yop666
-
Compteur de contenus
12 -
Inscription
-
Dernière visite
yop666's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
il reste pourtant quelque chose !!! ComboFix 10-08-05.06 - Administrateur 06/08/2010 16:46:15.11.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2056 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\w32tm.exe . . . est infecté!!
-
voila ce qui s'affiche : je n'ai pas d'options ...
-
bonjour mark, j'ai pas vu ton message, j'attendais le retour de pear ... je fait un rapport et te le post ce soir fred.
-
bonjour, PEAR s'occupait de mon cas, peut être est il partit en vacances ... mon topic http://forum.zebulon.fr/virus-boo-sinowalc-t178092.html infection a base de SINOWAL.c
-
bonjour pear, et merci encore de t'occuper de mon probleme . j'ai entré toutes les commandes dans la console, tout s'est bien passé, le virus est toujours la au démarrage de GMER
-
j'ai effectivement un cd de xp, j'ai tenté d'installer la console de récupération mais windows me dit qu'il manque le fichier system32\hal.dll par contre j'y accède via le cd de xp : réparer touche r puis je rentre dans la console
-
la version de MRB que tu me demande de lancer s'ouvre et se ferme presque instantanément , j'arrive juste a lire que c'est infecté ... j'ai la version 1.0.15, qui fonctionne sur mon ordi. j'avais fait un log avant de venir sur ce forum, log confirmant l'infection j'ai suivi la procédure "%userprofile%\Bureau\mbr" -f qui ne fonctionne que si l'on met le premier log a la poubelle : Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK MBR rootkit code detected ! malicious code @ sector 0x13153e99 size 0x1c8 ! il s'accroche !!!
-
bonjour pear, quand je lande l'option 2 , il cherche mais ne redémarre pas l'ordinateur avira détecte toujours le virus voila le log : HAXFIX logfile - by Marckie version 5.094 18/07/2010 15:15:36,60 --- Auto Haxdoorfix --- Haxdoorfix Part 1 matching notifykey found: AtiExt searching for matching services services not found, haxdoorkey AtiE not added to delete no infections found Haxdoorfix Part 2 searching for notifykeys no notifykeys found searching for services no services found searching for safeboot services no safeboot services found --- Goldun- and SpyBankerfix --- searching for other goldun- spybanker- and haxdoorfiles: no other Haxdoor or Goldun files found checking iexplore.exe iexplore.exe is not infected searching for SSODLkeys no SSODLkeys found searching for browser helper objects no known browser helper objects found searching for appinit files checking for Active Setup Installed Components no known Active Setup Installed Components found searching for notifykeys no notify keys found searching for services no services found Finished
-
voici le rapport : HAXFIX logfile - by Marckie version 5.094 18/07/2010 0:49:05,50 --- INFORMATION --- Manufacturer: Gigabyte Technology Co., Ltd. - Model: EP45-DS4 Operating System: Microsoft Windows XP Professionnel -- 5.1.2600 -- Service Pack 3 -- Processor: Processeur Intel Pentium III Xeon Number of Processors: 2 Work Station Bootmode: Normal boot Total RAM: 3070 MB (free 2194 MB - 71%) Computername: D5A4D33EC15C499 Domain: WORKGROUP User: Administrateur (Administrator account) Bootdevice: \Device\HarddiskVolume3 Systemdrive: C: Windowsdirectory: C:\WINDOWS Systemdirectory: C:\WINDOWS\system32 Internet Explorer Version: 7.0.5730.13 Antivirus Program: AntiVir Desktop 9.0.1.32 [Not Enabled - Updated] Antivirus Program: Emsisoft Anti-Malware 5 [Not Enabled - Updated] --- Checking for Haxdoor --- checking for a3d files a3d files not found checking for matching notify keys matching notify keys found AtiE checking for matching services matching services found Si3132 Si3124 checking for matching safeboot services no matching safeboot services found --- Checking for Goldun - Spybanker --- checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for random used files and services -- these files are not necessarily malicious -- scanning all folders C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\164368FE9051439A8E8FB3FE5730FC7C_icon48.png C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\00879DF6B28A9273468529A834F86D3F_Skins%5cAvatars%5cimages.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\22A5B93799022D20208EE86371CFEB95_Skins%5cAvatars%5cjb-kfz%5cFerrari.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\320F19B5536C9D35830C55203F47C982_Skins%5cAvatars%5cmoi.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\5E3657C5FDE2C2739562606576F30006_Skins%5cAvatars%5c8134.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\6B0733413C070C6068CB6D81BA20664A_Skins%5cAvatars%5cSmileys%5cSmiley12.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\78F644C1F8FF66F174B12E83AD85C118_Skins%5cAvatars%5cFlags%5cROM.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\B8F059323A3289C9A8148E7A345A99F9_Skins%5cAvatars%5cSmileys%5cSmiley07.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\CB88463A323B9EF48A3E2AB89830B153_Skins%5cAvatars%5cSmileys%5cSmiley09.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\D67CB09BC0064450FD1153090D1D0B05_Skins%5cAvatars%5cSmileys%5cSmiley04.dds C:\Documents and Settings\All Users\Application Data\TrackMania\Cache\F289AAAD484FA1D49B0F147ECAE10296_Skins%5cAvatars%5csl-ava.dds C:\Program Files\Paint.NET\UpdateMonitor.exe C:\Program Files\Windows Media Connect 2\wmccds.exe C:\Program Files\Windows Media Connect 2\wmccfg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\CLI.Caste.Graphics.Runtime.Shared.Private.dll C:\Program Files\ATI Technologies\ATI.ACE\HydraVision-Full\CLI.Caste.HydraVision.Shared.dll C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp C:\Program Files\Defraggler\Lang\lang-1028.dll C:\Program Files\Malwarebytes' Anti-Malware\Languages\polish.lng C:\Program Files\Occtpt\Plugins\SysTool.dll C:\Program Files\OpenOffice.org 3\program\crashrep.com C:\Program Files\OpenOffice.org 3\program\unopkg.com C:\Program Files\OpenOffice.org 3\Basis\program\onlinecheck.dll C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\popen2.py C:\Program Files\OpenOffice.org 3\Basis\share\template\fr\wizard\report\cnt-05.ott C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr C:\Program Files\Real\RealPlayer\rpchromebrowserrecordhelper.dll C:\WINDOWS\Fonts\modern.fon C:\WINDOWS\inf\netepvcm.PNF C:\WINDOWS\system32\tsbyuv.dll C:\WINDOWS\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3748.36943__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.DLL C:\WINDOWS\Driver Cache\i386\tsbyuv.dll C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fr\aspnet_compiler.resources.dll C:\WINDOWS\system32\dllcache\tsbyuv.dll C:\WINDOWS\system32\fr-fr\icardie.dll.mui no matching random used services found checking for browser helper objects no known browser helper objects found checking for appinit files no files found checking for possible infected files please submit these file here: Bleeping Computer - Computer Help and Discussion no files found checking for Active Setup Installed Components no known Active Setup Installed Components found checking iexplore.exe iexplore.exe is not infected --- Checking for other Goldun, Spybanker and Haxdoor files --- no other Haxdoor or Goldun files found --- Catchme logfile - thank you Gmer --- catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-18 02:01:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "hdf12"=hex:ed,9e,ef,93,cf,c4,d0,8b,66,e9,7b,82,62,5b,58,99,46,a3,e2,03,52,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,42,db,4a,d0,3d,ca,f0,48,5e,44,ce,c0,62,35,c3,3d,f4,.. "hdf12"=hex:7a,ef,6f,84,da,0f,72,2a,82,14,06,18,74,2d,95,72,52,51,72,a2,64,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:f9,7c,78,c7,8e,0f,0b,a3,85,c6,48,3b,e6,76,30,d9,03,e8,34,e0,e0,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:32,5a,3c,99,26,db,75,ee,1e,76,a8,e7,86,5d,24,d7,e5,c0,9d,ca,f5,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:39,5a,d7,a2,bf,3b,a6,69,7f,be,ec,62,72,bc,e6,ed,cc,9d,20,08,40,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:5e,09,7a,3e,20,af,16,dd,b9,63,c9,bd,58,4b,56,0b,2d,df,db,85,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:58,f0,43,ca,6d,2a,b3,07,f3,f0,07,3f,95,5f,70,27,bc,a7,65,6a,d7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "hdf12"=hex:ed,9e,ef,93,cf,c4,d0,8b,66,e9,7b,82,62,5b,58,99,46,a3,e2,03,52,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,42,db,4a,d0,3d,ca,f0,48,5e,44,ce,c0,62,35,c3,3d,f4,.. "hdf12"=hex:7a,ef,6f,84,da,0f,72,2a,82,14,06,18,74,2d,95,72,52,51,72,a2,64,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:f9,7c,78,c7,8e,0f,0b,a3,85,c6,48,3b,e6,76,30,d9,03,e8,34,e0,e0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:32,5a,3c,99,26,db,75,ee,1e,76,a8,e7,86,5d,24,d7,e5,c0,9d,ca,f5,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:39,5a,d7,a2,bf,3b,a6,69,7f,be,ec,62,72,bc,e6,ed,cc,9d,20,08,40,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:5e,09,7a,3e,20,af,16,dd,b9,63,c9,bd,58,4b,56,0b,2d,df,db,85,1c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:58,f0,43,ca,6d,2a,b3,07,f3,f0,07,3f,95,5f,70,27,bc,a7,65,6a,d7,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B265B37-2985-C5D5-EECC-E311E9E2591D}] "nabmbafhhajmclgcdhpjnahillkl"=hex:6a,61,67,63,70,69,6a,64,6d,6d,6d,70,64,63,67,64,6f,6a,6f,6f,00,.. "gbpfnafnehjmpblklahmalcnfmcglliaicmhjmejgjocco"=hex:61,61,00,00 "bbjfeehdhhlbeahlnaojhfimbnmkglidbjoh"=hex:61,61,00,00 "oahlfcpcldpnndjdeaobalfhahaccb"=hex:6a,61,67,63,70,69,6a,64,6d,6d,6d,70,64,63,67,64,6f,6a,6f,6f,00,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 --- Analysing Catchme logfile --- no matching regkeys found Finished!
-
bonsoir pear, oui bien sur, je viens ici pour trouver de l'aide !!! 2 choses, d'abord, a la vue du virus, je suis allé faire un tour sur le net, et donc j'ai tenté d'abord " par moi même " d'éradiquer le virus ... d'où les deux log ... deuxième chose, antiboot a "peut être " fonctionné : la fenêtre ne comporte pas autant de mots que sur tes captures, mais il m'a dit qu'il n'y avait pas de virus, appuyer sur une touche pour continuer je fais un test avec antivir qui me confirme toujours l'infection . cordialement.
-
merci de ta réponse, j'ai déjà essayé le logiciel dont tu parles, le problème est qu'il reste bloqué sur " starting up drivers " et que rien ne se passe ... le log de combofix si ça peux aider ...? ComboFix 10-07-16.01 - Administrateur 17/07/2010 19:03:09.3.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3070.2368 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\w32tm.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2010-06-17 au 2010-07-17 )))))))))))))))))))))))))))))))))))) . 2010-07-17 15:31 . 2010-07-17 15:35 5120 ----a-w- c:\windows\system32\drivers\fixmebroot.sys 2010-07-17 08:39 . 2010-07-17 08:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware 2010-07-17 08:21 . 2010-07-17 08:21 -------- d-----r- c:\documents and settings\LocalService\Favoris 2010-07-16 23:34 . 2010-07-16 23:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2010-07-16 18:19 . 2010-07-16 18:19 -------- d-----w- c:\windows\system32\xircom 2010-07-16 18:19 . 2010-07-16 18:19 -------- d-----w- c:\windows\system32\wbem\snmp 2010-07-16 18:19 . 2010-07-16 18:19 -------- d-----w- c:\windows\system32\oobe 2010-07-16 18:19 . 2010-07-16 18:19 -------- d-----w- c:\windows\system32\npp 2010-07-16 18:19 . 2010-07-16 18:19 -------- d-----w- c:\windows\msagent 2010-07-16 18:19 . 2010-07-16 18:19 -------- d-----w- c:\program files\microsoft frontpage 2010-07-16 17:29 . 2010-07-16 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2010-07-16 17:26 . 2010-07-17 08:05 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys 2010-07-16 17:23 . 2010-07-16 17:24 -------- d-----w- c:\program files\Ad-Remover 2010-07-16 10:15 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-16 10:14 . 2010-07-16 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-16 10:13 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-16 10:13 . 2010-07-16 10:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-15 20:13 . 2010-07-15 20:13 531 ----a-w- c:\windows\eReg.dat 2010-07-13 09:48 . 2009-05-20 10:26 4969808 ----a-w- c:\documents and settings\Administrateur\Application Data\TomTom\HOME\Profiles\g4cbiv7s.default\extensions\[email protected]\8-351-9982-1.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-17 17:00 . 2009-04-15 20:55 16608 ----a-w- c:\windows\gdrv.sys 2010-07-17 15:36 . 2009-04-15 20:21 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-07-16 23:29 . 2010-06-12 23:41 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc 2010-07-15 22:05 . 2010-03-08 10:56 -------- d-----w- c:\program files\Nexilogic 2010-07-15 20:02 . 2009-04-15 20:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-10 10:36 . 2009-04-19 08:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss 2010-06-14 18:48 . 2009-11-14 12:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\VSO 2010-06-12 10:40 . 2009-10-12 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania 2010-06-10 22:10 . 2010-01-03 13:56 -------- d-----w- c:\program files\ATI 2010-06-04 16:36 . 2010-06-04 16:36 503808 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d86c4e4-n\msvcp71.dll 2010-06-04 16:36 . 2010-06-04 16:36 499712 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d86c4e4-n\jmc.dll 2010-06-04 16:36 . 2010-06-04 16:36 348160 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d86c4e4-n\msvcr71.dll 2010-06-04 16:36 . 2010-06-04 16:36 61440 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12b1e8da-n\decora-sse.dll 2010-06-04 16:36 . 2010-06-04 16:36 12800 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-12b1e8da-n\decora-d3d.dll 2010-06-02 05:45 . 2009-04-16 22:42 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent 2010-05-19 21:16 . 2010-05-19 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-05-19 20:22 . 2009-04-15 22:22 -------- d-----w- c:\program files\ATI Technologies 2010-05-19 20:02 . 2010-05-19 20:02 503808 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c6fd40f-n\msvcp71.dll 2010-05-19 20:02 . 2010-05-19 20:02 499712 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c6fd40f-n\jmc.dll 2010-05-19 20:02 . 2010-05-19 20:02 348160 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1c6fd40f-n\msvcr71.dll 2010-05-19 20:02 . 2010-05-19 20:02 61440 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19987497-n\decora-sse.dll 2010-05-19 20:02 . 2010-05-19 20:02 12800 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19987497-n\decora-d3d.dll 2010-05-19 20:02 . 2010-05-19 20:02 -------- d-----w- c:\program files\Fichiers communs\Java 2010-05-19 20:02 . 2009-05-20 18:53 -------- d-----w- c:\program files\Java 2010-05-19 15:36 . 2009-05-20 18:59 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys . ------- Sigcheck ------- [-] 2008-05-02 . 22F702A6DCBDB4F7282C4B73B95EE4E4 . 2011136 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\System32\drivers\beep.sys ... manque !! c:\windows\System32\regsvc.dll ... manque !! . ((((((((((((((((((((((((((((( SnapShot@2010-07-16_18.19.25 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-17 17:00 . 2010-07-17 17:00 16384 c:\windows\Temp\Perflib_Perfdata_4a8.dat + 2010-07-17 17:00 . 2010-07-17 17:00 16384 c:\windows\Temp\Perflib_Perfdata_468.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 ----a-w- c:\program files\Neuf\Kit\SFRNavErrorHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\jeux\steam\Steam.exe" [2010-07-15 1238352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Habu"="d:\pilotes\souris\razerhid.exe" [2007-05-11 176128] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2009-04-29 124928] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Kremlin Sentry.LNK] path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Kremlin Sentry.LNK backup=c:\windows\pss\Kremlin Sentry.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST] = [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-06-24 14:41 247144 ----a-w- d:\programmes\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="d:\programmes\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "d:\\programmes\\utorrent\\uTorrent.exe"= "d:\\Jeux\\Counter-Strike Source\\hl2.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "d:\\iso\\Left 4 Dead\\left4dead.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Jeux\\COD4\\iw3mp.exe"= "g:\\JEUX\\TmNationsForever\\TmForever.exe"= "d:\\Jeux\\TmNationsForever\\TmForever.exe"= "d:\\Jeux\\FarCry2\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "d:\\Jeux\\crisiss\\Bin32\\CrysisDedicatedServer.exe"= "d:\\Jeux\\aarmy\\Binaries\\AA3Game.exe"= "d:\\Jeux\\masseffect2\\Mass Effect 2\\Binaries\\MassEffect2.exe"= "d:\\Jeux\\masseffect2\\Mass Effect 2\\MassEffect2Launcher.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "g:\\programmes\\eMule\\emule.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Jeux\\steam\\Steam.exe"= "d:\\Jeux\\steam\\SteamApps\\lovboost\\team fortress 2\\hl2.exe"= R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [03/05/2008 00:57 76208] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [03/05/2008 00:57 210224] R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [17/07/2010 10:39 39576] R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [17/07/2010 10:39 11776] R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [17/07/2010 10:39 1935120] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [16/01/2010 00:59 108289] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [15/04/2009 23:51 80392] R2 NIHardwareService;NIHardwareService;c:\program files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe [17/07/2009 15:32 3576320] R2 TomTomHOMEService;TomTomHOMEService;d:\programmes\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 16:41 92008] R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [17/07/2010 10:39 71008] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [16/07/2010 19:26 12552] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/04/2009 20:58 721904] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nf4ylack.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438543&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vsosoftware Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q= FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-17 19:05 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-507921405-1844823847-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B265B37-2985-C5D5-EECC-E311E9E2591D}*] "nabmbafhhajmclgcdhpjnahillkl"=hex:6a,61,67,63,70,69,6a,64,6d,6d,6d,70,64,63, 67,64,6f,6a,6f,6f,00,21 "gbpfnafnehjmpblklahmalcnfmcglliaicmhjmejgjocco"=hex:61,61,00,00 "bbjfeehdhhlbeahlnaojhfimbnmkglidbjoh"=hex:61,61,00,00 "oahlfcpcldpnndjdeaobalfhahaccb"=hex:6a,61,67,63,70,69,6a,64,6d,6d,6d,70,64,63, 67,64,6f,6a,6f,6f,00,21 [HKEY_USERS\S-1-5-21-507921405-1844823847-682003330-500\Software\SecuROM\License information*] "datasecu"=hex:b6,44,df,23,7e,73,dc,a8,4e,bb,82,fc,8e,f9,2b,b1,c1,37,85,fe,8a, d8,05,16,7b,44,86,20,cb,da,26,e4,1d,0f,8a,fc,18,01,b6,04,4f,5a,b8,a3,4c,15,\ "rkeysecu"=hex:1d,a8,52,9e,4c,40,5c,4e,14,a1,4b,8e,74,61,ae,ba . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(992) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1064) c:\windows\system32\setupapi.dll - - - - - - - > 'explorer.exe'(2824) c:\windows\system32\SHDOCVW.dll c:\program files\Emsisoft Anti-Malware\a2hooks32.dll c:\windows\system32\COMRes.dll c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll . Heure de fin: 2010-07-17 19:07:02 ComboFix-quarantined-files.txt 2010-07-17 17:06 ComboFix2.txt 2010-07-17 08:17 ComboFix3.txt 2010-07-16 18:22 Avant-CF: 46 755 999 744 octets libres Après-CF: 46 747 430 912 octets libres - - End Of File - - 7094A16BC9A72C88608029C07D091699
-
bonjour a tous, mon pc est infecté par le virus sinowal, j'ai tenté de lui faire sa fête mais il est plus fort que moi ... c'est avira qui détecte le virus sur l'amorce du dd xp ultimate edition 7, service pack 3 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:32, on 17/07/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21045) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Habu] D:\pilotes\souris\razerhid.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKCU\..\Run: [steam] "D:\Jeux\steam\Steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239828768046 O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TomTomHOMEService - TomTom - D:\programmes\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 6114 bytes