Guenillot

Membres

Afficher le profil Afficher son activité

Compteur de contenus
17
Inscription
le 23 mai 2010
Dernière visite
le 27 mai 2010

Guenillot's Achievements

Junior Member (3/12)

Réputation sur la communauté

Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Bon écoute, ça a l'air d'être bon, j'attends un ou deux jours avant de le mettre en résolu. Toutefois, il y a quand même un tout petit problème, sur Mozilla, quand je clique sur un lien, il n'y a plus ce petit bruit "clic" Si tu savais d'où ça peut venir... En tout cas, merci beaucoup, est-ce que le site a un endroit pour faire une donation ou quelque chose dans ce genre, pcq vraiment tu m'as tiré une bonne épine du pied... Et puis on risque de se retrouver sur un post prochainement car je compte reformater le disque dur d'un autre portable, il est un peu vieux, et je pense que ca lui ferai du bien, mais là aussi, j'ai jamais fait. Encore merci
- le 24 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Le PC va pas trop mal, le virus ne s'est plus manifesté... Parti??? Je ne sais. Allez, moi aussi au dodo, à demain, et ça fait dix fois que je le dis, mais vraiment merci!! Rapport Hijack: Logfile of random's system information tool 1.06 (written by random/random) Run by Fanou at 2010-05-24 00:32:32 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 19 GB (26%) free of 76 GB Total RAM: 1022 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:32:42, on 24/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Fanou\Bureau\Antivirus\RSIT.exe C:\Documents and Settings\Fanou\Bureau\Antivirus\Fanou.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E68E2B73-8EA0-4A94-A901-EB2C55A23932} - c:\windows\system32\udjsklr.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://copainsdavant.linternaute.com/frame...geUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170017079718 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_3_0.cab O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_9418.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe O23 - Service: Service Google Update (gupdate1c9a8b8bcc51050) (gupdate1c9a8b8bcc51050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10347 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1143979466.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2826103261-839955967-4107118250-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2826103261-839955967-4107118250-1006.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\User_Feed_Synchronization-{D3C75F43-DEEB-45DD-9930-304B2E5B4289}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-12 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-05 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E68E2B73-8EA0-4A94-A901-EB2C55A23932}] c:\windows\system32\udjsklr.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "ISUSPM Startup"=c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-07-27 221184] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-10-11 409600] "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-27 344064] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-12 202256] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-18 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-05-04 794624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [2004-09-07 1450094] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe [2008-11-09 2158592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-12 202256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] C:\PROGRA~1\ASUS\BLUETO~1\BTTray.exe [2008-04-14 596584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk] C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fanou^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk] C:\Documents and Settings\Fanou\Application Data\110A0F8412C1B9A25D0DEEF69C4385FD\gotnewupdate000.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-09-28 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-05-24 00:31:29 ----SHD---- C:\RECYCLER 2010-05-24 00:18:20 ----A---- C:\ComboFix.txt 2010-05-23 23:57:38 ----D---- C:\WINDOWS\temp 2010-05-23 21:35:31 ----A---- C:\WINDOWS\system32\grpconv.exe 2010-05-23 21:13:54 ----A---- C:\Boot.bak 2010-05-23 21:13:45 ----RASHD---- C:\cmdcons 2010-05-23 18:22:48 ----A---- C:\TDSSKiller.2.3.0.0_23.05.2010_18.22.48_log.txt 2010-05-23 18:22:11 ----A---- C:\TDSSKiller.2.3.0.0_23.05.2010_18.22.11_log.txt 2010-05-23 17:33:22 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-05-23 17:19:50 ----A---- C:\Ad-Report-SCAN[1].txt 2010-05-23 17:19:43 ----D---- C:\Ad-Remover 2010-05-23 07:48:44 ----A---- C:\TDSSKiller.2.3.0.0_23.05.2010_07.48.44_log.txt 2010-05-23 07:47:24 ----A---- C:\TCleaner.txt 2010-05-22 22:52:30 ----D---- C:\Documents and Settings\Fanou\Application Data\QuickScan 2010-05-22 18:31:42 ----D---- C:\WINDOWS\ERDNT 2010-05-22 17:09:58 ----D---- C:\Program Files\Mozilla Firefox 2010-05-22 15:31:48 ----D---- C:\found.000 2010-05-22 15:16:10 ----D---- C:\Documents and Settings\Fanou\Application Data\Mozilla 2010-05-22 14:51:58 ----D---- C:\Program Files\QuickTime 2010-05-22 14:50:54 ----D---- C:\Program Files\Fichiers communs\Apple 2010-05-22 14:50:31 ----D---- C:\Program Files\Apple Software Update 2010-05-22 14:50:31 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2010-05-22 14:47:07 ----D---- C:\Documents and Settings\Fanou\Application Data\DivX 2010-05-22 14:45:47 ----D---- C:\Program Files\Fichiers communs\DivX Shared 2010-05-22 14:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\DivX 2010-05-21 12:22:15 ----D---- C:\tdsskiller 2010-05-21 08:53:51 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-05-21 08:38:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2010-05-19 23:05:16 ----D---- C:\Program Files\Vilma 2010-05-19 22:38:16 ----A---- C:\WINDOWS\lsrslt.ini 2010-05-19 21:50:57 ----A---- C:\WINDOWS\ntbtlog.txt 2010-05-13 11:10:06 ----A---- C:\WINDOWS\cdplayer.ini 2010-05-12 08:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-04-25 20:55:42 ----D---- C:\Program Files\MSECache ======List of files/folders modified in the last 1 months====== 2010-05-24 00:31:01 ----AD---- C:\WINDOWS 2010-05-24 00:30:46 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-24 00:23:40 ----D---- C:\WINDOWS\Internet Logs 2010-05-24 00:18:25 ----D---- C:\WINDOWS\system32\drivers 2010-05-24 00:10:34 ----D---- C:\WINDOWS\system32 2010-05-24 00:10:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-24 00:09:13 ----A---- C:\WINDOWS\system.ini 2010-05-24 00:08:33 ----SD---- C:\WINDOWS\Tasks 2010-05-23 23:54:23 ----D---- C:\WINDOWS\AppPatch 2010-05-23 23:54:13 ----D---- C:\Program Files\Fichiers communs 2010-05-23 23:45:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-23 21:50:43 ----D---- C:\WINDOWS\Prefetch 2010-05-23 21:36:50 ----D---- C:\WINDOWS\system32\config 2010-05-23 21:35:36 ----RSHD---- C:\WINDOWS\system32\dllcache 2010-05-23 21:19:56 ----D---- C:\WINDOWS\system32\Restore 2010-05-23 21:19:55 ----SHD---- C:\System Volume Information 2010-05-23 21:13:55 ----RASH---- C:\boot.ini 2010-05-23 17:42:32 ----RD---- C:\Program Files 2010-05-23 15:26:20 ----D---- C:\Config.Msi 2010-05-22 19:11:25 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-22 18:36:52 ----SHD---- C:\WINDOWS\Installer 2010-05-22 18:36:50 ----D---- C:\Program Files\Lavasoft 2010-05-22 17:57:48 ----D---- C:\WINDOWS\system32\NtmsData 2010-05-22 15:33:50 ----D---- C:\WINDOWS\SxsCaPendDel 2010-05-22 15:13:43 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2010-05-22 14:51:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2010-05-21 17:25:29 ----D---- C:\Documents and Settings\Fanou\Application Data\Spyware Terminator 2010-05-21 17:18:07 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-21 17:18:06 ----D---- C:\Program Files\Fichiers communs\PC Tools 2010-05-21 17:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-21 16:55:12 ----HD---- C:\WINDOWS\inf 2010-05-21 16:53:55 ----D---- C:\Program Files\PCMEdit 2010-05-21 16:52:11 ----D---- C:\Program Files\Google 2010-05-21 16:42:48 ----D---- C:\WINDOWS\WinSxS 2010-05-21 16:37:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-05-21 16:24:25 ----A---- C:\WINDOWS\win.ini 2010-05-21 12:17:06 ----D---- C:\Program Files\Spyware Terminator 2010-05-21 12:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2010-05-21 07:51:37 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro 2010-05-20 14:18:56 ----D---- C:\Documents and Settings 2010-05-20 14:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2010-05-20 08:02:55 ----D---- C:\WINDOWS\PeerNet 2010-05-20 08:00:44 ----D---- C:\WINDOWS\system32\wbem 2010-05-19 22:48:50 ----D---- C:\Malwarebytes' Anti-Malware 2010-05-19 22:45:15 ----D---- C:\WINDOWS\pss 2010-05-14 08:42:23 ----D---- C:\WINDOWS\Registration 2010-05-13 10:47:34 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2010-05-13 10:47:34 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2010-05-13 10:47:34 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2010-05-13 10:47:30 ----N---- C:\WINDOWS\system32\PxSFS.DLL 2010-05-13 10:47:30 ----N---- C:\WINDOWS\system32\Px.dll 2010-05-13 10:47:29 ----N---- C:\WINDOWS\system32\PxWave.dll 2010-05-13 10:47:29 ----N---- C:\WINDOWS\system32\pxdrv.dll 2010-05-13 10:47:28 ----N---- C:\WINDOWS\system32\PxMas.dll 2010-05-12 08:31:09 ----D---- C:\Program Files\Outlook Express 2010-05-12 08:27:13 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-04 08:49:41 ----D---- C:\Program Files\Power IE 2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe 2010-04-25 20:57:15 ----SD---- C:\Documents and Settings\Fanou\Application Data\Microsoft 2010-04-25 20:56:28 ----RSD---- C:\WINDOWS\Fonts 2010-04-25 20:56:17 ----D---- C:\Program Files\Microsoft Office 2010-04-25 20:56:14 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-04-02 82380] R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys [] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-07 28672] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2004-09-07 27648] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-04-20 28520] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-04-20 56816] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-28 1345536] R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-10-12 1952512] R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272] R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312] R3 catchme;catchme; \??\C:\DOCUME~1\Fanou\LOCALS~1\Temp\catchme.sys [] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008] R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-06-21 74496] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-07 92928] R4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600] S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384] S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys [] S3 hitmanpro3;Hitman Pro 3 Support Driver; \??\C:\WINDOWS\system32\drivers\hitmanpro3.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 mbr;mbr; \??\C:\DOCUME~1\Fanou\LOCALS~1\Temp\mbr.sys [] S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-04-20 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-20 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-28 376832] R2 btwdins;Bluetooth Service; C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624] R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1192048] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-09-22 53248] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-09 537600] R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-10-11 102400] S2 gupdate1c9a8b8bcc51050;Service Google Update (gupdate1c9a8b8bcc51050); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-19 133104] S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1192048] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728] S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 138168] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Voici le nouveau rapport cf, je crois qu'il a fait ce que tu voulais, non? ComboFix 10-05-23.04 - Fanou 23/05/2010 23:49:06.3.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.643 [GMT 2:00] Lancé depuis: c:\documents and settings\Fanou\Bureau\panpan.exe Commutateurs utilisés :: c:\documents and settings\Fanou\Bureau\cfscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: "c:\windows\system32\drivers\etc\lmhosts" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\etc\lmhosts . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-23 au 2010-05-23 )))))))))))))))))))))))))))))))))))) . 2010-05-23 19:35 . 2008-04-14 02:34 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-05-23 19:35 . 2008-04-14 02:34 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2010-05-23 15:19 . 2010-05-23 15:43 -------- d-----w- C:\Ad-Remover 2010-05-22 20:52 . 2010-05-23 05:51 -------- d-----w- c:\documents and settings\Fanou\Application Data\QuickScan 2010-05-22 14:06 . 2010-05-22 14:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-22 13:31 . 2010-05-22 13:31 -------- d-----w- C:\found.000 2010-05-22 12:51 . 2010-05-22 12:52 -------- d-----w- c:\program files\QuickTime 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\documents and settings\Fanou\Local Settings\Application Data\Apple 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\program files\Apple Software Update 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-05-22 12:47 . 2010-05-22 12:47 -------- d-----w- c:\documents and settings\Fanou\Application Data\DivX 2010-05-22 12:45 . 2010-05-22 12:45 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-05-22 12:43 . 2010-05-22 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-22 07:58 . 2010-05-22 07:58 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-05-21 21:03 . 2010-05-21 21:03 -------- d-----w- c:\documents and settings\Fanou\DoctorWeb 2010-05-21 11:10 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\Administrateur\DoctorWeb 2010-05-21 11:09 . 2010-05-21 11:09 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2010-05-21 10:38 . 2010-05-21 10:38 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-05-21 10:22 . 2010-05-23 05:48 -------- d-----w- C:\tdsskiller 2010-05-21 07:23 . 2010-05-21 07:23 -------- d-----w- c:\documents and settings\NetworkService\Bureau 2010-05-21 06:54 . 2010-05-21 06:54 -------- d-----w- c:\documents and settings\Fanou\Local Settings\Application Data\Sunbelt Software 2010-05-21 06:53 . 2010-05-22 16:36 -------- dc----w- c:\windows\system32\DRVSTORE 2010-05-21 06:53 . 2010-05-21 06:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-21 06:38 . 2010-05-22 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-20 21:09 . 2010-05-20 21:10 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-05-20 15:44 . 2010-05-20 15:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Spyware Terminator 2010-05-20 12:20 . 2010-05-20 12:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-05-20 12:20 . 2010-05-20 12:20 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-05-20 12:19 . 2005-11-30 00:28 135 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2010-05-20 12:19 . 2005-11-30 00:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer 2010-05-19 21:05 . 2010-05-21 15:02 -------- d-----w- c:\program files\Vilma 2010-04-25 18:55 . 2010-04-25 18:55 -------- d-----w- c:\program files\MSECache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-23 22:10 . 2004-08-17 09:31 514770 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-23 22:10 . 2004-08-17 09:31 86428 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-23 21:57 . 2008-11-09 19:12 176048160 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-23 21:32 . 2008-11-09 19:12 2066432 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-22 16:36 . 2008-11-08 19:18 -------- d-----w- c:\program files\Lavasoft 2010-05-22 13:13 . 2008-07-08 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-22 12:51 . 2005-11-30 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-22 12:49 . 2010-05-22 12:49 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-22 12:47 . 2010-05-22 12:47 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-22 12:45 . 2010-05-22 12:45 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-22 12:45 . 2010-05-22 12:45 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-22 12:44 . 2010-05-22 12:44 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-22 12:43 . 2010-05-22 12:47 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-05-22 12:41 . 2010-05-22 12:47 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-21 15:25 . 2008-11-09 18:25 -------- d-----w- c:\documents and settings\Fanou\Application Data\Spyware Terminator 2010-05-21 15:18 . 2005-11-30 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-21 15:18 . 2010-03-18 19:25 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2010-05-21 15:04 . 2008-11-08 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-21 14:53 . 2008-07-28 13:51 -------- d-----w- c:\program files\PCMEdit 2010-05-21 14:52 . 2005-11-30 01:00 -------- d-----w- c:\program files\Google 2010-05-21 14:37 . 2008-11-08 19:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-21 10:17 . 2008-11-09 18:25 -------- d-----w- c:\program files\Spyware Terminator 2010-05-21 10:15 . 2008-11-09 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-05-21 05:51 . 2008-11-08 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-05-20 11:48 . 2010-03-18 15:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-20 06:03 . 2009-02-18 09:43 13864843 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-05-18 15:21 . 2010-05-22 20:52 702120 ----a-w- c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-05-18 15:21 . 2010-05-22 20:52 868456 ----a-w- c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-05-13 08:47 . 2005-04-25 01:03 45200 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2010-05-04 06:49 . 2010-03-05 07:25 3774 ----a-r- c:\documents and settings\Fanou\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_4bde371b.exe 2010-05-04 06:49 . 2010-03-05 07:25 29926 ----a-r- c:\documents and settings\Fanou\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_3d366f1d.exe 2010-05-04 06:49 . 2008-11-11 09:59 -------- d-----w- c:\program files\Power IE 2010-04-29 13:39 . 2008-11-10 20:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2008-11-10 20:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 05:50 . 2006-03-12 18:17 126632 ----a-w- c:\documents and settings\Fanou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-20 15:45 . 2010-03-18 19:37 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-16 19:04 . 2010-04-16 18:55 -------- d-----w- c:\documents and settings\Fanou\Application Data\freeTVRadio 2010-04-16 18:19 . 2010-04-16 18:19 -------- d-----w- c:\program files\Avira 2010-04-16 18:19 . 2010-04-16 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-16 08:39 . 2006-03-23 21:43 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-04-15 13:26 . 2010-05-20 06:31 1286521 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2010-04-15 13:26 . 2010-05-20 06:31 541043 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2010-04-15 13:26 . 2010-05-20 06:31 2613623 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2010-04-15 13:26 . 2010-05-20 06:31 373106 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2010-04-13 06:56 . 2010-04-11 16:06 -------- d-----w- c:\documents and settings\Fanou\Application Data\Stellarium 2010-04-11 15:54 . 2010-04-11 15:54 -------- d-----w- c:\program files\Stellarium 2010-04-10 14:50 . 2010-04-10 15:37 2772992 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-04-09 19:00 . 2008-07-04 13:21 -------- d-----w- c:\program files\AVG 2010-04-09 08:11 . 2010-04-02 10:29 -------- d-----w- c:\program files\Citemaison 2010-04-05 08:40 . 2010-04-05 08:41 2741760 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-04-01 15:06 . 2010-05-20 06:31 242039 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2010-04-01 15:06 . 2010-05-20 06:31 188790 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2010-03-31 01:58 . 2010-01-15 21:04 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2006-03-26 22:07 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2006-03-26 22:07 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-19 10:36 . 2010-05-20 06:31 426358 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll 2010-03-17 09:11 . 2010-05-20 06:31 254323 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll 2010-03-17 09:11 . 2010-05-20 06:31 201083 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-12 07:43 . 2010-03-12 07:43 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-12 07:43 . 2010-03-12 07:43 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-12 07:39 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-10 06:16 . 2004-08-05 08:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-25 16:40 . 2010-05-20 06:31 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2010-02-25 06:17 . 2004-08-05 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-05 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 08:16 . 2009-10-03 12:11 181632 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E68E2B73-8EA0-4A94-A901-EB2C55A23932}] c:\windows\system32\udjsklr.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-12 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk backup=c:\windows\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Fanou^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk] path=c:\documents and settings\Fanou\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk backup=c:\windows\pss\Antimalware Doctor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2005-05-04 09:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2004-09-07 12:39 1450094 ------w- c:\program files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-10-13 15:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2004-10-14 12:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] 2008-11-09 18:25 2158592 ----a-w- c:\progra~1\SPYWAR~2\SpywareTerminatorShield.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-12 07:39 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= R0 zupbryql;zupbryql;c:\windows\system32\drivers\zupbryql.sys --> c:\windows\system32\drivers\zupbryql.sys [?] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/04/2010 20:20 108289] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424] S2 gupdate1c9a8b8bcc51050;Service Google Update (gupdate1c9a8b8bcc51050);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 19:32 133104] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\DRIVERS\WlanUIG.sys --> c:\windows\system32\DRIVERS\WlanUIG.sys [?] . Contenu du dossier 'Tâches planifiées' 2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2006-10-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8143979466.job - c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 17:31] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 17:31] 2010-05-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2826103261-839955967-4107118250-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-05-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2826103261-839955967-4107118250-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-05-23 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-30 14:59] 2010-05-23 c:\windows\Tasks\User_Feed_Synchronization-{D3C75F43-DEEB-45DD-9930-304B2E5B4289}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/ServicesAcces.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm Trusted Zone: localhost DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_9418.cab FF - ProfilePath - c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-24 00:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?5?9?6??????? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... c:\windows\system32\wbem\Performance\WmiApRpl_new.h 738 bytes Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2826103261-839955967-4107118250-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:fc,70,f7,6d,8a,45,7a,f8,d1,e1,93,33,9a,c2,31,95,8c,b1,33,5a,7e,b1,92, 39,8d,b9,c3,ac,74,cf,e7,e0,8f,5d,03,5f,57,95,2a,64,db,55,a2,b4,1d,44,71,c7,\ "??"=hex:46,ff,bb,81,33,3d,2c,e7,0f,bd,b1,88,db,8a,f9,e5 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2744) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\ASUS\Bluetooth Software\bin\btwdins.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2010-05-24 00:18:19 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-23 22:18 ComboFix2.txt 2010-05-23 21:08 ComboFix3.txt 2010-05-23 19:48 Avant-CF: 20 141 826 048 octets libres Après-CF: 20 097 814 528 octets libres - - End Of File - - B2C01868423A8521AE515148FA42043F PS: si t'es allé te coucher, je te dis à demain...
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Petite précision: lorsque Cf se lance il demande de se mettre à jour, je dis oui ?
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Aïe: Error : Cannot create file C:\Windows\system32\Drivers\etc\hosts
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Et un rapport, un... Mais il a vraiment un probleme avec ce host, non? ComboFix 10-05-23.03 - Fanou 23/05/2010 22:36:09.2.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.601 [GMT 2:00] Lancé depuis: c:\documents and settings\Fanou\Bureau\panpan.exe Commutateurs utilisés :: c:\documents and settings\Fanou\Bureau\cfscript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: "c:\windows\system32\udjsklr.dll" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\etc\lmhosts . . . . impossible à supprimer . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-23 au 2010-05-23 )))))))))))))))))))))))))))))))))))) . 2010-05-23 19:35 . 2008-04-14 02:34 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-05-23 19:35 . 2008-04-14 02:34 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2010-05-23 15:19 . 2010-05-23 15:43 -------- d-----w- C:\Ad-Remover 2010-05-22 20:52 . 2010-05-23 05:51 -------- d-----w- c:\documents and settings\Fanou\Application Data\QuickScan 2010-05-22 14:06 . 2010-05-22 14:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-22 13:31 . 2010-05-22 13:31 -------- d-----w- C:\found.000 2010-05-22 12:51 . 2010-05-22 12:52 -------- d-----w- c:\program files\QuickTime 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\documents and settings\Fanou\Local Settings\Application Data\Apple 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\program files\Apple Software Update 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-05-22 12:47 . 2010-05-22 12:47 -------- d-----w- c:\documents and settings\Fanou\Application Data\DivX 2010-05-22 12:45 . 2010-05-22 12:45 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-05-22 12:43 . 2010-05-22 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-22 07:58 . 2010-05-22 07:58 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-05-21 21:03 . 2010-05-21 21:03 -------- d-----w- c:\documents and settings\Fanou\DoctorWeb 2010-05-21 11:10 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\Administrateur\DoctorWeb 2010-05-21 11:09 . 2010-05-21 11:09 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2010-05-21 10:38 . 2010-05-21 10:38 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-05-21 10:22 . 2010-05-23 05:48 -------- d-----w- C:\tdsskiller 2010-05-21 07:23 . 2010-05-21 07:23 -------- d-----w- c:\documents and settings\NetworkService\Bureau 2010-05-21 06:54 . 2010-05-21 06:54 -------- d-----w- c:\documents and settings\Fanou\Local Settings\Application Data\Sunbelt Software 2010-05-21 06:53 . 2010-05-22 16:36 -------- dc----w- c:\windows\system32\DRVSTORE 2010-05-21 06:53 . 2010-05-21 06:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-21 06:38 . 2010-05-22 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-20 21:09 . 2010-05-20 21:10 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-05-20 15:44 . 2010-05-20 15:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Spyware Terminator 2010-05-20 12:20 . 2010-05-20 12:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-05-20 12:20 . 2010-05-20 12:20 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-05-20 12:19 . 2005-11-30 00:28 135 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2010-05-20 12:19 . 2005-11-30 00:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer 2010-05-19 21:05 . 2010-05-21 15:02 -------- d-----w- c:\program files\Vilma 2010-04-25 18:55 . 2010-04-25 18:55 -------- d-----w- c:\program files\MSECache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-23 20:44 . 2008-11-09 19:12 176007200 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-23 19:37 . 2008-11-09 19:12 2065784 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-22 16:36 . 2008-11-08 19:18 -------- d-----w- c:\program files\Lavasoft 2010-05-22 13:13 . 2008-07-08 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-22 12:51 . 2005-11-30 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-22 12:49 . 2010-05-22 12:49 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-22 12:47 . 2010-05-22 12:47 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-22 12:45 . 2010-05-22 12:45 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-22 12:45 . 2010-05-22 12:45 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-22 12:44 . 2010-05-22 12:44 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-22 12:43 . 2010-05-22 12:47 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-05-22 12:41 . 2010-05-22 12:47 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-21 15:25 . 2008-11-09 18:25 -------- d-----w- c:\documents and settings\Fanou\Application Data\Spyware Terminator 2010-05-21 15:18 . 2005-11-30 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-21 15:18 . 2010-03-18 19:25 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2010-05-21 15:04 . 2008-11-08 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-21 14:53 . 2008-07-28 13:51 -------- d-----w- c:\program files\PCMEdit 2010-05-21 14:52 . 2005-11-30 01:00 -------- d-----w- c:\program files\Google 2010-05-21 14:37 . 2008-11-08 19:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-21 10:17 . 2008-11-09 18:25 -------- d-----w- c:\program files\Spyware Terminator 2010-05-21 10:15 . 2008-11-09 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-05-21 09:38 . 2004-08-17 09:31 514770 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-21 09:38 . 2004-08-17 09:31 86428 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-21 05:51 . 2008-11-08 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-05-20 11:48 . 2010-03-18 15:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-20 06:03 . 2009-02-18 09:43 13864843 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-05-18 15:21 . 2010-05-22 20:52 702120 ----a-w- c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-05-18 15:21 . 2010-05-22 20:52 868456 ----a-w- c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-05-13 08:47 . 2005-04-25 01:03 45200 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2010-05-04 06:49 . 2010-03-05 07:25 3774 ----a-r- c:\documents and settings\Fanou\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_4bde371b.exe 2010-05-04 06:49 . 2010-03-05 07:25 29926 ----a-r- c:\documents and settings\Fanou\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_3d366f1d.exe 2010-05-04 06:49 . 2008-11-11 09:59 -------- d-----w- c:\program files\Power IE 2010-04-29 13:39 . 2008-11-10 20:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2008-11-10 20:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 05:50 . 2006-03-12 18:17 126632 ----a-w- c:\documents and settings\Fanou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-20 15:45 . 2010-03-18 19:37 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-16 19:04 . 2010-04-16 18:55 -------- d-----w- c:\documents and settings\Fanou\Application Data\freeTVRadio 2010-04-16 18:19 . 2010-04-16 18:19 -------- d-----w- c:\program files\Avira 2010-04-16 18:19 . 2010-04-16 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-16 08:39 . 2006-03-23 21:43 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-04-15 13:26 . 2010-05-20 06:31 1286521 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2010-04-15 13:26 . 2010-05-20 06:31 541043 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2010-04-15 13:26 . 2010-05-20 06:31 2613623 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2010-04-15 13:26 . 2010-05-20 06:31 373106 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2010-04-13 06:56 . 2010-04-11 16:06 -------- d-----w- c:\documents and settings\Fanou\Application Data\Stellarium 2010-04-11 15:54 . 2010-04-11 15:54 -------- d-----w- c:\program files\Stellarium 2010-04-10 14:50 . 2010-04-10 15:37 2772992 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-04-09 19:00 . 2008-07-04 13:21 -------- d-----w- c:\program files\AVG 2010-04-09 08:11 . 2010-04-02 10:29 -------- d-----w- c:\program files\Citemaison 2010-04-05 08:40 . 2010-04-05 08:41 2741760 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-04-01 15:06 . 2010-05-20 06:31 242039 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2010-04-01 15:06 . 2010-05-20 06:31 188790 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2010-03-31 01:58 . 2010-01-15 21:04 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2006-03-26 22:07 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2006-03-26 22:07 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-19 10:36 . 2010-05-20 06:31 426358 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll 2010-03-17 09:11 . 2010-05-20 06:31 254323 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll 2010-03-17 09:11 . 2010-05-20 06:31 201083 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-12 07:43 . 2010-03-12 07:43 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-12 07:43 . 2010-03-12 07:43 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-12 07:39 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-10 06:16 . 2004-08-05 08:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-25 16:40 . 2010-05-20 06:31 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2010-02-25 06:17 . 2004-08-05 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-05 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 08:16 . 2009-10-03 12:11 181632 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E68E2B73-8EA0-4A94-A901-EB2C55A23932}] c:\windows\system32\udjsklr.dll [bU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-12 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk backup=c:\windows\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Fanou^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk] path=c:\documents and settings\Fanou\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk backup=c:\windows\pss\Antimalware Doctor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2005-05-04 09:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2004-09-07 12:39 1450094 ------w- c:\program files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-10-13 15:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2004-10-14 12:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] 2008-11-09 18:25 2158592 ----a-w- c:\progra~1\SPYWAR~2\SpywareTerminatorShield.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-12 07:39 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= R0 zupbryql;zupbryql;c:\windows\system32\drivers\zupbryql.sys --> c:\windows\system32\drivers\zupbryql.sys [?] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/04/2010 20:20 108289] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424] S2 gupdate1c9a8b8bcc51050;Service Google Update (gupdate1c9a8b8bcc51050);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 19:32 133104] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\DRIVERS\WlanUIG.sys --> c:\windows\system32\DRIVERS\WlanUIG.sys [?] . Contenu du dossier 'Tâches planifiées' 2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2006-10-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8143979466.job - c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 17:31] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 17:31] 2010-05-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2826103261-839955967-4107118250-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-05-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2826103261-839955967-4107118250-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-05-23 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-30 14:59] 2010-05-23 c:\windows\Tasks\User_Feed_Synchronization-{D3C75F43-DEEB-45DD-9930-304B2E5B4289}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/ServicesAcces.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm Trusted Zone: localhost DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_9418.cab FF - ProfilePath - c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-23 22:58 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?5?9?6??P???? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2826103261-839955967-4107118250-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:fc,70,f7,6d,8a,45,7a,f8,d1,e1,93,33,9a,c2,31,95,8c,b1,33,5a,7e,b1,92, 39,8d,b9,c3,ac,74,cf,e7,e0,8f,5d,03,5f,57,95,2a,64,db,55,a2,b4,1d,44,71,c7,\ "??"=hex:46,ff,bb,81,33,3d,2c,e7,0f,bd,b1,88,db,8a,f9,e5 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WlNotify.dll - - - - - - - > 'explorer.exe'(2508) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\ASUS\Bluetooth Software\bin\btwdins.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2010-05-23 23:08:50 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-23 21:08 ComboFix2.txt 2010-05-23 19:48 Avant-CF: 20 207 763 456 octets libres Après-CF: 20 169 195 520 octets libres - - End Of File - - 314C6D5E63AE13A1399C3451FF06B0C4 PS:C'est vraiment super ce site !
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

windows ne peut pas créer le fichier avec rhost, pqoi?
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Je crois qu'il a trouvé qqchose... ComboFix 10-05-23.01 - Fanou 23/05/2010 21:22:37.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.606 [GMT 2:00] Lancé depuis: c:\documents and settings\Fanou\Bureau\panpan.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ADS - WINDOWS: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Fanou\Application Data\ATManager c:\documents and settings\Fanou\Application Data\Microsoft\HTML Help\hh.dat c:\windows\system32\drivers\etc\lmhosts . . . . impossible à supprimer c:\windows\system32\udjsklr.dll . . . . impossible à supprimer Une copie infectée de c:\windows\system32\drivers\isapnp.sys a été trouvée et désinfectée Copie restaurée à partir de - Kitty had a snack c:\windows\system32\grpconv.exe était absent Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\grpconv.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_QYGTMNIU -------\Legacy_SSHNAS -------\Service_qygtmniu ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-23 au 2010-05-23 )))))))))))))))))))))))))))))))))))) . 2010-05-23 19:35 . 2008-04-14 02:34 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-05-23 19:35 . 2008-04-14 02:34 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2010-05-23 15:19 . 2010-05-23 15:43 -------- d-----w- C:\Ad-Remover 2010-05-22 20:52 . 2010-05-23 05:51 -------- d-----w- c:\documents and settings\Fanou\Application Data\QuickScan 2010-05-22 14:06 . 2010-05-22 14:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-22 13:31 . 2010-05-22 13:31 -------- d-----w- C:\found.000 2010-05-22 12:51 . 2010-05-22 12:52 -------- d-----w- c:\program files\QuickTime 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\documents and settings\Fanou\Local Settings\Application Data\Apple 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\program files\Apple Software Update 2010-05-22 12:50 . 2010-05-22 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-05-22 12:47 . 2010-05-22 12:47 -------- d-----w- c:\documents and settings\Fanou\Application Data\DivX 2010-05-22 12:45 . 2010-05-22 12:45 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2010-05-22 12:43 . 2010-05-22 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-22 07:58 . 2010-05-22 07:58 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2010-05-21 21:03 . 2010-05-21 21:03 -------- d-----w- c:\documents and settings\Fanou\DoctorWeb 2010-05-21 11:10 . 2010-05-21 11:10 -------- d-----w- c:\documents and settings\Administrateur\DoctorWeb 2010-05-21 11:09 . 2010-05-21 11:09 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2010-05-21 10:38 . 2010-05-21 10:38 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-05-21 10:22 . 2010-05-23 05:48 -------- d-----w- C:\tdsskiller 2010-05-21 07:23 . 2010-05-21 07:23 -------- d-----w- c:\documents and settings\NetworkService\Bureau 2010-05-21 06:54 . 2010-05-21 06:54 -------- d-----w- c:\documents and settings\Fanou\Local Settings\Application Data\Sunbelt Software 2010-05-21 06:53 . 2010-05-22 16:36 -------- dc----w- c:\windows\system32\DRVSTORE 2010-05-21 06:53 . 2010-05-21 06:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-21 06:38 . 2010-05-22 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-20 21:09 . 2010-05-20 21:10 -------- d-----w- c:\documents and settings\LocalService\Bureau 2010-05-20 15:44 . 2010-05-20 15:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Spyware Terminator 2010-05-20 12:20 . 2010-05-20 12:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-05-20 12:20 . 2010-05-20 12:20 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-05-20 12:19 . 2005-11-30 00:28 135 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2010-05-20 12:19 . 2005-11-30 00:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer 2010-05-19 21:05 . 2010-05-21 15:02 -------- d-----w- c:\program files\Vilma 2010-04-25 18:55 . 2010-04-25 18:55 -------- d-----w- c:\program files\MSECache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-23 19:43 . 2008-11-09 19:12 175931424 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-23 19:37 . 2008-11-09 19:12 2065784 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-22 16:36 . 2008-11-08 19:18 -------- d-----w- c:\program files\Lavasoft 2010-05-22 13:13 . 2008-07-08 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-22 12:51 . 2005-11-30 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-05-22 12:49 . 2010-05-22 12:49 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-05-22 12:47 . 2010-05-22 12:47 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-05-22 12:47 . 2010-05-22 12:47 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-05-22 12:46 . 2010-05-22 12:46 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-22 12:45 . 2010-05-22 12:45 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-22 12:45 . 2010-05-22 12:45 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-22 12:44 . 2010-05-22 12:44 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-05-22 12:43 . 2010-05-22 12:47 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-05-22 12:41 . 2010-05-22 12:47 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-21 15:25 . 2008-11-09 18:25 -------- d-----w- c:\documents and settings\Fanou\Application Data\Spyware Terminator 2010-05-21 15:18 . 2005-11-30 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-21 15:18 . 2010-03-18 19:25 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2010-05-21 15:04 . 2008-11-08 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-21 14:53 . 2008-07-28 13:51 -------- d-----w- c:\program files\PCMEdit 2010-05-21 14:52 . 2005-11-30 01:00 -------- d-----w- c:\program files\Google 2010-05-21 14:37 . 2008-11-08 19:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-21 10:17 . 2008-11-09 18:25 -------- d-----w- c:\program files\Spyware Terminator 2010-05-21 10:15 . 2008-11-09 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-05-21 09:38 . 2004-08-17 09:31 514770 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-21 09:38 . 2004-08-17 09:31 86428 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-21 05:51 . 2008-11-08 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-05-20 11:48 . 2010-03-18 15:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-05-20 06:03 . 2009-02-18 09:43 13864843 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2010-05-18 15:21 . 2010-05-22 20:52 702120 ----a-w- c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-05-18 15:21 . 2010-05-22 20:52 868456 ----a-w- c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-05-13 08:47 . 2005-04-25 01:03 45200 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2010-05-04 06:49 . 2010-03-05 07:25 3774 ----a-r- c:\documents and settings\Fanou\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_4bde371b.exe 2010-05-04 06:49 . 2010-03-05 07:25 29926 ----a-r- c:\documents and settings\Fanou\Application Data\Microsoft\Installer\{AF7C627C-F354-4FF1-8450-398C806B436E}\_3d366f1d.exe 2010-05-04 06:49 . 2008-11-11 09:59 -------- d-----w- c:\program files\Power IE 2010-04-29 13:39 . 2008-11-10 20:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2008-11-10 20:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 05:50 . 2006-03-12 18:17 126632 ----a-w- c:\documents and settings\Fanou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-20 15:45 . 2010-03-18 19:37 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-16 19:04 . 2010-04-16 18:55 -------- d-----w- c:\documents and settings\Fanou\Application Data\freeTVRadio 2010-04-16 18:19 . 2010-04-16 18:19 -------- d-----w- c:\program files\Avira 2010-04-16 18:19 . 2010-04-16 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-04-16 08:39 . 2006-03-23 21:43 -------- d-----w- c:\program files\Fichiers communs\Adobe 2010-04-15 13:26 . 2010-05-20 06:31 1286521 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2010-04-15 13:26 . 2010-05-20 06:31 541043 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2010-04-15 13:26 . 2010-05-20 06:31 2613623 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2010-04-15 13:26 . 2010-05-20 06:31 373106 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2010-04-13 06:56 . 2010-04-11 16:06 -------- d-----w- c:\documents and settings\Fanou\Application Data\Stellarium 2010-04-11 15:54 . 2010-04-11 15:54 -------- d-----w- c:\program files\Stellarium 2010-04-10 14:50 . 2010-04-10 15:37 2772992 ----a-w- c:\windows\Internet Logs\xDB9.tmp 2010-04-09 19:00 . 2008-07-04 13:21 -------- d-----w- c:\program files\AVG 2010-04-09 08:11 . 2010-04-02 10:29 -------- d-----w- c:\program files\Citemaison 2010-04-05 08:40 . 2010-04-05 08:41 2741760 ----a-w- c:\windows\Internet Logs\xDB8.tmp 2010-04-01 15:06 . 2010-05-20 06:31 242039 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll 2010-04-01 15:06 . 2010-05-20 06:31 188790 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2010-03-31 01:58 . 2010-01-15 21:04 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2006-03-26 22:07 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2006-03-26 22:07 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-19 10:36 . 2010-05-20 06:31 426358 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll 2010-03-17 09:11 . 2010-05-20 06:31 254323 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aesbx.dll 2010-03-17 09:11 . 2010-05-20 06:31 201083 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-12 07:43 . 2010-03-12 07:43 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-12 07:43 . 2010-03-12 07:43 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-12 07:43 . 2010-03-12 07:43 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-12 07:39 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-10 06:16 . 2004-08-05 08:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-25 16:40 . 2010-05-20 06:31 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll 2010-02-25 06:17 . 2004-08-05 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-05 08:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 08:16 . 2009-10-03 12:11 181632 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 344064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-03-12 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ AutoTBar.exe [2003-9-30 57344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk backup=c:\windows\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Fanou^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk] path=c:\documents and settings\Fanou\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk backup=c:\windows\pss\Antimalware Doctor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2005-05-04 09:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2004-09-07 12:39 1450094 ------w- c:\program files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2004-10-13 15:04 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] 2004-10-14 12:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] 2008-11-09 18:25 2158592 ----a-w- c:\progra~1\SPYWAR~2\SpywareTerminatorShield.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-12 07:39 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"= R0 zupbryql;zupbryql;c:\windows\system32\drivers\zupbryql.sys --> c:\windows\system32\drivers\zupbryql.sys [?] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/04/2010 20:20 108289] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 11:06 231424] S2 gupdate1c9a8b8bcc51050;Service Google Update (gupdate1c9a8b8bcc51050);c:\program files\Google\Update\GoogleUpdate.exe [19/03/2009 19:32 133104] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\DRIVERS\WlanUIG.sys --> c:\windows\system32\DRIVERS\WlanUIG.sys [?] . Contenu du dossier 'Tâches planifiées' 2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2006-10-21 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8143979466.job - c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 17:31] 2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 17:31] 2010-05-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2826103261-839955967-4107118250-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-05-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2826103261-839955967-4107118250-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-05-23 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-11-30 14:59] 2010-05-23 c:\windows\Tasks\User_Feed_Synchronization-{D3C75F43-DEEB-45DD-9930-304B2E5B4289}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/ServicesAcces.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\ASUS\Bluetooth Software\btsendto_ie.htm Trusted Zone: localhost DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_9418.cab FF - ProfilePath - c:\documents and settings\Fanou\Application Data\Mozilla\Firefox\Profiles\bgmw1mf2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - BHO-{E68E2B73-8EA0-4A94-A901-EB2C55A23932} - c:\windows\system32\udjsklr.dll ShellIconOverlayIdentifiers-{E68E2B73-8EA0-4A94-A901-EB2C55A23932} - c:\windows\system32\udjsklr.dll HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe Notify-avgrsstarter - avgrsstx.dll MSConfigStartUp-gotnewupdate000 - c:\documents and settings\Fanou\Application Data\110A0F8412C1B9A25D0DEEF69C4385FD\gotnewupdate000.exe MSConfigStartUp-hdqgyykv - c:\documents and settings\Fanou\Local Settings\Application Data\gbflwonim\iiycwjgtssd.exe MSConfigStartUp-hsfe8owijfisjhgs7ye39gjsoighsd7y3eu - c:\docume~1\Fanou\LOCALS~1\Temp\i1llwh9.exe MSConfigStartUp-hsfg9w8gujsokgahi8gysgnsdgefshyjy - c:\docume~1\Fanou\LOCALS~1\Temp\lsass.exe MSConfigStartUp-M5T8QL3YW3 - c:\docume~1\Fanou\LOCALS~1\Temp\Jvd.exe MSConfigStartUp-mcexecwin - c:\docume~1\Fanou\LOCALS~1\Temp\owwztd.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-23 21:39 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?5?9?6??????? ???B?????????????hLC? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2826103261-839955967-4107118250-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:fc,70,f7,6d,8a,45,7a,f8,d1,e1,93,33,9a,c2,31,95,8c,b1,33,5a,7e,b1,92, 39,8d,b9,c3,ac,74,cf,e7,e0,8f,5d,03,5f,57,95,2a,64,db,55,a2,b4,1d,44,71,c7,\ "??"=hex:46,ff,bb,81,33,3d,2c,e7,0f,bd,b1,88,db,8a,f9,e5 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1096) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\ASUS\Bluetooth Software\bin\btwdins.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\program files\Spyware Terminator\sp_rsser.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\program files\Java\jre6\bin\jucheck.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-05-23 21:48:38 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-23 19:48 Avant-CF: 18 943 983 616 octets libres Après-CF: 20 221 579 264 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 18104CFB187E2CDBD5982D5D3F4FF4A4
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Il n'y avait jamais eut de rapport, je lance cf, et te dis après. Merci
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Ahhhhhhhhhh, Combofix !!!! Plus sérieusement, il me dit que AVG antivirus doit e^tre désactivé.... Il n'est plus sur le PC depuis au moins 2 mois !!! Je lance quand même ?
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Alors là, truc de fou. Antivir me trouve un autre virus: Dans le fichier 'C:\WINDOWS\system32\drivers\hjbpbrjo.sys' un virus ou un programme indésirable 'TR/Patched.Gen' [trojan] a été détecté. Action exécutée : Supprimer le fichier Sinon, Hijackthis donne çà: Logfile of random's system information tool 1.06 (written by random/random) Run by Fanou at 2010-05-23 20:33:19 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 18 GB (24%) free of 76 GB Total RAM: 1022 MB (23% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:03, on 23/05/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Fanou\Bureau\Antivirus\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Fanou\Bureau\Antivirus\Fanou.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E68E2B73-8EA0-4A94-A901-EB2C55A23932} - c:\windows\system32\udjsklr.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://copainsdavant.linternaute.com/frame...geUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170017079718 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_3_0.cab O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_9418.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe O23 - Service: Service Google Update (gupdate1c9a8b8bcc51050) (gupdate1c9a8b8bcc51050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11048 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1143979466.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2826103261-839955967-4107118250-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2826103261-839955967-4107118250-1006.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\User_Feed_Synchronization-{D3C75F43-DEEB-45DD-9930-304B2E5B4289}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-12 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-20 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-05 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E68E2B73-8EA0-4A94-A901-EB2C55A23932}] c:\windows\system32\udjsklr.dll [2004-08-05 114176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-20 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "ISUSPM Startup"=c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-07-27 221184] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] "eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-10-11 409600] "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-27 344064] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-12 202256] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-18 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gotnewupdate000.exe] C:\Documents and Settings\Fanou\Application Data\110A0F8412C1B9A25D0DEEF69C4385FD\gotnewupdate000.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdqgyykv] C:\Documents and Settings\Fanou\Local Settings\Application Data\gbflwonim\iiycwjgtssd.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-05-04 794624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\DOCUME~1\Fanou\LOCALS~1\Temp\i1llwh9.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\DOCUME~1\Fanou\LOCALS~1\Temp\lsass.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [2004-09-07 1450094] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M5T8QL3YW3] C:\DOCUME~1\Fanou\LOCALS~1\Temp\Jvd.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin] C:\DOCUME~1\Fanou\LOCALS~1\Temp\owwztd.dll, RestoreWindows [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe [2008-11-09 2158592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-03-12 202256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk] C:\PROGRA~1\ASUS\BLUETO~1\BTTray.exe [2008-04-14 596584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpohmr08.exe [2003-04-06 147456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk] C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fanou^Menu Démarrer^Programmes^Démarrage^Antimalware Doctor.lnk] C:\Documents and Settings\Fanou\Application Data\110A0F8412C1B9A25D0DEEF69C4385FD\gotnewupdate000.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-09-28 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] avgrsstx.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 "NoFolderOptions"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords" "C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5baf8e-ba11-11dc-b03a-0014a56d8490}] shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f08334b5-ae7b-11de-8ac1-0014a56d8490}] shell\AutoRun\command - F:\WDSetup.exe ======List of files/folders created in the last 1 months====== 2010-05-23 18:22:48 ----A---- C:\TDSSKiller.2.3.0.0_23.05.2010_18.22.48_log.txt 2010-05-23 18:22:11 ----A---- C:\TDSSKiller.2.3.0.0_23.05.2010_18.22.11_log.txt 2010-05-23 17:33:22 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-05-23 17:19:50 ----A---- C:\Ad-Report-SCAN[1].txt 2010-05-23 17:19:43 ----D---- C:\Ad-Remover 2010-05-23 07:48:44 ----A---- C:\TDSSKiller.2.3.0.0_23.05.2010_07.48.44_log.txt 2010-05-23 07:47:24 ----A---- C:\TCleaner.txt 2010-05-22 22:52:30 ----D---- C:\Documents and Settings\Fanou\Application Data\QuickScan 2010-05-22 18:31:42 ----D---- C:\WINDOWS\ERDNT 2010-05-22 18:29:47 ----D---- C:\Qoobox 2010-05-22 17:09:58 ----D---- C:\Program Files\Mozilla Firefox 2010-05-22 15:31:48 ----SHD---- C:\found.000 2010-05-22 15:16:10 ----D---- C:\Documents and Settings\Fanou\Application Data\Mozilla 2010-05-22 14:51:58 ----D---- C:\Program Files\QuickTime 2010-05-22 14:50:54 ----D---- C:\Program Files\Fichiers communs\Apple 2010-05-22 14:50:31 ----D---- C:\Program Files\Apple Software Update 2010-05-22 14:50:31 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2010-05-22 14:47:07 ----D---- C:\Documents and Settings\Fanou\Application Data\DivX 2010-05-22 14:45:47 ----D---- C:\Program Files\Fichiers communs\DivX Shared 2010-05-22 14:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\DivX 2010-05-21 12:22:15 ----D---- C:\tdsskiller 2010-05-21 08:53:51 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-05-21 08:38:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2010-05-19 23:05:16 ----D---- C:\Program Files\Vilma 2010-05-19 22:38:16 ----A---- C:\WINDOWS\lsrslt.ini 2010-05-19 21:50:57 ----A---- C:\WINDOWS\ntbtlog.txt 2010-05-19 21:22:46 ----D---- C:\Documents and Settings\Fanou\Application Data\ATManager 2010-05-13 11:10:06 ----A---- C:\WINDOWS\cdplayer.ini 2010-05-12 08:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-04-25 20:55:42 ----D---- C:\Program Files\MSECache ======List of files/folders modified in the last 1 months====== 2010-05-23 20:34:02 ----D---- C:\WINDOWS\system32\drivers 2010-05-23 20:33:33 ----D---- C:\WINDOWS\Prefetch 2010-05-23 20:27:59 ----D---- C:\WINDOWS\Internet Logs 2010-05-23 20:21:51 ----D---- C:\WINDOWS\Temp 2010-05-23 19:52:03 ----D---- C:\WINDOWS\system32 2010-05-23 19:16:43 ----SHD---- C:\System Volume Information 2010-05-23 19:16:43 ----D---- C:\WINDOWS\system32\Restore 2010-05-23 18:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-23 18:07:00 ----SD---- C:\WINDOWS\Tasks 2010-05-23 18:06:16 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-23 17:42:32 ----RD---- C:\Program Files 2010-05-23 15:26:20 ----HD---- C:\Config.Msi 2010-05-22 19:11:25 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-22 18:36:52 ----SHD---- C:\WINDOWS\Installer 2010-05-22 18:36:50 ----D---- C:\Program Files\Lavasoft 2010-05-22 18:31:42 ----AD---- C:\WINDOWS 2010-05-22 17:57:48 ----D---- C:\WINDOWS\system32\NtmsData 2010-05-22 15:33:50 ----D---- C:\WINDOWS\SxsCaPendDel 2010-05-22 15:13:43 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2010-05-22 14:51:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2010-05-22 14:50:54 ----D---- C:\Program Files\Fichiers communs 2010-05-21 17:25:29 ----D---- C:\Documents and Settings\Fanou\Application Data\Spyware Terminator 2010-05-21 17:18:07 ----HD---- C:\Program Files\InstallShield Installation Information 2010-05-21 17:18:06 ----D---- C:\Program Files\Fichiers communs\PC Tools 2010-05-21 17:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-21 16:55:12 ----HD---- C:\WINDOWS\inf 2010-05-21 16:53:55 ----D---- C:\Program Files\PCMEdit 2010-05-21 16:52:11 ----D---- C:\Program Files\Google 2010-05-21 16:42:48 ----D---- C:\WINDOWS\WinSxS 2010-05-21 16:37:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-05-21 16:24:25 ----RASH---- C:\boot.ini 2010-05-21 16:24:25 ----A---- C:\WINDOWS\win.ini 2010-05-21 16:24:25 ----A---- C:\WINDOWS\system.ini 2010-05-21 12:17:06 ----D---- C:\Program Files\Spyware Terminator 2010-05-21 12:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2010-05-21 11:38:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-21 07:51:37 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro 2010-05-20 14:18:56 ----D---- C:\Documents and Settings 2010-05-20 14:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2010-05-20 08:02:55 ----D---- C:\WINDOWS\PeerNet 2010-05-20 08:00:44 ----D---- C:\WINDOWS\system32\wbem 2010-05-19 23:03:54 ----RSHD---- C:\WINDOWS\system32\dllcache 2010-05-19 22:48:50 ----D---- C:\Malwarebytes' Anti-Malware 2010-05-19 22:45:15 ----D---- C:\WINDOWS\pss 2010-05-14 08:42:23 ----D---- C:\WINDOWS\Registration 2010-05-13 10:47:34 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2010-05-13 10:47:34 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2010-05-13 10:47:34 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2010-05-13 10:47:30 ----N---- C:\WINDOWS\system32\PxSFS.DLL 2010-05-13 10:47:30 ----N---- C:\WINDOWS\system32\Px.dll 2010-05-13 10:47:29 ----N---- C:\WINDOWS\system32\PxWave.dll 2010-05-13 10:47:29 ----N---- C:\WINDOWS\system32\pxdrv.dll 2010-05-13 10:47:28 ----N---- C:\WINDOWS\system32\PxMas.dll 2010-05-12 08:31:09 ----D---- C:\Program Files\Outlook Express 2010-05-12 08:27:13 ----HD---- C:\WINDOWS\$hf_mig$ 2010-05-04 08:49:41 ----D---- C:\Program Files\Power IE 2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe 2010-04-25 20:57:15 ----SD---- C:\Documents and Settings\Fanou\Application Data\Microsoft 2010-04-25 20:56:28 ----RSD---- C:\WINDOWS\Fonts 2010-04-25 20:56:17 ----D---- C:\Program Files\Microsoft Office 2010-04-25 20:56:14 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-04-02 82380] R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys [] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-07 28672] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2004-09-07 27648] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-04-20 28520] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-04-20 56816] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-28 1345536] R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-10-12 1952512] R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272] R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008] R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-06-21 74496] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-07 92928] S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2008-04-15 534440] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-09-20 156392] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384] S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys [] S3 hitmanpro3;Hitman Pro 3 Support Driver; \??\C:\WINDOWS\system32\drivers\hitmanpro3.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-04-20 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-20 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-28 376832] R2 btwdins;Bluetooth Service; C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624] R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1192048] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-09-22 53248] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728] R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-11-09 537600] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-10-11 102400] S2 gupdate1c9a8b8bcc51050;Service Google Update (gupdate1c9a8b8bcc51050); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-19 133104] S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-09-07 1192048] S2 qygtmniu;Print Class for IEEE-1284.4 HPZipr12Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 138168] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

J'avais été pessimiste, il n'a mis qu'une heure trente (c'est vrai que depuis 3 jours j'en ai fait sauter des programmes et autres fichiers.. ) Mais comme prévu, il n'a rien trouvé... :P Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4133 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23/05/2010 20:12:24 mbam-log-2010-05-23 (20-12-24).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 327768 Temps écoulé: 1 heure(s), 32 minute(s), 52 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Je suis vraiment épaté par ta dispo. Voici le rapport rkill, assez bizarre d'ailleurs, j'ai pourtant désactiver Antivir et Zona Alarm: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Fanou on 23/05/2010 at 18:31:49. Processes terminated by Rkill or while it was running: C:\Documents and Settings\Fanou\Bureau\rkill.scr Rkill completed on 23/05/2010 at 18:31:55. ____________________________________ Je fais le scan MBAM, mais ça va être long, au moins deux heures trente je crois, donc bon appétit, peut être à ce soir
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Voici le rapport: 18:22:48:890 3328 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17 18:22:48:890 3328 ================================================================================ 18:22:48:890 3328 SystemInfo: 18:22:48:890 3328 OS Version: 5.1.2600 ServicePack: 3.0 18:22:48:890 3328 Product type: Workstation 18:22:48:890 3328 ComputerName: STEPH 18:22:48:890 3328 UserName: Fanou 18:22:48:890 3328 Windows directory: C:\WINDOWS 18:22:48:890 3328 Processor architecture: Intel x86 18:22:48:890 3328 Number of processors: 1 18:22:48:890 3328 Page size: 0x1000 18:22:48:890 3328 Boot type: Normal boot 18:22:48:890 3328 ================================================================================ 18:22:48:890 3328 UnloadDriverW: NtUnloadDriver error 2 18:22:48:890 3328 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2 18:22:48:906 3328 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system 18:22:48:906 3328 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 18:22:48:906 3328 wfopen_ex: Trying to KLMD file open 18:22:48:906 3328 wfopen_ex: File opened ok (Flags 2) 18:22:48:906 3328 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software 18:22:48:906 3328 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 18:22:48:906 3328 wfopen_ex: Trying to KLMD file open 18:22:48:906 3328 wfopen_ex: File opened ok (Flags 2) 18:22:48:906 3328 KLAVA engine initialized 18:22:49:031 3328 Initialize success 18:22:49:031 3328 18:22:49:031 3328 Scanning Services ... 18:22:49:453 3328 Raw services enum returned 365 services 18:22:49:453 3328 18:22:49:453 3328 Scanning Drivers ... 18:22:50:156 3328 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:22:50:203 3328 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 18:22:50:296 3328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:22:50:531 3328 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 18:22:50:656 3328 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys 18:22:50:890 3328 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 18:22:50:968 3328 AmdK8 (62271ff14baa810323ac816c5d355ba9) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 18:22:51:156 3328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 18:22:51:390 3328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:22:51:437 3328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:22:51:625 3328 ati2mtag (6ef070828e7b8c6f45d8f0e9ce28ca8b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 18:22:51:703 3328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:22:51:781 3328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:22:51:906 3328 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 18:22:52:046 3328 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:22:52:140 3328 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:22:52:390 3328 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 18:22:52:515 3328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:22:52:656 3328 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys 18:22:52:796 3328 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys 18:22:52:921 3328 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 18:22:52:984 3328 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 18:22:53:015 3328 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys 18:22:53:093 3328 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys 18:22:53:328 3328 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys 18:22:53:406 3328 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys 18:22:53:546 3328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:22:53:609 3328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:22:53:734 3328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:22:53:812 3328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:22:53:953 3328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 18:22:54:140 3328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 18:22:54:250 3328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:22:54:328 3328 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 18:22:54:484 3328 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 18:22:54:625 3328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:22:54:703 3328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:22:54:750 3328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:22:54:937 3328 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys 18:22:55:265 3328 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys 18:22:55:484 3328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:22:55:625 3328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:22:55:718 3328 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 18:22:55:765 3328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:22:55:828 3328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:22:55:890 3328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:22:55:921 3328 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:22:56:000 3328 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 18:22:56:187 3328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:22:56:328 3328 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 18:22:56:406 3328 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 18:22:56:468 3328 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 18:22:56:546 3328 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys 18:22:56:625 3328 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 18:22:56:718 3328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:22:56:968 3328 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:22:57:125 3328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:22:57:234 3328 InCDfs (58c91197a6256fb6e81cf11c7d4fc48e) C:\WINDOWS\system32\drivers\InCDfs.sys 18:22:57:312 3328 InCDPass (a525e8b4b3153a1cf247e622f7d3fa8b) C:\WINDOWS\system32\DRIVERS\InCDPass.sys 18:22:57:359 3328 InCDrec (a61b60dc1cfb1f71ef982ddd86c37eab) C:\WINDOWS\system32\drivers\InCDrec.sys 18:22:57:421 3328 incdrm (b6f7751fda054787956dc086eeeb552e) C:\WINDOWS\system32\drivers\incdrm.sys 18:22:57:531 3328 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:22:57:593 3328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:22:57:640 3328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:22:57:718 3328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:22:57:875 3328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:22:57:953 3328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:22:58:031 3328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:22:58:078 3328 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:22:58:140 3328 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:22:58:312 3328 KLIF (2cf7c3dd0102a32a680ef97f3b1c861a) C:\WINDOWS\system32\DRIVERS\klif.sys 18:22:58:437 3328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:22:58:515 3328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:22:58:609 3328 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 18:22:58:687 3328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:22:58:812 3328 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 18:22:58:906 3328 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:22:59:093 3328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:22:59:156 3328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:22:59:406 3328 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:22:59:453 3328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:22:59:484 3328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:22:59:625 3328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:22:59:687 3328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:22:59:734 3328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:22:59:812 3328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 18:22:59:890 3328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:22:59:984 3328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:23:00:046 3328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:23:00:093 3328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:23:00:187 3328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 18:23:00:234 3328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:23:00:312 3328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:23:00:406 3328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 18:23:00:578 3328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:23:00:656 3328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:23:00:828 3328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:23:00:890 3328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:23:00:984 3328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:23:01:078 3328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 18:23:01:109 3328 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 18:23:01:156 3328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:23:01:234 3328 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 18:23:01:328 3328 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 18:23:01:390 3328 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:23:01:421 3328 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 18:23:01:593 3328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:23:01:687 3328 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys 18:23:01:859 3328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:23:02:000 3328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:23:02:078 3328 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys 18:23:02:390 3328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:23:02:437 3328 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 18:23:02:546 3328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:23:02:578 3328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:23:02:656 3328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:23:02:750 3328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:23:02:796 3328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:23:02:890 3328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 18:23:03:046 3328 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:23:03:234 3328 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 18:23:03:390 3328 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 18:23:03:500 3328 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 18:23:03:578 3328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:23:03:687 3328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:23:03:812 3328 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 18:23:03:968 3328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:23:04:140 3328 SMCIRDA (039f7b892ad78fd836cd56f0551dab33) C:\WINDOWS\system32\DRIVERS\smcirda.sys 18:23:04:265 3328 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 18:23:04:421 3328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:23:04:468 3328 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 18:23:04:656 3328 srescan (bda0ecc7cba1d3b9fd7ff2881bf9b463) C:\WINDOWS\system32\ZoneLabs\srescan.sys 18:23:04:937 3328 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 18:23:05:062 3328 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 18:23:05:218 3328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:23:05:578 3328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:23:05:734 3328 SynTP (f484c77f748729129d5cc9c965d9f701) C:\WINDOWS\system32\DRIVERS\SynTP.sys 18:23:05:843 3328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:23:06:000 3328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:23:06:109 3328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:23:06:171 3328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:23:06:250 3328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:23:06:359 3328 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys 18:23:06:500 3328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:23:06:703 3328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:23:06:765 3328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:23:06:843 3328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:23:06:906 3328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:23:06:953 3328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 18:23:07:031 3328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:23:07:093 3328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:23:07:156 3328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:23:07:203 3328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:23:07:265 3328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:23:07:312 3328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 18:23:07:359 3328 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 18:23:07:437 3328 vsdatant (279761ad6562c0d4309cb1bbb260233f) C:\WINDOWS\system32\vsdatant.sys 18:23:07:515 3328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:23:07:578 3328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:23:07:687 3328 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 18:23:07:921 3328 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 18:23:08:187 3328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 18:23:08:343 3328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:23:08:390 3328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:23:08:406 3328 18:23:08:406 3328 Completed 18:23:08:421 3328 18:23:08:421 3328 Results: 18:23:08:421 3328 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 18:23:08:421 3328 File objects infected / cured / cured on reboot: 0 / 0 / 0 18:23:08:421 3328 18:23:08:421 3328 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system 18:23:08:421 3328 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software 18:23:08:421 3328 KLMD(ARK) unloaded successfully
- le 23 mai 2010
- 31 réponses
Cheval de Troie: Hijacker.gen [Résolu]

Guenillot a répondu à un(e) sujet de Guenillot dans Analyses et éradication malwares

Les deux étapes ont été faites, et lorsque le PC s'est rallumé, a peine rentré sur Mozilla, Avira ma re-signaler Hijacker... PS: Encore Merci. Voici le rapport du scan: . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 19/05/10 à 19:20 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 17:19:45 le 23/05/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86) Nom du PC: STEPH Utilisateur actuel: Fanou . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . C:\Program Files\Search Settings . HKCU\Software\Lanconfig HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F HKLM\Software\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} HKLM\Software\Search Settings HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542} HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb128\SearchSettings.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.6.3 (fr) * . C:\Documents and Settings\Fanou\..\bgmw1mf2.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Fanou\\Bureau C:\Documents and Settings\Fanou\..\bgmw1mf2.default\prefs.js - browser.startup.homepage: hxxp://www.orange.fr/ C:\Documents and Settings\Fanou\..\bgmw1mf2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Show_ToolBar: yes Start Page: hxxp://hpp.orange.fr/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 1 Fichier(s) . C:\Ad-Report-SCAN[1].txt - 3259 Octet(s) . Fin à: 17:31:31, 23/05/2010 . ============== E.O.F - SCAN[1] ============== Rapport du Clean: . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 19/05/10 à 19:20 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 17:33:18 le 23/05/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft Windows XP Édition familiale (Service Pack 3 - X86) Nom du PC: STEPH Utilisateur actuel: Fanou . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . C:\Program Files\Search Settings (!) -- Fichiers temporaires supprimés. . HKCU\Software\Lanconfig HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F HKLM\Software\Classes\Installer\Products\79CAA1B036589D14EA74856E2A220F1E HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\79CAA1B036589D14EA74856E2A220F1E HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} HKLM\Software\Search Settings HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542} HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb128\SearchSettings.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\Search Settings\SearchSettings.exe . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.6.3 (fr) * . C:\Documents and Settings\Fanou\..\bgmw1mf2.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Fanou\\Bureau C:\Documents and Settings\Fanou\..\bgmw1mf2.default\prefs.js - browser.startup.homepage: hxxp://www.orange.fr/ C:\Documents and Settings\Fanou\..\bgmw1mf2.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 . . * Internet Explorer Version 8.0.6001.18702 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . AutoHide: yes Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 14 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 3477 Octet(s) C:\Ad-Report-SCAN[1].txt - 3383 Octet(s) . Fin à: 17:43:45, 23/05/2010 . ============== E.O.F - CLEAN[1] ==============
- le 23 mai 2010
- 31 réponses

Connexion

Guenillot

Compteur de contenus

Inscription

Dernière visite

Guenillot's Achievements

Junior Member (3/12)

Réputation sur la communauté

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Cheval de Troie: Hijacker.gen [Résolu]

Zebulon

Outils en ligne

Naviguer