Aller au contenu

makinov

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    4

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par makinov

  1. makinov
    Restauration système fonctionne à nouveau. Merci.[/color] Aucune infection selon le scan Kaspersky, ce qui n'est pas vraiment étonnant, puisque j'avais mis en quarantaine dans avast un certain nombre de virus (si nécessaire voir 'http://screencast.com/t/ZDysL3D3' - désolé, je ne suis pas familier des captures d'écran et ceci est ma première expérience de posts) et procédé à la suppression de deux infections dans Malewarebytes Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1434 Windows 5.1.2600 Service Pack 3 21/01/2009 16:09:45 mbam-log-2009-01-21 (16-09-45).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 123508 Temps écoulé: 1 hour(s), 31 minute(s), 19 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{C99FC601-9195-45D9-99B4-B165C7973F04}\RP11\A0010367.rbf (Trojan.Agent) -> Quarantined and deleted successfully. Les symptomes suivants subsistent: pas de lecteur de CD/DVD (D:), pas de possibilité de clic droit dans les programmes de tous les programmes. Pour (D:), voici ce qu'indique l'observateur d'évènements: Type de l'événement : Erreur Source de l'événement : Service Control Manager Catégorie de l'événement : Aucun ID de l'événement : 7026 Date : 24/01/2009 Heure : 18:46:26 Utilisateur : N/A Ordinateur : LENOVO Description : Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : Cdrom Imapi Bonne soirée et encore merci.
  2. makinov
    Bonjour et merci pour le soutien. Résultats de la procédure suivie (sans effet sur les symptomes précédemment mentionnés): ComboFix 09-01-20.05 - Georges Ivanoff 2009-01-24 10:17:54.5 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.787 [GMT 1:00] Lancé depuis: c:\documents and settings\Georges Ivanoff\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Georges Ivanoff\Mes documents\CFScript.txt AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning enabled* (Updated) FILE :: E:\xih9.cmd . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 )))))))))))))))))))))))))))))))))))) . 2009-01-19 17:58 . 2009-01-19 18:35 <REP> d-------- c:\program files\ma-config.com 2009-01-19 17:58 . 2009-01-19 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com 2009-01-16 07:53 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll 2009-01-15 20:18 . 2008-04-14 03:33 571,392 --a------ c:\windows\system32\TINTLGNT.IME 2009-01-15 20:18 . 2008-04-14 03:33 571,392 --a------ c:\windows\system32\dllcache\tintlgnt.ime 2009-01-15 20:18 . 2004-08-03 21:32 455,168 --a------ c:\windows\system32\dllcache\tintsetp.exe 2009-01-15 20:18 . 2008-04-14 03:31 173,568 --a------ c:\windows\system32\dllcache\chtskf.dll 2009-01-15 20:18 . 2008-04-14 03:31 97,792 --a------ c:\windows\system32\dllcache\chtmbx.dll 2009-01-15 20:18 . 2008-04-14 03:31 56,320 --a------ c:\windows\system32\dllcache\chtskdic.dll 2009-01-15 20:18 . 2004-08-03 21:32 44,032 --a------ c:\windows\system32\dllcache\tintlphr.exe 2009-01-15 20:18 . 2008-04-14 03:32 15,872 --a------ c:\windows\system32\dllcache\padrs404.dll 2009-01-15 20:18 . 2008-04-14 03:32 10,240 --a------ c:\windows\system32\dllcache\tmigrate.dll 2009-01-14 15:32 . 2008-12-11 11:57 333,952 --a------ c:\windows\system32\drivers\srv.sys 2009-01-13 19:37 . 2009-01-13 19:37 <REP> d-------- C:\Access Connections 2009-01-13 12:10 . 2009-01-13 19:37 <REP> d-------- c:\program files\Microsoft Bootvis 2008-12-30 09:34 . 2008-12-30 09:34 <REP> d-------- c:\program files\Siber Systems 2008-12-30 09:34 . 2008-12-30 09:34 <REP> d-------- c:\documents and settings\All Users\Application Data\RoboForm 2008-12-28 13:36 . 2008-12-28 13:36 603,904 --a------ c:\windows\system32\TUProgSt.exe 2008-12-28 13:36 . 2008-12-28 13:36 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-12-28 13:36 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 15:54 --------- d-----w c:\program files\SFRWidget 2009-01-21 18:36 --------- d-----w c:\program files\TuneUp Utilities 2009 2009-01-19 17:37 --------- d-----w c:\program files\CCleaner 2009-01-15 22:27 --------- d-----w c:\program files\Fichiers communs\Apple 2009-01-15 00:53 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Skype 2009-01-15 00:16 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\skypePM 2009-01-12 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\PCDr 2008-12-22 20:52 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Canon 2008-12-20 12:19 --------- d-----w c:\program files\ThinkVantage 2008-12-18 19:41 --------- d-----w c:\program files\PCDR5 2008-12-15 10:57 --------- d-----w c:\program files\Nokia 2008-12-15 10:57 --------- d-----w c:\program files\Fichiers communs\PCSuite 2008-12-15 10:57 --------- d-----w c:\program files\Fichiers communs\Nokia 2008-12-15 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-12-11 13:25 --------- d-----w c:\program files\Lenovo 2008-12-11 13:25 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Downloaded Installations 2008-12-09 21:17 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\U3 2008-12-05 16:55 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2008-12-05 16:10 --------- d-----w c:\program files\Secunia 2008-12-05 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-05 13:17 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-04 15:48 --------- d-----w c:\program files\Java 2008-12-04 15:39 --------- d-----w c:\program files\Sun 2008-12-04 15:27 --------- d-----w c:\program files\Power Defragmenter 2008-12-04 10:31 --------- d-----w c:\program files\Application Compatibility Toolkit 2008-11-29 11:58 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-08-21 02:43 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-21_16.56.16.51 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-22 10:32:58 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe + 2009-01-22 10:32:58 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2009-01-22 10:32:58 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2009-01-22 10:32:58 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-01-22 10:32:58 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-01-22 10:32:58 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe + 2009-01-24 09:25:21 16,384 ----atw c:\windows\temp\Perflib_Perfdata_204.dat + 2009-01-24 09:25:25 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7f0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-03 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Georges Ivanoff\Menu D‚marrer\Programmes\D‚marrage\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 15:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ ACGina scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Georges Ivanoff^Menu Démarrer^Programmes^Démarrage^Secunia PSI (RC3).lnk] path=c:\documents and settings\Georges Ivanoff\Menu Démarrer\Programmes\Démarrage\Secunia PSI (RC3).lnk backup=c:\windows\pss\Secunia PSI (RC3).lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Georges Ivanoff^Menu Démarrer^Programmes^Démarrage^VOIP321.lnk] path=c:\documents and settings\Georges Ivanoff\Menu Démarrer\Programmes\Démarrage\VOIP321.lnk backup=c:\windows\pss\VOIP321.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] --a------ 2008-09-26 08:55 458752 c:\progra~1\THINKV~2\AMSG\Amsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --------- 2008-09-25 00:47 208896 c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] --a--c--- 2008-06-13 19:08 3073336 c:\program files\Lenovo\Client Security Solution\cssauth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a--c--- 2005-08-01 04:10 122940 c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] -----c--- 2008-06-05 01:36 242976 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-07-27 15:50 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2005-02-16 15:15 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker] --------- 2008-06-09 03:00 124248 c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] --------- 2008-06-09 03:00 165208 c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hsc--- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-10-02 07:00 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a--c--- 2005-10-28 19:08 335872 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR] --------- 2008-09-25 00:47 331776 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a--c--- 2005-05-06 14:06 716800 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2005-05-20 08:11 925696 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahsc--- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-12-04 16:38 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a--c--- 2008-07-03 15:10 1323008 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a--c--- 2008-07-03 15:17 118784 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a--c--- 2008-08-03 09:26 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] -----c--- 2008-07-31 03:01 60192 c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER] --a--c--- 2007-01-09 15:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --a------ 2008-08-20 23:04 487424 c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a--c--- 2006-11-03 18:20 866584 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] -----c--- 2006-11-03 08:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a--c--- 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a--c--- 2005-10-17 00:11 65536 c:\windows\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a--c--- 2008-06-06 17:21 181536 c:\windows\system32\TpShocks.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "LPMailChecker"=c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-01-21 21512] R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-05-14 114728] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-05-14 19496] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-26 111184] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-06-28 4442] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 37312] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-26 20560] R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2008-07-31 94208] R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-28 603904] R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-01-21 26248] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808] --- Autres Services/Pilotes en mémoire --- *Deregistered* - uphcleanhlp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8530898-c620-11dd-9a82-00130230fa8b}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-01-24 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04] 2009-01-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-12-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-10-31 19:14] 2008-10-19 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 00:47] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.fr/webhp?rls=ig uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/fr/fr uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Envoyer à &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll FF - ProfilePath - c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig FF - component: c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - plugin: c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 600000 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: network.http.pipelining - false FF - user.js: network.http.proxy.pipelining - false FF - user.js: network.http.pipelining.maxrequests - 4 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 10:25:30 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3203094012-3467496672-1681790366-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1304) c:\windows\system32\Ati2evxx.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll c:\windows\system32\LMIinit.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\windows\system32\dllhost.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe c:\program files\UPHClean\uphclean.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\ZOOM\TpScrex.exe . ************************************************************************** . Heure de fin: 2009-01-24 10:29:04 - La machine a redémarré [Georges Ivanoff] ComboFix-quarantined-files.txt 2009-01-24 09:29:01 ComboFix2.txt 2009-01-23 19:33:33 ComboFix3.txt 2009-01-21 15:57:13 Avant-CF: 75 747 368 960 octets libres Après-CF: 75,688,632,320 octets libres 316 --- E O F --- 2009-01-23 07:50:45
  3. makinov
    Bonsoir, Un scan complet d'avast et mise en quarantaine des fichiers infectés indique la présence des virus suivants win32:Gamona win32:FaRoot win32:Fasec Je ne vois plus (D:) dans Poste de travail Je ne peux plus restaurer le système Pas de réaction au clic droit dans les Tous les programmes Ci-dessous l'analyse de ComboFix Merci de l'aide que vous pourrez m'apporter, ne voulant pas continuer seul avec ComboFix. ComboFix 09-01-20.05 - Georges Ivanoff 2009-01-21 16:50:01.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.556 [GMT 1:00] Lancé depuis: c:\documents and settings\Georges Ivanoff\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090121-0] *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . ADS - svchost.exe: deleted 88 bytes in 2 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\windows\system32\Cache . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 )))))))))))))))))))))))))))))))))))) . 2009-01-19 17:58 . 2009-01-19 18:35 <REP> d-------- c:\program files\ma-config.com 2009-01-19 17:58 . 2009-01-19 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com 2009-01-16 07:53 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll 2009-01-15 20:18 . 2008-04-14 03:33 571,392 --a------ c:\windows\system32\TINTLGNT.IME 2009-01-15 20:18 . 2008-04-14 03:33 571,392 --a------ c:\windows\system32\dllcache\tintlgnt.ime 2009-01-15 20:18 . 2004-08-03 21:32 455,168 --a------ c:\windows\system32\dllcache\tintsetp.exe 2009-01-15 20:18 . 2008-04-14 03:31 173,568 --a------ c:\windows\system32\dllcache\chtskf.dll 2009-01-15 20:18 . 2008-04-14 03:31 97,792 --a------ c:\windows\system32\dllcache\chtmbx.dll 2009-01-15 20:18 . 2008-04-14 03:31 56,320 --a------ c:\windows\system32\dllcache\chtskdic.dll 2009-01-15 20:18 . 2004-08-03 21:32 44,032 --a------ c:\windows\system32\dllcache\tintlphr.exe 2009-01-15 20:18 . 2008-04-14 03:32 15,872 --a------ c:\windows\system32\dllcache\padrs404.dll 2009-01-15 20:18 . 2008-04-14 03:32 10,240 --a------ c:\windows\system32\dllcache\tmigrate.dll 2009-01-14 15:32 . 2008-12-11 11:57 333,952 --a------ c:\windows\system32\drivers\srv.sys 2009-01-13 19:37 . 2009-01-13 19:37 <REP> d-------- C:\Access Connections 2009-01-13 12:10 . 2009-01-13 19:37 <REP> d-------- c:\program files\Microsoft Bootvis 2008-12-30 09:34 . 2008-12-30 09:34 <REP> d-------- c:\program files\Siber Systems 2008-12-30 09:34 . 2008-12-30 09:34 <REP> d-------- c:\documents and settings\All Users\Application Data\RoboForm 2008-12-28 13:36 . 2008-12-28 13:36 603,904 --a------ c:\windows\system32\TUProgSt.exe 2008-12-28 13:36 . 2008-12-28 13:36 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-12-28 13:36 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 17:42 --------- d-----w c:\program files\TuneUp Utilities 2009 2009-01-19 17:37 --------- d-----w c:\program files\CCleaner 2009-01-15 22:27 --------- d-----w c:\program files\Fichiers communs\Apple 2009-01-15 00:53 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Skype 2009-01-15 00:16 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\skypePM 2009-01-12 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\PCDr 2008-12-22 20:52 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Canon 2008-12-20 12:19 --------- d-----w c:\program files\ThinkVantage 2008-12-18 19:41 --------- d-----w c:\program files\PCDR5 2008-12-15 10:57 --------- d-----w c:\program files\Nokia 2008-12-15 10:57 --------- d-----w c:\program files\Fichiers communs\PCSuite 2008-12-15 10:57 --------- d-----w c:\program files\Fichiers communs\Nokia 2008-12-15 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-12-11 13:25 --------- d-----w c:\program files\Lenovo 2008-12-11 13:25 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Downloaded Installations 2008-12-09 21:17 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\U3 2008-12-05 16:55 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2008-12-05 16:10 --------- d-----w c:\program files\Secunia 2008-12-05 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-05 13:17 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-04 15:48 --------- d-----w c:\program files\Java 2008-12-04 15:39 --------- d-----w c:\program files\Sun 2008-12-04 15:27 --------- d-----w c:\program files\Power Defragmenter 2008-12-04 10:31 --------- d-----w c:\program files\Application Compatibility Toolkit 2008-11-29 11:58 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-08-21 02:43 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Georges Ivanoff\Menu D‚marrer\Programmes\D‚marrage\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 15:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ ACGina scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Georges Ivanoff^Menu Démarrer^Programmes^Démarrage^Secunia PSI (RC3).lnk] path=c:\documents and settings\Georges Ivanoff\Menu Démarrer\Programmes\Démarrage\Secunia PSI (RC3).lnk backup=c:\windows\pss\Secunia PSI (RC3).lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Georges Ivanoff^Menu Démarrer^Programmes^Démarrage^VOIP321.lnk] path=c:\documents and settings\Georges Ivanoff\Menu Démarrer\Programmes\Démarrage\VOIP321.lnk backup=c:\windows\pss\VOIP321.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] --a------ 2008-09-26 08:55 458752 c:\progra~1\THINKV~2\AMSG\Amsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --------- 2008-09-25 00:47 208896 c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] --a--c--- 2008-06-13 19:08 3073336 c:\program files\Lenovo\Client Security Solution\cssauth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a--c--- 2005-08-01 04:10 122940 c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] -----c--- 2008-06-05 01:36 242976 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-07-27 15:50 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2005-02-16 15:15 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker] --------- 2008-06-09 03:00 124248 c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] --------- 2008-06-09 03:00 165208 c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hsc--- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-10-02 07:00 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a--c--- 2005-10-28 19:08 335872 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR] --------- 2008-09-25 00:47 331776 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a--c--- 2005-05-06 14:06 716800 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2005-05-20 08:11 925696 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahsc--- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-12-04 16:38 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a--c--- 2008-07-03 15:10 1323008 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a--c--- 2008-07-03 15:17 118784 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a--c--- 2008-08-03 09:26 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] -----c--- 2008-07-31 03:01 60192 c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER] --a--c--- 2007-01-09 15:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --a------ 2008-08-20 23:04 487424 c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a--c--- 2006-11-03 18:20 866584 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] -----c--- 2006-11-03 08:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a--c--- 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a--c--- 2005-10-17 00:11 65536 c:\windows\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a--c--- 2008-06-06 17:21 181536 c:\windows\system32\TpShocks.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "LPMailChecker"=c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-01-21 21512] R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-05-14 114728] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-05-14 19496] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-26 111184] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-06-28 4442] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 37312] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-26 20560] R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2008-07-31 94208] R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-28 603904] R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-01-21 26248] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808] --- Autres Services/Pilotes en mémoire --- *Deregistered* - uphcleanhlp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26af629e-8cbd-11dd-99f7-00130230fa8b}] \Shell\AutoRun\command - msrdrv.exe -flash [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{335031c3-7a94-11dd-99b5-00130230fa8b}] \Shell\AutoRun\command - E:\xih9.cmd \Shell\explore\Command - E:\xih9.cmd \Shell\open\Command - E:\xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8530898-c620-11dd-9a82-00130230fa8b}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-01-21 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04] 2009-01-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-12-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-10-31 19:14] 2008-10-19 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 00:47] . - - - - ORPHELINS SUPPRIMES - - - - Notify-NavLogon - (no file) MSConfigStartUp-ACTray - c:\program files\ThinkPad\ConnectUtilities\ACTray.exe MSConfigStartUp-ACWLIcon - c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-AwaySch - c:\program files\Lenovo\AwayTask\AwaySch.EXE MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe MSConfigStartUp-SSBkgdUpdate - c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.fr/webhp?rls=ig uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/fr/fr uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Envoyer à &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll FF - ProfilePath - c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig FF - component: c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - plugin: c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 600000 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: network.http.pipelining - false FF - user.js: network.http.proxy.pipelining - false FF - user.js: network.http.pipelining.maxrequests - 4 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-21 16:53:18 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3203094012-3467496672-1681790366-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1108) c:\windows\system32\Ati2evxx.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll c:\windows\system32\LMIinit.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\windows\system32\dllhost.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe c:\program files\UPHClean\uphclean.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\ZOOM\TpScrex.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-01-21 16:57:12 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-21 15:57:09 Avant-CF: 75 765 129 216 octets libres Après-CF: 75,827,318,784 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NOGUIBOOT 332 --- E O F --- 2009-01-19 16:53:35
  4. makinov
    Bonsoir, Pouvez-vous, s'il vous plait, m'indiquer la méthode à suivre pour nettoyer mon ordinateur. Ci-dessous un rapport Combofix. Merci d'avance, makinov ComboFix 09-01-20.05 - Georges Ivanoff 2009-01-21 16:50:01.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.556 [GMT 1:00] Lancé depuis: c:\documents and settings\Georges Ivanoff\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090121-0] *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . ADS - svchost.exe: deleted 88 bytes in 2 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\windows\system32\Cache . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 )))))))))))))))))))))))))))))))))))) . 2009-01-19 17:58 . 2009-01-19 18:35 <REP> d-------- c:\program files\ma-config.com 2009-01-19 17:58 . 2009-01-19 17:58 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com 2009-01-16 07:53 . 2008-10-16 02:01 1,499,648 --------- c:\windows\system32\dllcache\shdocvw.dll 2009-01-15 20:18 . 2008-04-14 03:33 571,392 --a------ c:\windows\system32\TINTLGNT.IME 2009-01-15 20:18 . 2008-04-14 03:33 571,392 --a------ c:\windows\system32\dllcache\tintlgnt.ime 2009-01-15 20:18 . 2004-08-03 21:32 455,168 --a------ c:\windows\system32\dllcache\tintsetp.exe 2009-01-15 20:18 . 2008-04-14 03:31 173,568 --a------ c:\windows\system32\dllcache\chtskf.dll 2009-01-15 20:18 . 2008-04-14 03:31 97,792 --a------ c:\windows\system32\dllcache\chtmbx.dll 2009-01-15 20:18 . 2008-04-14 03:31 56,320 --a------ c:\windows\system32\dllcache\chtskdic.dll 2009-01-15 20:18 . 2004-08-03 21:32 44,032 --a------ c:\windows\system32\dllcache\tintlphr.exe 2009-01-15 20:18 . 2008-04-14 03:32 15,872 --a------ c:\windows\system32\dllcache\padrs404.dll 2009-01-15 20:18 . 2008-04-14 03:32 10,240 --a------ c:\windows\system32\dllcache\tmigrate.dll 2009-01-14 15:32 . 2008-12-11 11:57 333,952 --a------ c:\windows\system32\drivers\srv.sys 2009-01-13 19:37 . 2009-01-13 19:37 <REP> d-------- C:\Access Connections 2009-01-13 12:10 . 2009-01-13 19:37 <REP> d-------- c:\program files\Microsoft Bootvis 2008-12-30 09:34 . 2008-12-30 09:34 <REP> d-------- c:\program files\Siber Systems 2008-12-30 09:34 . 2008-12-30 09:34 <REP> d-------- c:\documents and settings\All Users\Application Data\RoboForm 2008-12-28 13:36 . 2008-12-28 13:36 603,904 --a------ c:\windows\system32\TUProgSt.exe 2008-12-28 13:36 . 2008-12-28 13:36 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-12-28 13:36 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 17:42 --------- d-----w c:\program files\TuneUp Utilities 2009 2009-01-19 17:37 --------- d-----w c:\program files\CCleaner 2009-01-15 22:27 --------- d-----w c:\program files\Fichiers communs\Apple 2009-01-15 00:53 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Skype 2009-01-15 00:16 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\skypePM 2009-01-12 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\PCDr 2008-12-22 20:52 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Canon 2008-12-20 12:19 --------- d-----w c:\program files\ThinkVantage 2008-12-18 19:41 --------- d-----w c:\program files\PCDR5 2008-12-15 10:57 --------- d-----w c:\program files\Nokia 2008-12-15 10:57 --------- d-----w c:\program files\Fichiers communs\PCSuite 2008-12-15 10:57 --------- d-----w c:\program files\Fichiers communs\Nokia 2008-12-15 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-12-11 13:25 --------- d-----w c:\program files\Lenovo 2008-12-11 13:25 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\Downloaded Installations 2008-12-09 21:17 --------- d-----w c:\documents and settings\Georges Ivanoff\Application Data\U3 2008-12-05 16:55 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations 2008-12-05 16:10 --------- d-----w c:\program files\Secunia 2008-12-05 13:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-05 13:17 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-04 15:48 --------- d-----w c:\program files\Java 2008-12-04 15:39 --------- d-----w c:\program files\Sun 2008-12-04 15:27 --------- d-----w c:\program files\Power Defragmenter 2008-12-04 10:31 --------- d-----w c:\program files\Application Compatibility Toolkit 2008-11-29 11:58 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-08-21 02:43 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Georges Ivanoff\Menu D‚marrer\Programmes\D‚marrage\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-03-17 15:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ ACGina scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Georges Ivanoff^Menu Démarrer^Programmes^Démarrage^Secunia PSI (RC3).lnk] path=c:\documents and settings\Georges Ivanoff\Menu Démarrer\Programmes\Démarrage\Secunia PSI (RC3).lnk backup=c:\windows\pss\Secunia PSI (RC3).lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Georges Ivanoff^Menu Démarrer^Programmes^Démarrage^VOIP321.lnk] path=c:\documents and settings\Georges Ivanoff\Menu Démarrer\Programmes\Démarrage\VOIP321.lnk backup=c:\windows\pss\VOIP321.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] --a------ 2008-09-26 08:55 458752 c:\progra~1\THINKV~2\AMSG\Amsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --------- 2008-09-25 00:47 208896 c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] --a--c--- 2008-06-13 19:08 3073336 c:\program files\Lenovo\Client Security Solution\cssauth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a--c--- 2005-08-01 04:10 122940 c:\windows\system32\DLA\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] -----c--- 2008-06-05 01:36 242976 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-07-27 15:50 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2005-02-16 15:15 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker] --------- 2008-06-09 03:00 124248 c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] --------- 2008-06-09 03:00 165208 c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] ---hsc--- 2008-04-14 03:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-10-02 07:00 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a--c--- 2005-10-28 19:08 335872 c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR] --------- 2008-09-25 00:47 331776 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a--c--- 2005-05-06 14:06 716800 c:\program files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a--c--- 2005-05-20 08:11 925696 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahsc--- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-12-04 16:38 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a--c--- 2008-07-03 15:10 1323008 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a--c--- 2008-07-03 15:17 118784 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a--c--- 2008-08-03 09:26 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] -----c--- 2008-07-31 03:01 60192 c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER] --a--c--- 2007-01-09 15:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --a------ 2008-08-20 23:04 487424 c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a--c--- 2006-11-03 18:20 866584 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] -----c--- 2006-11-03 08:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a--c--- 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a--c--- 2005-10-17 00:11 65536 c:\windows\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a--c--- 2008-06-06 17:21 181536 c:\windows\system32\TpShocks.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "LPMailChecker"=c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-01-21 21512] R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-05-14 114728] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-05-14 19496] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-26 111184] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-06-28 4442] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 37312] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-26 20560] R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2008-07-31 94208] R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-28 603904] R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-01-21 26248] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808] --- Autres Services/Pilotes en mémoire --- *Deregistered* - uphcleanhlp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26af629e-8cbd-11dd-99f7-00130230fa8b}] \Shell\AutoRun\command - msrdrv.exe -flash [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{335031c3-7a94-11dd-99b5-00130230fa8b}] \Shell\AutoRun\command - E:\xih9.cmd \Shell\explore\Command - E:\xih9.cmd \Shell\open\Command - E:\xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8530898-c620-11dd-9a82-00130230fa8b}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-01-21 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04] 2009-01-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-12-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2008-10-31 19:14] 2008-10-19 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 00:47] . - - - - ORPHELINS SUPPRIMES - - - - Notify-NavLogon - (no file) MSConfigStartUp-ACTray - c:\program files\ThinkPad\ConnectUtilities\ACTray.exe MSConfigStartUp-ACWLIcon - c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe MSConfigStartUp-AwaySch - c:\program files\Lenovo\AwayTask\AwaySch.EXE MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe MSConfigStartUp-SSBkgdUpdate - c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.fr/webhp?rls=ig uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/fr/fr uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Envoyer à &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll FF - ProfilePath - c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig FF - component: c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - plugin: c:\documents and settings\Georges Ivanoff\Application Data\Mozilla\Firefox\Profiles\xady14hl.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 600000 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: network.http.pipelining - false FF - user.js: network.http.proxy.pipelining - false FF - user.js: network.http.pipelining.maxrequests - 4 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-21 16:53:18 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3203094012-3467496672-1681790366-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1108) c:\windows\system32\Ati2evxx.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll c:\windows\system32\LMIinit.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\windows\system32\dllhost.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe c:\program files\UPHClean\uphclean.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\ZOOM\TpScrex.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-01-21 16:57:12 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-21 15:57:09 Avant-CF: 75 765 129 216 octets libres Après-CF: 75,827,318,784 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NOGUIBOOT 332 --- E O F --- 2009-01-19 16:53:35
×
×
  • Créer...