Aller au contenu

Djé11

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    36

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Djé11

  1. Djé11
    Bonsoir, Depuis quelques jours, mon PC s'éteint tout seul, comme un grand, en prenant le temps de fermer la session windows. Je n'ai pas trouvé d'où cela venait jusqu'à ce que Antivir m'annonce que TR/Crypt.XPACK.Gen3 me faisait des misères. Je suppose que ceci explique cela. Évidemment, je n'arrive pas à supprimer ce virus. C'eut été trop facile. Si une bonne âme veut bien me prendre en charge, merci par avance. Ci-joint le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:15:09, on 24/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Garmin\ANT Agent\ANT Agent.exe C:\Program Files\Garmin\gStart.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\World of Warcraft\Wow.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\djé\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Fissa search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe O4 - HKCU\..\Run: [gStart] C:\Program Files\Garmin\gStart.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7856 bytes
  2. Djé11
    Oui, il s'agit de wow! Pour la sauvegarde, j'utilisais le disque externe, et la faisait manuellement. Merci pour tout, je vais installer le pare-feu et me protéger plus sérieusement dorénavant.
  3. Djé11
    Salut Thanos, Voilà, j'ai fait toutes les mises à jour. Le PC fonctionne nickel, et grâce à toi, je n'ai pas eu à tout réinstaller. Un grand grand merci! Dernière petite question, il semble que mon compte pour un jeu en ligne ait été piraté via un keylogger, l'as-tu vu dans les rapports? Est-il supprimé?
  4. Djé11
    Bonsoir, Après un loooooong scan, voici le résultat avec MBAM : Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 4043 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 27/04/2010 21:31:54 mbam-log-2010-04-27 (21-31-54).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|) Elément(s) analysé(s): 514829 Temps écoulé: 1 heure(s), 54 minute(s), 15 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) et le rapport RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by djé at 2010-04-27 21:35:25 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 103 GB (68%) free of 150 GB Total RAM: 2047 MB (24% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:29, on 27/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\djé\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\djé.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5432 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "QuickTime Task"=C:\Program Files\QuickTime\qttask .exe -atboottime [] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-03-15 114688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer" "C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer" "E:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="E:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component" "C:\Program Files\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" ======List of files/folders created in the last 1 months====== 2010-04-27 19:21:19 ----RASHD---- C:\autorun.inf 2010-04-27 19:21:17 ----A---- C:\UsbFix.txt 2010-04-26 23:48:59 ----D---- C:\UsbFix 2010-04-26 22:33:51 ----D---- C:\WINDOWS\temp 2010-04-26 22:33:50 ----A---- C:\ComboFix.txt 2010-04-26 18:44:25 ----A---- C:\Boot.bak 2010-04-26 18:44:18 ----RASHD---- C:\cmdcons 2010-04-26 18:43:14 ----D---- C:\WINDOWS\ERDNT 2010-04-26 18:43:13 ----D---- C:\djé11 2010-04-25 10:22:02 ----D---- C:\!KillBox 2010-04-25 09:58:40 ----D---- C:\Program Files\Unlocker 2010-04-25 00:19:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-04-25 00:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2010-04-25 00:19:11 ----A---- C:\WINDOWS\imsins.BAK 2010-04-25 00:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-04-24 23:40:05 ----A---- C:\WINDOWS\ntbtlog.txt 2010-04-24 23:26:18 ----D---- C:\Program Files\CCleaner 2010-04-24 22:09:43 ----D---- C:\Program Files\a-squared Free 2010-04-24 08:56:50 ----D---- C:\rsit 2010-04-24 00:14:44 ----D---- C:\WINDOWS\system32\XPSViewer 2010-04-24 00:14:41 ----D---- C:\Program Files\MSBuild 2010-04-24 00:14:40 ----D---- C:\WINDOWS\system32\en-US 2010-04-24 00:14:37 ----D---- C:\Program Files\Reference Assemblies 2010-04-24 00:14:18 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2010-04-24 00:14:18 ----N---- C:\WINDOWS\system32\prntvpt.dll 2010-04-24 00:14:17 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2010-04-23 23:23:31 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2010-04-23 22:49:08 ----A---- C:\WINDOWS\system32\wmpns.dll 2010-04-23 22:25:10 ----D---- C:\Program Files\Sophos 2010-04-23 22:15:25 ----D---- C:\Program Files\ZHPDiag 2010-04-23 19:23:09 ----D---- C:\Program Files\Spyware Doctor 2010-04-23 19:22:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-04-23 19:18:46 ----D---- C:\Program Files\Avira 2010-04-23 19:18:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-04-23 09:02:26 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-04-23 00:16:22 ----D---- C:\WINDOWS\system32\PreInstall 2010-04-23 00:16:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2010-04-23 00:16:04 ----N---- C:\WINDOWS\system32\spmsg.dll 2010-04-23 00:16:03 ----HD---- C:\WINDOWS\$hf_mig$ 2010-04-21 12:43:12 ----D---- C:\Program Files\Alwil Software 2010-04-21 12:43:12 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software 2010-04-21 12:12:14 ----D---- C:\WINDOWS\system32\appmgmt 2010-04-21 12:11:46 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2010-04-21 11:57:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-21 11:48:55 ----D---- C:\Program Files\Trend Micro 2010-04-21 10:53:25 ----A---- C:\WINDOWS\wininit.ini 2010-04-21 00:02:28 ----A---- C:\WINDOWS\lsrslt.ini 2010-04-20 22:43:13 ----A---- C:\tujserrew.bat 2010-04-20 22:39:41 ----D---- C:\Program Files\eMule 2010-04-20 22:36:05 ----D---- C:\WINDOWS\Sun 2010-04-20 22:34:38 ----D---- C:\Program Files\Autopano Pro 2010-04-12 18:54:07 ----D---- C:\Program Files\ArchiCAD 12 2010-04-12 18:52:35 ----D---- C:\Documents and Settings\djé\Application Data\Graphisoft 2010-04-12 18:50:32 ----A---- C:\WINDOWS\system32\javaws.exe 2010-04-12 18:50:32 ----A---- C:\WINDOWS\system32\javaw.exe 2010-04-12 18:50:32 ----A---- C:\WINDOWS\system32\java.exe 2010-04-12 18:50:07 ----D---- C:\Program Files\Java 2010-04-12 18:50:05 ----D---- C:\Program Files\Fichiers communs\Java 2010-04-12 18:49:38 ----D---- C:\Documents and Settings\djé\Application Data\Sun 2010-04-10 12:13:52 ----D---- C:\Documents and Settings\djé\Application Data\FileZilla 2010-04-06 23:21:06 ----D---- C:\Program Files\Canon 2010-04-06 23:20:38 ----D---- C:\Program Files\Fichiers communs\Canon ======List of files/folders modified in the last 1 months====== 2010-04-27 21:33:18 ----D---- C:\WINDOWS\Prefetch 2010-04-27 19:22:27 ----D---- C:\WINDOWS 2010-04-27 19:22:20 ----SHD---- C:\System Volume Information 2010-04-27 19:22:17 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-27 07:33:59 ----D---- C:\Program Files\Mozilla Firefox 2010-04-27 00:04:21 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-26 22:33:52 ----D---- C:\WINDOWS\system32\drivers 2010-04-26 22:30:57 ----A---- C:\WINDOWS\system.ini 2010-04-26 22:29:44 ----D---- C:\WINDOWS\system32\config 2010-04-26 22:28:28 ----D---- C:\WINDOWS\system32 2010-04-26 22:28:28 ----D---- C:\WINDOWS\AppPatch 2010-04-26 22:28:25 ----D---- C:\Program Files\Fichiers communs 2010-04-26 22:26:34 ----D---- C:\Program Files\QuickTime 2010-04-26 19:01:02 ----SD---- C:\WINDOWS\Tasks 2010-04-26 18:57:08 ----RD---- C:\Program Files 2010-04-26 18:53:25 ----D---- C:\WINDOWS\system32\Restore 2010-04-26 18:44:25 ----RASH---- C:\boot.ini 2010-04-25 08:13:43 ----D---- C:\WINDOWS\Microsoft.NET 2010-04-25 08:13:37 ----RSD---- C:\WINDOWS\assembly 2010-04-25 08:07:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-25 08:06:25 ----HD---- C:\WINDOWS\inf 2010-04-25 00:21:33 ----SHD---- C:\WINDOWS\Installer 2010-04-25 00:21:33 ----D---- C:\Config.Msi 2010-04-25 00:21:04 ----D---- C:\WINDOWS\WinSxS 2010-04-25 00:19:43 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-25 00:19:36 ----D---- C:\WINDOWS\system32\CatRoot 2010-04-24 23:28:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-24 23:28:11 ----D---- C:\WINDOWS\Minidump 2010-04-24 23:28:11 ----D---- C:\WINDOWS\Debug 2010-04-24 00:14:39 ----RSD---- C:\WINDOWS\Fonts 2010-04-24 00:14:26 ----D---- C:\WINDOWS\system32\spool 2010-04-24 00:12:55 ----D---- C:\WINDOWS\system32\mui 2010-04-24 00:12:55 ----D---- C:\Program Files\Internet Explorer 2010-04-23 22:52:26 ----D---- C:\Program Files\Messenger 2010-04-23 22:50:36 ----D---- C:\Program Files\Movie Maker 2010-04-23 22:49:19 ----D---- C:\Program Files\Outlook Express 2010-04-23 19:30:40 ----D---- C:\Documents and Settings 2010-04-23 08:58:50 ----D---- C:\WINDOWS\system32\wbem 2010-04-22 09:13:51 ----D---- C:\WINDOWS\ShellNew 2010-04-21 12:16:22 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-04-21 12:16:03 ----D---- C:\WINDOWS\twain_32 2010-04-21 12:13:44 ----D---- C:\Documents and Settings\All Users\Application Data\HP 2010-04-21 12:12:24 ----D---- C:\Program Files\HP 2010-04-21 12:11:59 ----D---- C:\WINDOWS\SoftwareDistribution 2010-04-21 12:11:56 ----D---- C:\WINDOWS\Help 2010-04-21 12:07:22 ----D---- C:\WINDOWS\Registration 2010-04-11 11:43:26 ----D---- C:\Program Files\World of Warcraft 2010-04-10 12:14:14 ----D---- C:\Program Files\FileZilla FTP Client ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-04-23 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-04-23 56816] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-12-20 37376] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-15 1986560] R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904] R3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 catchme;catchme; \??\C:\djé112114d\catchme.sys [] S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys [] S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-04-15 1872320] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-04-23 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-23 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-15 450560] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-03-22 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-18 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- J'ai commencé à lire les posts sur les méthodes de protection, il faut que je fasse le tri parmi tout ce que j'ai installé pour essayer de me débarrasser du virus.
  5. Djé11
    Génial, je fais le scan ce soir après le boulot et je te dis si c'est bon. Merci mille fois pour ton aide et le temps consacré.
  6. Djé11
    Re, Voici le rapport : ############################## | UsbFix V6.109 | User : djé (Administrateurs) # SCHNOUF Update on 26/04/2010 by El Desaparecido , C_XX & Chimay8 Start at: 23:49:55 | 26/04/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Core2 Duo CPU E6550 @ 2.33GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 6.0.2900.5512 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ] A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 146,49 Go (100 Go free) [D1] # NTFS D:\ -> Disque fixe local # 319,27 Go (87,87 Go free) [D1] # NTFS E:\ -> Disque fixe local # 465,75 Go (94,78 Go free) [D2] # NTFS F:\ -> Disque fixe local # 465,76 Go (234,04 Go free) [schnouf11] # NTFS Z:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS ################## | Elements infectieux | C:\Program Files\System F:\winamp_cache_0001.xml ################## | Registre | [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné ! ################## | ! Fin du rapport # UsbFix V6.109 ! | A ce stade, le ou les virus ont été effacés?
  7. Djé11
    Bonsoir, Voici le rapport : ComboFix 10-04-26.02 - djé 26/04/2010 22:26:35.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1440 [GMT 2:00] Lancé depuis: c:\documents and settings\djé\Bureau\djé11.exe Commutateurs utilisés :: c:\documents and settings\djé\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Legacy_WCDADVFF -------\Service_MEMSWEEP2 -------\Service_wcdadvff ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-26 au 2010-04-26 )))))))))))))))))))))))))))))))))))) . 2010-04-26 16:43 . 2010-04-26 17:01 -------- d-----w- C:\djé11 2010-04-26 10:39 . 2010-04-26 10:39 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-04-25 08:22 . 2010-04-25 08:23 -------- d-----w- C:\!KillBox 2010-04-25 07:58 . 2010-04-25 08:00 -------- d-----w- c:\program files\Unlocker 2010-04-24 21:26 . 2010-04-24 21:26 -------- d-----w- c:\program files\CCleaner 2010-04-24 21:08 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2010-04-24 20:09 . 2010-04-24 20:45 -------- d-----w- c:\program files\a-squared Free 2010-04-24 06:56 . 2010-04-24 06:57 -------- d-----w- C:\rsit 2010-04-23 21:11 . 2010-04-23 21:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2010-04-23 20:49 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-04-23 20:25 . 2010-04-23 20:25 -------- d-----w- c:\program files\Sophos 2010-04-23 20:15 . 2010-04-23 21:38 -------- d-----w- c:\program files\ZHPDiag 2010-04-23 17:23 . 2010-04-24 21:13 -------- d-----w- c:\program files\Spyware Doctor 2010-04-23 17:22 . 2010-04-24 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-23 17:18 . 2010-04-23 17:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-23 17:18 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-23 17:18 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-23 17:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-23 17:18 . 2010-04-23 17:18 -------- d-----w- c:\program files\Avira 2010-04-23 17:18 . 2010-04-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-23 17:06 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-23 17:06 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-23 17:05 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-04-23 07:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-22 22:16 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2010-04-22 22:16 . 2010-04-24 06:54 -------- d--h--w- c:\windows\$hf_mig$ 2010-04-22 16:05 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2010-04-22 16:05 . 2010-02-17 12:07 2192000 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-04-22 16:05 . 2010-02-16 19:06 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-04-22 16:05 . 2010-02-16 19:06 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-04-21 10:43 . 2010-04-21 10:43 -------- d-----w- c:\program files\Alwil Software 2010-04-21 10:43 . 2010-04-21 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-21 09:57 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-21 09:57 . 2010-04-21 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-21 09:57 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 09:48 . 2010-04-21 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-20 20:48 . 2010-04-20 20:48 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-04-20 20:43 . 2010-04-20 20:43 118 ----a-w- C:\tujserrew.bat 2010-04-20 20:41 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-04-20 20:39 . 2010-04-23 20:42 -------- d-----w- c:\program files\eMule 2010-04-20 20:36 . 2010-04-20 20:36 -------- d-----w- c:\windows\Sun 2010-04-20 20:34 . 2010-04-20 20:34 -------- d-----w- c:\program files\Autopano Pro 2010-04-12 16:54 . 2010-04-12 16:57 -------- d-----w- c:\program files\ArchiCAD 12 2010-04-12 16:50 . 2010-04-12 16:50 -------- d-----w- c:\program files\Java 2010-04-12 16:50 . 2010-04-12 16:50 -------- d-----w- c:\program files\Fichiers communs\Java 2010-04-06 21:21 . 2010-04-06 21:21 -------- d-----w- c:\program files\Canon 2010-04-06 21:20 . 2010-04-06 21:20 -------- d-----w- c:\program files\Fichiers communs\Canon . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-26 20:26 . 2010-02-05 23:24 -------- d-----w- c:\program files\QuickTime 2010-04-25 06:07 . 2008-04-14 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-25 06:07 . 2008-04-14 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-24 21:28 . 2010-01-18 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-24 19:10 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys 2010-04-23 22:14 . 2010-04-23 22:14 -------- d-----w- c:\program files\MSBuild 2010-04-23 22:14 . 2010-04-23 22:14 -------- d-----w- c:\program files\Reference Assemblies 2010-04-23 09:45 . 2010-04-23 09:45 112 ----a-w- c:\documents and settings\All Users\Application Data\wa0P06MfJ.dat 2010-04-21 10:13 . 2010-01-25 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-04-21 10:12 . 2010-01-25 20:35 -------- d-----w- c:\program files\HP 2010-04-11 09:43 . 2010-01-18 18:18 -------- d-----w- c:\program files\World of Warcraft 2010-04-10 10:14 . 2010-01-18 21:24 -------- d-----w- c:\program files\FileZilla FTP Client 2010-03-12 11:36 . 2010-03-12 11:35 16826 ---ha-w- c:\program files\README.GID 2010-03-12 11:02 . 2010-03-12 11:01 -------- d-----w- c:\program files\DATA 2010-03-12 11:01 . 2010-03-12 11:01 -------- d-----w- c:\program files\SYSTEM 2010-03-12 11:01 . 2010-03-12 11:01 -------- d-----w- c:\program files\VBA 2010-03-12 11:01 . 2010-03-12 11:01 -------- d-----w- c:\program files\WINDOWS SYSTEM DRIVERS 2010-03-09 11:10 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-26 23:46 . 2010-02-05 23:15 -------- d-----w- c:\program files\Starry Night Pro Plus 6 2010-02-26 05:42 . 2008-04-14 12:00 671232 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:42 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 1999-03-26 10:49 . 1999-03-26 10:49 295 ----a-w- c:\program files\ACADCD.MID 1999-03-26 07:32 . 1999-03-26 07:32 65712 ----a-w- c:\program files\README.HLP 1999-03-25 03:33 . 1999-03-25 03:33 21610 ----a-w- c:\program files\SETUP.PKG 1999-03-25 03:33 . 1999-03-25 03:33 20931 ----a-w- c:\program files\APPSETUP.INF 1999-03-25 03:17 . 1999-03-25 03:17 1829927 ----a-w- c:\program files\_SETUP.LIB 1999-03-25 02:32 . 1999-03-25 02:32 242472 ----a-w- c:\program files\SETUP.INS 1999-03-25 02:31 . 1999-03-25 02:31 73728 ----a-w- c:\program files\MSETUP.EXE 1999-03-25 02:31 . 1999-03-25 02:31 28672 ----a-w- c:\program files\AUTORUN.EXE 1999-02-01 13:40 . 1999-02-01 13:40 150 ----a-w- c:\program files\UPGRADE.LST 1999-01-22 08:34 . 1999-01-22 08:34 8225 ----a-w- c:\program files\CLEAN.LST 1998-12-18 08:57 . 1998-12-18 08:57 69 ----a-w- c:\program files\SETUP.INI 1998-12-11 09:41 . 1998-12-11 09:41 3375752 ----a-w- c:\program files\ACADSPLASH.AVI 1998-12-09 10:31 . 1998-12-09 10:31 1078 ----a-w- c:\program files\ACAD.ICO 1997-10-14 13:07 . 1997-10-14 13:07 725 ----a-w- c:\program files\BACKUP.LST 1997-10-14 13:07 . 1997-10-14 13:07 6128 ----a-w- c:\program files\_SETUP.DLL 1997-10-14 13:07 . 1997-10-14 13:07 91136 ----a-w- c:\program files\_ISRES.DLL 1997-10-14 13:07 . 1997-10-14 13:07 8192 ----a-w- c:\program files\_ISDEL.EXE 1997-10-14 13:07 . 1997-10-14 13:07 320411 ----a-w- c:\program files\_INST32I.EX_ . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= "e:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"= "c:\\Program Files\\ArchiCAD 12\\ArchiCAD.exe"= R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [24/04/2010 23:08 18816] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [24/04/2010 22:09 1872320] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/04/2010 19:18 108289] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [20/12/2007 02:53 37376] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [17/01/2010 21:29 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [17/01/2010 21:29 8456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\djé\Application Data\Mozilla\Firefox\Profiles\hxn8ykyq.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-26 22:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3460) c:\program files\Unlocker\UnlockerHook.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\devldr32.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Heure de fin: 2010-04-26 22:33:49 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-26 20:33 ComboFix2.txt 2010-04-26 17:01 Avant-CF: 107 364 212 736 octets libres Après-CF: 107 353 288 704 octets libres - - End Of File - - EC90F8EE6589789667A5597D3EDBB61F Je sens que ça chauffe!
  8. Djé11
    Salut, merci de ta réponse. Voilà le rapport demandé : ComboFix 10-04-21.01 - djé 26/04/2010 18:53:49.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1637 [GMT 2:00] Lancé depuis: c:\documents and settings\djé\Bureau\djé11.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\djé\Application Data\98377F92F3F02E714C7ED39960D6B28C c:\documents and settings\djé\Application Data\98377F92F3F02E714C7ED39960D6B28C\enemies-names.txt c:\documents and settings\djé\Application Data\98377F92F3F02E714C7ED39960D6B28C\lsrslt.ini c:\program files\autorun.inf C:\Thumbs.db c:\windows\system32\drivers\rqmojsvo.sys c:\windows\system32\drivers\tksjvwys.sys c:\windows\system32\jxzfsrc.dll c:\windows\system32\mxrdvpq.dll c:\windows\system32\pyxbigyw.dll Une copie infectée de c:\windows\system32\drivers\rdpcdd.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS -------\Legacy_TKSJVWYS -------\Legacy_YJMLQTSY -------\Service_tksjvwys -------\Service_yjmlqtsy ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-26 au 2010-04-26 )))))))))))))))))))))))))))))))))))) . 2010-04-26 10:39 . 2010-04-26 10:39 -------- d-s---w- c:\documents and settings\LocalService\UserData 2010-04-25 08:22 . 2010-04-25 08:23 -------- d-----w- C:\!KillBox 2010-04-25 07:58 . 2010-04-25 08:00 -------- d-----w- c:\program files\Unlocker 2010-04-24 21:26 . 2010-04-24 21:26 -------- d-----w- c:\program files\CCleaner 2010-04-24 21:08 . 2009-06-18 10:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2010-04-24 20:09 . 2010-04-24 20:45 -------- d-----w- c:\program files\a-squared Free 2010-04-24 06:56 . 2010-04-24 06:57 -------- d-----w- C:\rsit 2010-04-23 21:11 . 2010-04-23 21:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2010-04-23 20:49 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-04-23 20:25 . 2010-04-23 20:25 -------- d-----w- c:\program files\Sophos 2010-04-23 20:15 . 2010-04-23 21:38 -------- d-----w- c:\program files\ZHPDiag 2010-04-23 17:23 . 2010-04-24 21:13 -------- d-----w- c:\program files\Spyware Doctor 2010-04-23 17:22 . 2010-04-24 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-23 17:18 . 2010-04-23 17:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-23 17:18 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-04-23 17:18 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-04-23 17:18 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-04-23 17:18 . 2010-04-23 17:18 -------- d-----w- c:\program files\Avira 2010-04-23 17:18 . 2010-04-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-23 17:06 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-23 17:06 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-23 17:05 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-04-23 07:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-22 22:16 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe 2010-04-22 22:16 . 2010-04-24 06:54 -------- d--h--w- c:\windows\$hf_mig$ 2010-04-22 16:05 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2010-04-22 16:05 . 2010-02-17 12:07 2192000 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-04-22 16:05 . 2010-02-16 19:06 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-04-22 16:05 . 2010-02-16 19:06 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-04-21 10:43 . 2010-04-21 10:43 -------- d-----w- c:\program files\Alwil Software 2010-04-21 10:43 . 2010-04-21 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-21 09:57 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-21 09:57 . 2010-04-21 09:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-21 09:57 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 09:48 . 2010-04-21 09:48 -------- d-----w- c:\program files\Trend Micro 2010-04-20 20:48 . 2010-04-20 20:48 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2010-04-20 20:43 . 2010-04-20 20:43 118 ----a-w- C:\tujserrew.bat 2010-04-20 20:41 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-04-20 20:39 . 2010-04-23 20:42 -------- d-----w- c:\program files\eMule 2010-04-20 20:36 . 2010-04-20 20:36 -------- d-----w- c:\windows\Sun 2010-04-20 20:34 . 2010-04-20 20:34 -------- d-----w- c:\program files\Autopano Pro 2010-04-12 16:54 . 2010-04-12 16:57 -------- d-----w- c:\program files\ArchiCAD 12 2010-04-12 16:50 . 2010-04-12 16:50 -------- d-----w- c:\program files\Java 2010-04-12 16:50 . 2010-04-12 16:50 -------- d-----w- c:\program files\Fichiers communs\Java 2010-04-06 21:21 . 2010-04-06 21:21 -------- d-----w- c:\program files\Canon 2010-04-06 21:20 . 2010-04-06 21:20 -------- d-----w- c:\program files\Fichiers communs\Canon . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-25 06:07 . 2008-04-14 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-25 06:07 . 2008-04-14 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-24 21:28 . 2010-01-18 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-04-24 19:10 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys 2010-04-23 22:14 . 2010-04-23 22:14 -------- d-----w- c:\program files\MSBuild 2010-04-23 22:14 . 2010-04-23 22:14 -------- d-----w- c:\program files\Reference Assemblies 2010-04-23 09:45 . 2010-04-23 09:45 112 ----a-w- c:\documents and settings\All Users\Application Data\wa0P06MfJ.dat 2010-04-23 09:44 . 2010-02-05 23:24 -------- d-----w- c:\program files\QuickTime 2010-04-21 10:13 . 2010-01-25 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-04-21 10:12 . 2010-01-25 20:35 -------- d-----w- c:\program files\HP 2010-04-11 09:43 . 2010-01-18 18:18 -------- d-----w- c:\program files\World of Warcraft 2010-04-10 10:14 . 2010-01-18 21:24 -------- d-----w- c:\program files\FileZilla FTP Client 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8395\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8395\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8395\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\8395\AcrobatUpdater.exe 2010-03-12 11:36 . 2010-03-12 11:35 16826 ---ha-w- c:\program files\README.GID 2010-03-12 11:02 . 2010-03-12 11:01 -------- d-----w- c:\program files\DATA 2010-03-12 11:01 . 2010-03-12 11:01 -------- d-----w- c:\program files\SYSTEM 2010-03-12 11:01 . 2010-03-12 11:01 -------- d-----w- c:\program files\VBA 2010-03-12 11:01 . 2010-03-12 11:01 -------- d-----w- c:\program files\WINDOWS SYSTEM DRIVERS 2010-03-09 11:10 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-26 23:46 . 2010-02-05 23:15 -------- d-----w- c:\program files\Starry Night Pro Plus 6 2010-02-26 05:42 . 2008-04-14 12:00 671232 ----a-w- c:\windows\system32\wininet.dll 2010-02-26 05:42 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 19:06 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:06 . 2008-04-13 19:07 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 1999-03-26 10:49 . 1999-03-26 10:49 295 ----a-w- c:\program files\ACADCD.MID 1999-03-26 07:32 . 1999-03-26 07:32 65712 ----a-w- c:\program files\README.HLP 1999-03-25 03:33 . 1999-03-25 03:33 21610 ----a-w- c:\program files\SETUP.PKG 1999-03-25 03:33 . 1999-03-25 03:33 20931 ----a-w- c:\program files\APPSETUP.INF 1999-03-25 03:17 . 1999-03-25 03:17 1829927 ----a-w- c:\program files\_SETUP.LIB 1999-03-25 02:32 . 1999-03-25 02:32 242472 ----a-w- c:\program files\SETUP.INS 1999-03-25 02:31 . 1999-03-25 02:31 73728 ----a-w- c:\program files\MSETUP.EXE 1999-03-25 02:31 . 1999-03-25 02:31 28672 ----a-w- c:\program files\AUTORUN.EXE 1999-02-01 13:40 . 1999-02-01 13:40 150 ----a-w- c:\program files\UPGRADE.LST 1999-01-22 08:34 . 1999-01-22 08:34 8225 ----a-w- c:\program files\CLEAN.LST 1998-12-18 08:57 . 1998-12-18 08:57 69 ----a-w- c:\program files\SETUP.INI 1998-12-11 09:41 . 1998-12-11 09:41 3375752 ----a-w- c:\program files\ACADSPLASH.AVI 1998-12-09 10:31 . 1998-12-09 10:31 1078 ----a-w- c:\program files\ACAD.ICO 1997-10-14 13:07 . 1997-10-14 13:07 725 ----a-w- c:\program files\BACKUP.LST 1997-10-14 13:07 . 1997-10-14 13:07 6128 ----a-w- c:\program files\_SETUP.DLL 1997-10-14 13:07 . 1997-10-14 13:07 91136 ----a-w- c:\program files\_ISRES.DLL 1997-10-14 13:07 . 1997-10-14 13:07 8192 ----a-w- c:\program files\_ISDEL.EXE 1997-10-14 13:07 . 1997-10-14 13:07 320411 ----a-w- c:\program files\_INST32I.EX_ . <pre> c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM .exe c:\program files\Java\jre1.6.0_03\bin\jusched .exe c:\program files\QuickTime\qttask .exe </pre> ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [N/A] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [N/A] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:68596a5ebae [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= "e:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"= "c:\\Program Files\\ArchiCAD 12\\ArchiCAD.exe"= R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [24/04/2010 23:08 18816] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [24/04/2010 22:09 1872320] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [23/04/2010 19:18 108289] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [20/12/2007 02:53 37376] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S0 wcdadvff;wcdadvff; [x] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [17/01/2010 21:29 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [17/01/2010 21:29 8456] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\CE.tmp --> c:\windows\system32\CE.tmp [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\djé\Application Data\Mozilla\Firefox\Profiles\hxn8ykyq.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHELINS SUPPRIMES - - - - BHO-{02873870-BF47-4B72-A96E-AD4851380526} - (no file) ShellIconOverlayIdentifiers-{02873870-BF47-4B72-A96E-AD4851380526} - (no file) ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\CE.tmp" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2020) c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\QuickTime\qttask .exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\devldr32.exe c:\windows\system32\wdfmgr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Heure de fin: 2010-04-26 19:01:38 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-26 17:01 Avant-CF: 107 358 179 328 octets libres Après-CF: 107 336 531 968 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 5FCF3DD84454E612ADBEDBB7108B5047 Je serai très curieux de savoir comment le compte de mon jeu en ligne a été piraté (un keylogger je suppose), si jamais tu détectes quelque chose. A bientôt, Djé
  9. Djé11
    Les fichiers suivants sont repérés par antivir : c:\windows\system32\mxrdvpq.dll --> ce fichier est lié à explorer, du coup je n'arrive à l'effacer car il est toujours actif c:\windows\system32\drivers\tksjvwys.sys --> celui là, j'en sais rien, mais pareil, je n'arrive pas à le virer Peu de temps après le boot, ces deux fichiers sont créés : pyxbigyw.dll majrieec.dll J'ai essayé avec killbox et unlocker, mais ça n'a pas marché, je n'arrive pas à les désactiver.
  10. Djé11
    Salut Thanos, merci pour la rapidité de ta réponse. Voici les éléments que tu m'as demandé : --- Info.txt ---info.txt logfile of random's system information tool 1.06 2010-04-24 08:57:07 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Photoshop Lightroom 2-->MsiExec.exe /I{531BC138-F1F7-496B-879C-F039ECEF438D} Adobe Reader 9.3.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} ASCOM Platform 4.1-->C:\PROGRA~1\FICHIE~1\ASCOM\TELESC~1\UNWISE.EXE C:\PROGRA~1\FICHIE~1\ASCOM\TELESC~1\INSTALL.LOG Atheros Communications Inc.® L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\setup.exe" -l0x9 -removeonly ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6} Browser Defender 2.0.6.15-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe" Canon RAW Codec-->"C:\Program Files\Fichiers communs\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\RAWCodec160\CRCUnInstall.ini" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" DeepBurner v1.9.0.228-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" -u EASEUS Partition Master 4.1.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 4.1.1 Home Edition\unins000.exe" FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe Free RAW Viewer 1.00-->"C:\Program Files\Free RAW Viewer\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HomePlayer 1.5.9-->C:\Program Files\HomePlayer\uninst.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Neat Image v5 Demo (with plug-in)-->"C:\Program Files\Neat Image\unins000.exe" PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Photomatix Pro version 3.0.2-->"C:\Program Files\PhotomatixPro3\unins000.exe" QuickTime-->MsiExec.exe /X{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG Starry Night Pro Plus 6-->"C:\Program Files\Starry Night Pro Plus 6\Uninstall Starry Night Pro Plus 6\Uninstall Starry Night Pro Plus 6.exe" Stellarium 0.10.2-->"C:\Program Files\Stellarium\unins000.exe" TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll XnView 1.97-->"C:\Program Files\XnView\unins000.exe" ZHPDiag 1.25-->"C:\Program Files\ZHPDiag\unins000.exe" =====HijackThis Backups===== O4 - HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\DJ53B1~1\LOCALS~1\Temp\geurge.exe [2010-04-21] O4 - HKCU\..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\DOCUME~1\DJ53B1~1\LOCALS~1\Temp\ii9uc.exe [2010-04-21] O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2010-04-21] O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net" [2010-04-21] O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\DJ53B1~1\LOCALS~1\Temp\Ffh.exe [2010-04-21] O4 - HKCU\..\Run: [newupdate1142C.exe] C:\Documents and Settings\djé\Application Data\98377F92F3F02E714C7ED39960D6B28C\newupdate1142C.exe [2010-04-21] O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\DJ53B1~1\LOCALS~1\Temp\win32.exe [2010-04-21] O2 - BHO: (no name) - {02873870-BF47-4B72-A96E-AD4851380526} - c:\windows\system32\mxrdvpq.dll [2010-04-21] O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\DOCUME~1\DJ53B1~1\LOCALS~1\Temp\xapig3obk7.dll, RestoreWindows [2010-04-21] O2 - BHO: C:\WINDOWS\system32\gc3yjkqxy.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\gc3yjkqxy.dll [2010-04-21] O2 - BHO: C:\WINDOWS\system32\gc3yjkqxy.dll - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\gc3yjkqxy.dll (file missing) [2010-04-21] O2 - BHO: (no name) - {02873870-BF47-4B72-A96E-AD4851380526} - c:\windows\system32\mxrdvpq.dll [2010-04-21] O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\DOCUME~1\DJ53B1~1\LOCALS~1\Temp\xapig3obk7.dll, RestoreWindows [2010-04-21] O2 - BHO: (no name) - {02873870-BF47-4B72-A96E-AD4851380526} - c:\windows\system32\mxrdvpq.dll [2010-04-21] O22 - SharedTaskScheduler: kjsfi8sjefiuoshiefyhiusdhfdf - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - (no file) [2010-04-21] O2 - BHO: (no name) - {02873870-BF47-4B72-A96E-AD4851380526} - c:\windows\system32\mxrdvpq.dll [2010-04-23] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Spyware Doctor with AntiVirus AV: AntiVir Desktop ======System event log====== Computer Name: SCHNOUF Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness). Record Number: 3645 Source Name: Service Control Manager Time Written: 20100404223840.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SCHNOUF Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service hpqcxs08. Record Number: 3644 Source Name: Service Control Manager Time Written: 20100404223840.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SCHNOUF Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI. Record Number: 3643 Source Name: Service Control Manager Time Written: 20100404223840.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SCHNOUF Event Code: 7036 Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution. Record Number: 3642 Source Name: Service Control Manager Time Written: 20100404223840.000000+120 Event Type: Informations User: Computer Name: SCHNOUF Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant. Record Number: 3641 Source Name: Service Control Manager Time Written: 20100404223840.000000+120 Event Type: Informations User: SCHNOUF\djé =====Application event log===== Computer Name: SCHNOUF Event Code: 102 Message: wuaueng.dll (2336) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0). Record Number: 486 Source Name: ESENT Time Written: 20100201082804.000000+060 Event Type: Informations User: Computer Name: SCHNOUF Event Code: 100 Message: wuauclt (2336) Le moteur de base de données 5.01.2600.5512 est démarré. Record Number: 485 Source Name: ESENT Time Written: 20100201082804.000000+060 Event Type: Informations User: Computer Name: SCHNOUF Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 484 Source Name: SecurityCenter Time Written: 20100201082719.000000+060 Event Type: Informations User: Computer Name: SCHNOUF Event Code: 1 Message: Record Number: 483 Source Name: Bonjour Service Time Written: 20100201082719.000000+060 Event Type: Informations User: Computer Name: SCHNOUF Event Code: 105 Message: The service was started. Record Number: 482 Source Name: ATI Smart Time Written: 20100201082714.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- --- Log.txt --- Logfile of random's system information tool 1.06 (written by random/random) Run by djé at 2010-04-24 08:56:50 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 103 GB (69%) free of 150 GB Total RAM: 2047 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:57:05, on 24/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\djé\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\djé.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02873870-BF47-4B72-A96E-AD4851380526} - c:\windows\system32\mxrdvpq.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6505 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02873870-BF47-4B72-A96E-AD4851380526}] c:\windows\system32\mxrdvpq.dll [2008-04-14 109568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}] PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [] "QuickTime Task"=C:\Program Files\QuickTime\qttask .exe [2010-02-06 282624] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-03-09 1286608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-03-15 114688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFolderOptions"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer" "C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer" "E:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="E:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component" "C:\Program Files\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ddad9c-2d11-11df-aaad-001d60196019}] shell\AutoRun\command - F:\2u923g01.exe shell\open\command - F:\2u923g01.exe ======List of files/folders created in the last 1 months====== 2010-04-24 08:56:50 ----D---- C:\rsit 2010-04-24 08:54:47 ----D---- C:\WINDOWS\LastGood 2010-04-24 00:14:44 ----D---- C:\WINDOWS\system32\XPSViewer 2010-04-24 00:14:41 ----D---- C:\Program Files\MSBuild 2010-04-24 00:14:40 ----D---- C:\WINDOWS\system32\en-US 2010-04-24 00:14:37 ----D---- C:\Program Files\Reference Assemblies 2010-04-24 00:14:18 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2010-04-24 00:14:18 ----N---- C:\WINDOWS\system32\prntvpt.dll 2010-04-24 00:14:17 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2010-04-23 23:23:31 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2010-04-23 22:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-04-23 22:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-04-23 22:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-04-23 22:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2010-04-23 22:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-04-23 22:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-04-23 22:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-04-23 22:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2010-04-23 22:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-04-23 22:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$ 2010-04-23 22:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-04-23 22:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-04-23 22:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-04-23 22:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-04-23 22:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2010-04-23 22:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-04-23 22:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-04-23 22:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-04-23 22:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-04-23 22:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-04-23 22:51:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-04-23 22:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-04-23 22:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2010-04-23 22:50:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-04-23 22:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-04-23 22:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-04-23 22:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-04-23 22:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-04-23 22:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-04-23 22:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-04-23 22:50:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-04-23 22:50:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-04-23 22:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2010-04-23 22:49:51 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-04-23 22:49:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-04-23 22:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-04-23 22:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$ 2010-04-23 22:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-04-23 22:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-04-23 22:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2010-04-23 22:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-04-23 22:49:08 ----A---- C:\WINDOWS\system32\wmpns.dll 2010-04-23 22:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2010-04-23 22:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2010-04-23 22:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-04-23 22:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2010-04-23 22:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-04-23 22:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-04-23 22:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-04-23 22:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-04-23 22:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-04-23 22:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-04-23 22:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-04-23 22:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-04-23 22:48:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-04-23 22:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-04-23 22:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-04-23 22:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2010-04-23 22:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-04-23 22:47:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-04-23 22:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-04-23 22:25:10 ----D---- C:\Program Files\Sophos 2010-04-23 22:15:25 ----D---- C:\Program Files\ZHPDiag 2010-04-23 19:30:20 ----A---- C:\WINDOWS\ntbtlog.txt 2010-04-23 19:26:10 ----A---- C:\WINDOWS\BDTSupport.dll 2010-04-23 19:26:09 ----A---- C:\WINDOWS\SGDetectionTool.dll 2010-04-23 19:26:09 ----A---- C:\WINDOWS\PCTBDRes.dll 2010-04-23 19:26:09 ----A---- C:\WINDOWS\PCTBDCore.dll 2010-04-23 19:23:09 ----D---- C:\Program Files\Spyware Doctor 2010-04-23 19:23:09 ----D---- C:\Program Files\Fichiers communs\PC Tools 2010-04-23 19:23:09 ----D---- C:\Documents and Settings\djé\Application Data\PC Tools 2010-04-23 19:23:09 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2010-04-23 19:22:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-04-23 19:18:46 ----D---- C:\Program Files\Avira 2010-04-23 19:18:46 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-04-23 09:02:26 ----N---- C:\WINDOWS\system32\browserchoice.exe 2010-04-23 00:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-04-23 00:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-04-23 00:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2010-04-23 00:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-04-23 00:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-04-23 00:16:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-04-23 00:16:22 ----D---- C:\WINDOWS\system32\PreInstall 2010-04-23 00:16:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2010-04-23 00:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2010-04-23 00:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2010-04-23 00:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2010-04-23 00:16:04 ----N---- C:\WINDOWS\system32\spmsg.dll 2010-04-23 00:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-04-23 00:16:03 ----HD---- C:\WINDOWS\$hf_mig$ 2010-04-21 12:43:12 ----D---- C:\Program Files\Alwil Software 2010-04-21 12:43:12 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software 2010-04-21 12:12:14 ----D---- C:\WINDOWS\system32\appmgmt 2010-04-21 12:11:46 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2010-04-21 11:57:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-21 11:48:55 ----D---- C:\Program Files\Trend Micro 2010-04-21 10:53:25 ----A---- C:\WINDOWS\wininit.ini 2010-04-21 00:02:28 ----A---- C:\WINDOWS\lsrslt.ini 2010-04-20 22:43:13 ----A---- C:\tujserrew.bat 2010-04-20 22:43:12 ----D---- C:\Documents and Settings\djé\Application Data\98377F92F3F02E714C7ED39960D6B28C 2010-04-20 22:39:41 ----D---- C:\Program Files\eMule 2010-04-20 22:36:05 ----D---- C:\WINDOWS\Sun 2010-04-20 22:34:38 ----D---- C:\Program Files\Autopano Pro 2010-04-12 18:54:07 ----D---- C:\Program Files\ArchiCAD 12 2010-04-12 18:52:35 ----D---- C:\Documents and Settings\djé\Application Data\Graphisoft 2010-04-12 18:50:32 ----A---- C:\WINDOWS\system32\javaws.exe 2010-04-12 18:50:32 ----A---- C:\WINDOWS\system32\javaw.exe 2010-04-12 18:50:32 ----A---- C:\WINDOWS\system32\java.exe 2010-04-12 18:50:07 ----D---- C:\Program Files\Java 2010-04-12 18:50:05 ----D---- C:\Program Files\Fichiers communs\Java 2010-04-12 18:49:38 ----D---- C:\Documents and Settings\djé\Application Data\Sun 2010-04-10 12:13:52 ----D---- C:\Documents and Settings\djé\Application Data\FileZilla 2010-04-06 23:21:06 ----D---- C:\Program Files\Canon 2010-04-06 23:20:38 ----D---- C:\Program Files\Fichiers communs\Canon ======List of files/folders modified in the last 1 months====== 2010-04-24 08:56:51 ----D---- C:\WINDOWS\Temp 2010-04-24 08:56:37 ----SHD---- C:\System Volume Information 2010-04-24 08:56:37 ----D---- C:\WINDOWS\system32\Restore 2010-04-24 08:55:21 ----D---- C:\Program Files\Mozilla Firefox 2010-04-24 08:55:18 ----HD---- C:\WINDOWS\inf 2010-04-24 08:55:06 ----D---- C:\WINDOWS\Microsoft.NET 2010-04-24 08:55:05 ----RSD---- C:\WINDOWS\assembly 2010-04-24 08:54:51 ----D---- C:\WINDOWS 2010-04-24 08:54:19 ----D---- C:\WINDOWS\system32 2010-04-24 08:53:26 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-24 00:18:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-24 00:18:07 ----SHD---- C:\WINDOWS\Installer 2010-04-24 00:18:07 ----HD---- C:\Config.Msi 2010-04-24 00:17:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-04-24 00:16:59 ----D---- C:\WINDOWS\WinSxS 2010-04-24 00:14:41 ----RD---- C:\Program Files 2010-04-24 00:14:39 ----RSD---- C:\WINDOWS\Fonts 2010-04-24 00:14:26 ----D---- C:\WINDOWS\system32\spool 2010-04-24 00:14:23 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-04-24 00:12:55 ----D---- C:\WINDOWS\system32\mui 2010-04-24 00:12:55 ----D---- C:\Program Files\Internet Explorer 2010-04-23 23:33:09 ----SD---- C:\WINDOWS\Tasks 2010-04-23 23:05:53 ----D---- C:\WINDOWS\AppPatch 2010-04-23 22:52:41 ----D---- C:\WINDOWS\system32\drivers 2010-04-23 22:52:37 ----A---- C:\WINDOWS\imsins.BAK 2010-04-23 22:52:26 ----D---- C:\Program Files\Messenger 2010-04-23 22:50:36 ----D---- C:\Program Files\Movie Maker 2010-04-23 22:49:19 ----D---- C:\Program Files\Outlook Express 2010-04-23 19:30:40 ----D---- C:\Documents and Settings 2010-04-23 19:23:20 ----D---- C:\WINDOWS\Prefetch 2010-04-23 19:23:09 ----D---- C:\Program Files\Fichiers communs 2010-04-23 11:44:18 ----D---- C:\Program Files\QuickTime 2010-04-23 08:58:50 ----D---- C:\WINDOWS\system32\wbem 2010-04-22 09:13:51 ----D---- C:\WINDOWS\ShellNew 2010-04-21 12:16:22 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-04-21 12:16:03 ----D---- C:\WINDOWS\twain_32 2010-04-21 12:13:44 ----D---- C:\Documents and Settings\All Users\Application Data\HP 2010-04-21 12:12:24 ----D---- C:\Program Files\HP 2010-04-21 12:11:59 ----D---- C:\WINDOWS\SoftwareDistribution 2010-04-21 12:11:56 ----D---- C:\WINDOWS\Help 2010-04-21 12:07:22 ----D---- C:\WINDOWS\Registration 2010-04-11 11:43:26 ----D---- C:\Program Files\World of Warcraft 2010-04-10 12:14:14 ----D---- C:\Program Files\FileZilla FTP Client 2010-04-02 22:00:30 ----D---- C:\WINDOWS\Minidump ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-04-23 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-04-23 56816] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-12-20 37376] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-15 1986560] R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712] R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904] R3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys [] S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\50.tmp [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-04-23 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-23 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-15 450560] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 yjmlqtsy;PCI Bus s6159 Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-03-22 520192] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-18 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Question subsidiaire : Tu interprètes toi même ces fichiers ou tu les analyses sur un site genre celui de hijackthis? Merci, Djé
  11. Djé11
    Bonsoir, Je suis nouveau sur ce forum car je ne m'en sors pas tout seul. Enchanté donc... J'ai depuis quelques jours le virus TR/Dldr.Agent.dfhk sur mon ordinateur. Je n'arrive pas à m'en débarrasser ; je tourne sous XP SP3. J'ai lu les messages qui traitent de ce virus, mais les réponses sont tellement personnalisées et/ou techniques que je n'arrive pas à en tirer des infos pour régler mon problème. Explorer plante systématiquement lorsque j'éteins windows aussi. Je suppose que d'autres virus sont sur mon ordi, notamment un keylogger car mon compte d'un jeu en ligne a été piraté ce jour même (c'était déjà arrivé il y a quelques mois). Je vous poste les rapports Hijackthis et ZHP. ------------------------- Rapport Hijackthis ------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:34:06, on 23/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\devldr32.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02873870-BF47-4B72-A96E-AD4851380526} - c:\windows\system32\mxrdvpq.dll ---> je n'arrive pas à virer cette ligne qui revient toujours. Antivir annonce que ce fichier est infecté mais ne parvient pas à le détruire. O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6372 bytes ------------------------------------------------------------ Bon ben je n'arrive pas à mettre le rapport ZHP qui semble être trop long... Désolé pour tous les doublons, je ne comprends pas comment ils sont apparus et je ne trouve pas comment les supprimer... Si une âme généreuse peut m'apporter de l'aide, je lui en serait très reconnaissant! Djé
×
×
  • Créer...