----a-w c:\windows\system32\BSShell.dll 2008-11-01 08:32 57,430 ----a-w c:\windows\system32\btfunc.dll 2008-11-01 08:32 53,248 ----a-w c:\windows\system32\HtmPrintHelper.dll 2008-11-01 08:32 405,589 ----a-w c:\windows\system32\BsUI.dll 2008-11-01 08:32 278,647 ----a-w c:\windows\system32\outlookAddin.dll 2008-11-01 08:32 114,774 ----a-w c:\windows\system32\versit.dll 2008-11-01 08:31 94,314 ----a-w c:\windows\system32\BsHelpCSps.dll 2008-11-01 08:31 557,142 ----a-w c:\windows\system32\Bscdlg.dll 2008-11-01 08:31 553,075 ----a-w c:\windows\system32\BlueSoleilCSps.dll 2008-11-01 08:31 151,642 ----a-w c:\windows\system32\BsCommon.dll 2008-11-01 08:31 114,788 ----a-w c:\windows\system32\BsProfileFunc.dll 2008-11-01 08:30 28,766 ----a-w c:\windows\system32\PlayerCtrl.dll 2008-11-01 08:29 28,760 ----a-w c:\windows\system32\BsTrace.dll 2008-11-01 08:29 28,672 ----a-w c:\windows\system32\BsMobileCSps.dll 2008-11-01 08:29 237,652 ----a-w c:\windows\system32\BsSDK.dll 2008-11-01 08:29 122,976 ----a-w c:\windows\system32\BsMobileSDK.dll 2008-11-01 08:27 110,691 ----a-w c:\windows\system32\Bs2Res.dll 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll 2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll 2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll 2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-22 14:30 81,920 ----a-w c:\windows\system32\BsVistaCommon.dll 2008-10-22 11:33 15,368 ----a-w c:\windows\system32\btinstall.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-05-27 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-12 136600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "PSPAP"="c:\program files\Thrustmaster\FunAccess\PSPAP.exe" [2007-02-02 2990080] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2003-05-23 24576] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2003-05-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 53248] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-11-01 281600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-09 98304] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] "nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\Maison Botte\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2008-11-28 233472] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-11-19 954475] D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-07-31 20616] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R0 viadsk;viadsk;c:\windows\system32\DRIVERS\viadsk.sys [2003-06-19 56576] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-11-01 143467] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752] . Contenu du dossier 'Tâches planifiées' 2008-11-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56] 2008-11-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 12:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wanadoo.fr uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Envoyer via Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Envoyer via message(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab c:\windows\Downloaded Program Files\hardwaredetection.inf FF - ProfilePath - c:\documents and settings\Maison Botte\Application Data\Mozilla\Firefox\Profiles\on84c6p2.default\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPandBr.dll . ************************************************************************** disk not found C:\ please note that you need administrator rights to perform deep scan Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . Heure de fin: 2008-12-29 19:28:08 ComboFix-quarantined-files.txt 2008-12-29 18:28:05 ComboFix2.txt 2008-12-29 17:35:12 Avant-CF: 81 442 381 824 octets libres Après-CF: 81,429,536,768 octets libres 323 --- E O F --- 2008-12-21 11:49:56
  2. djidane
    ComboFix 08-12-28.04 - Maison Botte 2008-12-29 18:27:06.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535.815 [GMT 1:00] Lancé depuis: c:\documents and settings\Maison Botte\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\MAISON~1\LOCALS~1\Temp\service.exe c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\IE4 Error Log.txt c:\windows\system32\khfDspPj.dll c:\windows\system32\rnaph.dll c:\windows\system32\sft.res c:\windows\winlogon.exe c:\windows\youtubex.dll ----- BITS: Il y a peut-être des sites infectés ----- hxxp://dealsforfun.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 )))))))))))))))))))))))))))))))))))) . 2008-12-29 16:14 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00133.zip 2008-12-29 16:14 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00116.zip 2008-12-29 16:14 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00107.zip 2008-12-29 16:14 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00102.zip 2008-12-29 16:14 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00012.zip 2008-12-29 16:14 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00006.zip 2008-12-29 16:14 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00001.zip 2008-12-29 14:49 . 2008-12-29 14:49 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-12-29 14:49 . 2008-12-29 14:49 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-12-29 14:48 . 2008-12-29 14:48 <REP> d-------- c:\program files\Kaspersky Lab 2008-12-29 14:48 . 2008-12-29 18:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-29 14:48 . 2008-12-29 18:29 32 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-29 14:07 . 2008-12-29 14:07 203 --a------ c:\windows\GSdx9.INI 2008-12-29 11:15 . 2008-12-29 11:15 90,112 --a------ C:\filledout.exe 2008-12-29 09:58 . 2008-12-29 09:58 <REP> d-------- C:\VundoFix Backups 2008-12-29 09:57 . 2008-12-29 09:57 3,048,982 --a------ C:\upload_moi_XPSP2-FCDDCF03A.tar.gz 2008-12-29 09:52 . 2008-12-29 09:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-12-28 15:48 . 2008-12-28 15:48 90,242 --a------ c:\windows\DSC00130.zip 2008-12-28 15:48 . 2008-12-28 15:48 90,242 --a------ c:\windows\DSC00121.zip 2008-12-28 15:48 . 2008-12-28 15:48 90,242 --a------ c:\windows\DSC00113.zip 2008-12-28 15:48 . 2008-12-28 15:48 90,242 --a------ c:\windows\DSC00106.zip 2008-12-28 15:48 . 2008-12-29 16:14 90,242 --a------ c:\windows\DSC00034.zip 2008-12-28 15:48 . 2008-12-28 15:48 90,242 --a------ c:\windows\DSC00008.zip 2008-12-28 15:48 . 2008-12-28 15:48 90,242 --a------ c:\windows\DSC00005.zip 2008-12-28 15:48 . 2008-12-28 15:48 90,242 --a------ c:\windows\DSC00003.zip 2008-12-28 15:48 . 2008-12-29 17:02 77,824 --a------ C:\aom4144.exe 2008-12-28 15:48 . 2008-12-29 16:14 64,558 --a------ c:\windows\pic0382.zip 2008-12-28 15:47 . 2008-12-28 15:47 90,112 -r-hs---- c:\windows\windsvc.exe 2008-12-28 15:47 . 2008-12-28 15:47 90,112 --a------ C:\fildfe45fd.exe 2008-12-28 14:57 . 2008-12-28 14:57 268 --ah----- C:\sqmdata02.sqm 2008-12-28 14:57 . 2008-12-28 14:57 244 --ah----- C:\sqmnoopt02.sqm 2008-12-28 14:28 . 2008-12-11 17:33 344,064 -rahs---- c:\documents and settings\Maison Botte\Application Data\mchost.exe 2008-12-28 14:27 . 2008-12-11 17:33 344,064 -rahs---- c:\windows\mchost.exe 2008-12-18 13:31 . 2008-12-29 16:55 <REP> d-------- c:\program files\Pcsx2_0.9.4 2008-12-17 17:27 . 2008-12-17 17:27 <REP> d-------- c:\program files\CSO-DAX Compressor 2008-12-15 14:35 . 2008-12-15 14:36 <REP> d--h----- c:\windows\msdownld.tmp 2008-12-15 14:35 . 2008-12-15 14:35 <REP> d-------- c:\windows\Logs 2008-12-15 14:35 . 2008-12-15 14:37 <REP> d-------- c:\program files\VBAM 2008-12-15 01:10 . 2008-12-15 01:10 8,192 --a------ c:\windows\d3dx.dat 2008-12-14 22:40 . 2008-12-14 22:57 <REP> d-------- c:\program files\WinAce 2008-12-14 22:25 . 2008-12-14 22:25 <REP> d-------- c:\program files\CCleaner 2008-12-11 12:30 . 2008-12-11 12:30 248 --a------ c:\windows\RomeTW.ini 2008-12-11 12:18 . 2008-12-11 12:18 <REP> d-------- c:\program files\Activision 2008-12-10 17:03 . 2008-12-10 17:03 <REP> d-------- c:\documents and settings\Maison Botte\My Games 2008-12-10 17:03 . 2008-12-10 17:03 <REP> d-------- c:\documents and settings\All Users\Microsoft 2008-12-09 16:18 . 2008-12-09 16:18 <REP> d-------- c:\windows\system32\QuickTime 2008-12-09 16:18 . 2008-12-09 16:19 <REP> d-------- c:\program files\QuickTime 2008-12-09 16:18 . 2008-12-20 00:24 <REP> d-------- c:\documents and settings\All Users\Application Data\QuickTime 2008-12-09 16:18 . 1999-11-10 12:05 86,016 --a------ c:\windows\unvise32qt.exe 2008-12-09 16:18 . 2008-12-09 16:21 575 --a------ c:\windows\BADMOJO.INI 2008-12-08 16:19 . 2008-12-08 16:19 1,226 --a------ c:\windows\system32\SHORTCUT.INI 2008-12-08 16:19 . 2008-12-08 16:31 130 --a------ c:\windows\system32\REMOTEDEVICE.INI 2008-12-08 16:18 . 2008-12-29 18:31 5,982 --a------ c:\windows\system32\LOCALSERVICE.INI 2008-12-08 16:18 . 2008-12-08 16:31 107 --a------ c:\windows\system32\LOCALDEVICE.INI 2008-12-08 16:16 . 2008-12-08 16:16 0 --a------ c:\windows\system32\BSPRINT.INI 2008-12-08 16:15 . 2008-12-08 16:15 <REP> d-------- c:\program files\IVT Corporation 2008-12-08 16:15 . 2008-12-08 16:16 32 --a------ c:\windows\0 2008-12-08 16:15 . 2008-12-08 16:15 0 --a------ c:\windows\system32\0 2008-12-04 12:03 . 2008-12-04 12:03 <REP> d-------- c:\program files\vixy.net 2008-12-03 21:41 . 2008-12-03 21:41 <REP> d-------- c:\documents and settings\Maison Botte\Application Data\Media Player Classic 2008-11-29 22:38 . 2007-06-21 09:53 32,768 --a------ c:\windows\system32\mf.dll 2008-11-29 21:11 . 2008-11-29 21:11 <REP> d-------- c:\documents and settings\botte\Bureau 2008-11-29 21:11 . 2008-11-29 21:11 <REP> d-------- c:\documents and settings\botte . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-29 17:25 --------- d-----w c:\program files\Wanadoo 2008-12-29 13:03 --------- d-----w c:\documents and settings\Maison Botte\Application Data\Azureus 2008-12-28 20:20 --------- d-----w c:\documents and settings\Maison Botte\Application Data\Skype 2008-12-28 17:07 --------- d-----w c:\documents and settings\Maison Botte\Application Data\dvdcss 2008-12-28 15:37 --------- d-----w c:\documents and settings\Maison Botte\Application Data\skypePM 2008-12-11 11:31 11,973 ----a-w c:\windows\system32\drivers\secdrv.sys 2008-12-11 11:31 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-28 17:13 --------- d-----w c:\documents and settings\Maison Botte\Application Data\Leadertech 2008-11-26 13:50 --------- d-----w c:\program files\DAEMON Tools Lite 2008-11-26 13:47 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-26 13:47 --------- d-----w c:\documents and settings\Maison Botte\Application Data\DAEMON Tools 2008-11-26 13:38 451,072 ----a-w c:\windows\uninstall.exe 2008-11-23 22:19 --------- d-----w c:\program files\SHARP 2008-11-23 14:24 --------- d-----w c:\program files\Azureus 2008-11-20 17:58 --------- d-----w c:\program files\Lavalys 2008-11-19 22:52 22 ----a-w c:\windows\system32\drivers\adidsl.cfg 2008-11-19 22:52 --------- d-----w c:\program files\SAGEM 2008-11-18 14:53 --------- d-----w c:\program files\7-Zip 2008-11-17 21:33 --------- d-----w c:\program files\Oxin's Style! 2008-11-17 20:15 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-11-17 20:02 --------- d-----w c:\program files\IDETOOL 2008-11-17 20:01 --------- d-----w c:\program files\VIA 2008-11-17 20:01 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-11-17 19:53 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-11-17 19:53 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2008-11-17 19:52 --------- d-----w c:\program files\Microsoft IntelliType Pro 2008-11-17 19:51 --------- d-----w c:\program files\MSXML 6.0 2008-11-17 19:42 --------- d-----w c:\program files\ma-config.com 2008-11-17 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-11-16 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-16 22:44 --------- d-----w c:\program files\Lavasoft 2008-11-16 22:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-11-16 10:58 --------- d-----w c:\program files\MSXML 4.0 2008-11-14 13:15 --------- d-----w c:\program files\Microsoft.NET 2008-11-14 12:55 --------- d-----w c:\program files\HP 2008-11-14 12:47 --------- d-----w c:\program files\Fichiers communs\HP 2008-11-14 12:46 --------- d-----w c:\program files\Hewlett-Packard 2008-11-14 12:46 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard 2008-11-14 12:44 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard 2008-11-13 18:30 --------- d-----w c:\documents and settings\Maison Botte\Application Data\vlc 2008-11-12 21:06 --------- d-----w c:\program files\Thrustmaster 2008-11-12 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus! 2008-11-12 20:59 --------- d-----w c:\program files\Satsuki Decoder Pack 2008-11-12 20:58 --------- d-----w c:\program files\Intel Desktop Board 2008-11-12 20:31 --------- d-----w c:\program files\Realtek AC97 2008-11-12 20:04 --------- d-----w c:\program files\Java 2008-11-12 19:36 --------- d-----w c:\program files\VIA Technologies, Inc 2008-11-12 19:35 --------- d-----w c:\program files\Realtek Sound Manager 2008-11-12 19:35 --------- d-----w c:\program files\AvRack 2008-11-12 19:30 --------- d-----w c:\program files\Windows Live 2008-11-12 19:30 --------- d-----w c:\program files\MSN Messenger 2008-11-12 19:30 --------- d-----w c:\program files\Messenger Plus! Live 2008-11-12 19:26 --------- d-----w c:\program files\Fichiers communs\Ahead 2008-11-12 19:26 --------- d-----w c:\program files\Ahead 2008-11-12 19:22 --------- d-----w c:\program files\Logitech 2008-11-12 19:22 --------- d-----w c:\program files\Fichiers communs\FotoWire 2008-11-12 19:22 --------- d-----w c:\documents and settings\Maison Botte\Application Data\FotoWire 2008-11-12 19:20 --------- d-----w c:\program files\Fichiers communs\Logitech 2008-11-12 19:12 --------- d-----w c:\program files\Skype 2008-11-12 19:12 --------- d-----w c:\program files\Fichiers communs\Skype 2008-11-12 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-11-12 19:09 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-11-12 19:08 --------- d-----w c:\program files\Alwil Software 2008-11-12 19:07 --------- d-----w c:\program files\VideoLAN 2008-11-12 18:56 --------- d-----w c:\program files\Messager Wanadoo 2008-11-12 18:46 --------- d-----w c:\program files\microsoft frontpage 2008-11-12 18:45 --------- d-----w c:\program files\Services en ligne 2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat . ------- Sigcheck ------- 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\7a1946fba2b8886ae6be37be6d51ae57\tcpip.sys 2006-02-14 20:56 359808 667192a11db19f36624119c0dd4de4f2 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "settings"="c:\windows\mchost.exe" [2008-12-11 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessagerStarter Wanadoo"="c:\progra~1\MESSAG~1\StartMessager.exe" [2003-04-04 32768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-05-27 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-12 136600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016] "PSPAP"="c:\program files\Thrustmaster\FunAccess\PSPAP.exe" [2007-02-02 2990080] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2003-05-23 24576] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2003-05-23 20480] "WOOTASKBARICON"="c:\progra~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 53248] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-11-01 281600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-09 98304] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] "nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "settings"="c:\windows\mchost.exe" [2008-12-11 344064] c:\documents and settings\Maison Botte\Menu D‚marrer\Programmes\D‚marrage\ PowerReg Scheduler.exe [2008-11-28 233472] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-11-19 954475] D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe \"c:\\WINDOWS\\mchost.exe\"" "Userinit"="c:\\WINDOWS\\system32\\userinit.exe,\"c:\\WINDOWS\\mchost.exe\"," [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-07-31 20616] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R0 viadsk;viadsk;c:\windows\system32\DRIVERS\viadsk.sys [2003-06-19 56576] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-11-01 143467] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eef35d7-b0fb-11dd-9aad-4d6564696130}] \Shell\AutoRun\command - e9ehn1m8.com \Shell\explore\Command - e9ehn1m8.com \Shell\open\Command - e9ehn1m8.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ca4b5ac-b4e4-11dd-9ac0-4d6564696130}] \Shell\AutoRun\command - e9ehn1m8.com \Shell\explore\Command - e9ehn1m8.com \Shell\open\Command - e9ehn1m8.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8770aad4-bb09-11dd-bb0f-4d6564696130}] \Shell\AutoRun\command - ipy.cmd \Shell\explore\Command - ipy.cmd \Shell\open\Command - ipy.cmd [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}] rundll32 ckds16.dll,InitModule [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{NQQ5L861-82LC-FV28-BC5R-EK164PT2UCAG}] "c:\windows\mchost.exe" . Contenu du dossier 'Tâches planifiées' 2008-11-18 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56] 2008-11-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 12:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wanadoo.fr uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Envoyer via Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Envoyer via message(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab c:\windows\Downloaded Program Files\hardwaredetection.inf FF - ProfilePath - c:\documents and settings\Maison Botte\Application Data\Mozilla\Firefox\Profiles\on84c6p2.default\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPandBr.dll . ************************************************************************** disk not found C:\ please note that you need administrator rights to perform deep scan Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\program files\Logitech\Video\FxSvr2.exe c:\windows\system32\rundll32.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . Heure de fin: 2008-12-29 18:35:00 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-29 17:34:55 Avant-CF: 81 092 698 112 octets libres Après-CF: 81,423,286,272 octets libres 314 --- E O F --- 2008-12-21 11:49:56
  3. djidane
    Bonsoir à tous , j'ai été recemment infecté pas plusieurs trojan , qui me ralentissent le PC et qui me font apparaitre des pop-up... Voilà , si quelque pouvait m'aider ^^ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:36, on 29/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\MESSAG~1\StartMessager.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Thrustmaster\FunAccess\PSPAP.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\windsvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.exe L:\Mes documents\Images et autres\Bazar\Utilitaire\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\mchost.exe" F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\mchost.exe", O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Microsoft copyright - {32C620D6-CC10-4e6a-9715-BACACD5B0E61} - ckds16.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\khfDspPj.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PSPAP] C:\Program Files\Thrustmaster\FunAccess\PSPAP.exe min O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [windsvc] windsvc.exe O4 - HKLM\..\Run: [AutoUpdate_1] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [settings] C:\WINDOWS\mchost.exe O4 - HKCU\..\Policies\Explorer\Run: [settings] C:\WINDOWS\mchost.exe O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_4_0.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931 O17 - HKLM\System\CCS\Services\Tcpip\..\{372487D2-0708-43A4-A7B0-C23CF98F861A}: NameServer = 80.10.246.130 81.253.149.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{372487D2-0708-43A4-A7B0-C23CF98F861A}: NameServer = 80.10.246.130 81.253.149.10 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O20 - Winlogon Notify: awttutTM - awttutTM.dll (file missing) O20 - Winlogon Notify: geBuSIyV - geBuSIyV.dll (file missing) O20 - Winlogon Notify: khfDspPj - C:\WINDOWS\SYSTEM32\khfDspPj.dll O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - ckds16.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10407 bytes
×
×
  • Créer...