Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

rapport hijackthis

ginangelheart
 Partager

Messages recommandés

ginangelheart Junior Member

ginangelheart

Posté(e)
Posté(e)

Avast me dit qu'il a trouvé un rootkit dans c:\\windows\system32\drivers\asc3550p.sys

Quand je scan avec sophos anti-rootkit, il me dit :

Hidden registry key

Area : Windows registry

Description : Hidden registry key

Location : \hkey_local_machine\system\controlset001\services\asc3550p

Removable : No

Notes : (no more detail available)

 

Donc j'ai fait un scan avec antivir j'ai du supprimé une quinzaine de fichier infecté et voici le rapport hijack :

 

Logfile of HijackThis v1.99.1

Scan saved at 13:20:29, on 15/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [taskmon] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3842F0-7756-483F-8769-C15D6D4EBE4C}: NameServer = 212.27.53.252,212.27.54.252

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

En attente d'une réponse rapide sur ma messagerie car toujours le rootkit sur mon pc.

 

Merci beaucoup

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• * Télécharge BTFix de Bibi26.

http://www.bibi26.power-heberg.com/logiciels/BTFix.zip

* Dézippe l'archive sur ton Bureau.

* Ouvre le dossier BTFix.

* Double clique sur BTFix.exe.

* Clique sur Rechercher.

* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

 

 

---------------------------------------------

 

* Ouvre BTFix.

* Clique sur Nettoyer.

* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

 

• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique combofix.exe afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

ginangelheart Junior Member

ginangelheart

Posté(e)
  • Auteur
Posté(e)

réponse pour angélique

 

Voici le rapport de nettoyage BTFix

 

BTFix 1.098 (par bibi26) - 15/04/2008 20:39:36 - Nettoyage - Mode normal

Lancé depuis C:\Documents and Settings\Admin\Bureau\BTFix\BTFix\BTFix.exe

 

---> Fichiers/dossiers supprimés (Première passe)

 

- Fichiers temporaires effacés

- C:\WINDOWS\system32\f3PSSavr.scr

- C:\Program Files\MyWebSearch\bar\1.bin\

- C:\Program Files\MyWebSearch\bar\Avatar\

- C:\Program Files\MyWebSearch\bar\Cache\

- C:\Program Files\MyWebSearch\bar\Game\

- C:\Program Files\MyWebSearch\bar\History\

- C:\Program Files\MyWebSearch\bar\icons\

- C:\Program Files\MyWebSearch\bar\Message\

- C:\Program Files\MyWebSearch\bar\Notifier\

- C:\Program Files\MyWebSearch\bar\Settings\

- C:\Program Files\MyWebSearch\bar\

- C:\Program Files\MyWebSearch\SrchAstt\1.bin\

- C:\Program Files\MyWebSearch\SrchAstt\

- C:\Program Files\MyWebSearch\

- C:\Program Files\FunWebProducts\ScreenSaver\Images\

- C:\Program Files\FunWebProducts\ScreenSaver\

- C:\Program Files\FunWebProducts\Shared\Cache\

- C:\Program Files\FunWebProducts\Shared\

- C:\Program Files\FunWebProducts\

- C:\Program Files\VVSN\

- C:\Program Files\AskTBar\bar\1.bin\

- C:\Program Files\AskTBar\bar\Cache\

- C:\Program Files\AskTBar\bar\History\

- C:\Program Files\AskTBar\bar\Settings\

- C:\Program Files\AskTBar\bar\

- C:\Program Files\AskTBar\PopSwatr\History\

- C:\Program Files\AskTBar\PopSwatr\

- C:\Program Files\AskTBar\SrchAstt\1.bin\

- C:\Program Files\AskTBar\SrchAstt\

- C:\Program Files\AskTBar\

- C:\Program Files\GamesBar\

- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

 

---> Nettoyage terminé le 15/04/2008 20:39:43

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Donc :

 

• desactive temporairement antivir et desinstalle avast via ajout\supp de programmes puis

• Télécharge combofix.exe (par sUBs) , renomme le directement dans la fenetre de dialogue de telechargement par Combo-Fix et sauvegarde le sur ton bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* Double-clique Combo-Fix.exe afin de l'exécuter et suis les instructions.ne touche à rien pendant les 43/44 etapes

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

ginangelheart Junior Member

ginangelheart

Posté(e)
  • Auteur
Posté(e)

pour Angélique

 

rapport combofix

 

ComboFix 08-04-15.4 - Admin 2008-04-16 11:29:29.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.628 [GMT 2:00]

Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\newdotnet

C:\Program Files\newdotnet\readme.txt

C:\WINDOWS\ntvdn.dll

C:\WINDOWS\system32\config\47228506.Evt

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASC3550P

-------\Service_asc3550p

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-15 14:22 . 2008-04-15 14:22 <REP> dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM

2008-04-15 14:22 . 2008-04-15 14:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-15 13:51 . 2008-04-15 13:51 <REP> d-------- C:\Funsta

2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Program Files\Avira

2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-14 22:09 . 2008-04-14 22:09 250 --a------ C:\WINDOWS\gmer.ini

2008-04-13 13:28 . 2008-04-13 13:28 <REP> d-------- C:\Program Files\Sophos

2008-04-13 12:35 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-04-12 09:25 . 2008-04-12 09:25 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-06 17:00 . 2008-04-06 17:00 38,280 --a------ C:\WINDOWS\macromix.dll

2008-04-06 17:00 . 2008-04-06 17:00 30,544 --a------ C:\WINDOWS\dirdib.drv

2008-04-06 17:00 . 2008-04-06 17:12 18 --a------ C:\WINDOWS\system\maxime.toy

2008-04-06 17:00 . 2008-04-06 17:00 6 --a------ C:\WINDOWS\system\toyland.nam

2008-04-06 16:15 . 2008-04-06 16:15 <REP> d-------- C:\WINDOWS\system32\Adobe

2008-04-06 16:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-06 16:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-05 23:29 . 2008-04-06 12:19 <REP> d-------- C:\Program Files\iWin.com

2008-04-05 22:41 . 2008-04-05 22:41 <REP> d-------- C:\Documents and Settings\Admin\Application Data\iWinArcade

2008-04-05 22:40 . 2008-04-06 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games

2008-04-03 14:04 . 2008-04-06 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2

2008-04-02 17:46 . 2008-04-04 14:29 <REP> d-------- C:\Program Files\Fashion Solitaire

2008-04-02 17:35 . 2008-04-03 15:10 <REP> d-------- C:\Program Files\Kitty Luv

2008-04-02 17:35 . 2008-04-05 15:46 <REP> d-------- C:\Program Files\Doggie Dash

2008-04-01 20:46 . 2008-04-02 16:30 <REP> d-------- C:\Program Files\Fashion Craze

2008-04-01 10:47 . 2008-04-01 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Runic

2008-03-30 13:35 . 2008-04-05 09:01 <REP> d-------- C:\Program Files\Runic

2008-03-27 17:10 . 2008-03-28 10:19 <REP> d-------- C:\Program Files\Microsoft SQL Server

2008-03-27 16:24 . 2008-03-27 16:24 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared

2008-03-27 15:59 . 2008-03-28 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-26 21:03 . 2005-09-27 15:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2008-03-26 21:03 . 2006-11-10 11:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll

2008-03-26 21:03 . 2005-03-11 18:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll

2008-03-26 20:45 . 2008-03-28 10:22 <REP> d-------- C:\Program Files\BoontyGames

2008-03-26 20:45 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Boonty

2008-03-23 22:44 . 2008-03-23 23:14 9,216 --ahs---- C:\WINDOWS\Thumbs.db

2008-03-22 19:31 . 2008-03-22 19:31 <REP> d-------- C:\Program Files\orange

2008-03-19 18:31 . 2008-03-19 18:31 <REP> d-------- C:\Program Files\ReflexiveArcade

2008-03-19 14:34 . 2008-03-19 14:34 <REP> d-------- C:\My Download Files

2008-03-19 14:15 . 2008-03-19 14:15 774,144 --a------ C:\Program Files\RngInterstitial.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 09:34 --------- d-----w C:\Program Files\eMule

2008-04-15 11:25 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2

2008-04-15 08:42 --------- d-----w C:\Program Files\lx_cats

2008-04-06 10:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-02 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst

2008-04-02 16:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\PlayFirst

2008-04-01 08:47 --------- d-----w C:\Program Files\Zylom Games

2008-04-01 08:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\Zylom

2008-03-29 17:35 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-28 11:14 --------- d-----w C:\Program Files\Windows Live

2008-03-28 11:14 --------- d-----w C:\Program Files\eoRezo

2008-03-28 11:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\EoRezo

2008-03-28 11:12 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint

2008-03-23 20:44 --------- d-----w C:\Program Files\PC Inspector File Recovery

2008-03-23 20:44 --------- d-----w C:\Program Files\ma-config.com

2008-03-23 20:44 --------- d-----w C:\Program Files\FireTune

2008-03-22 09:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-03-19 15:41 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-19 12:15 --------- d-----w C:\Program Files\Real

2008-03-19 11:11 --------- d-----w C:\Program Files\BFG

2008-03-16 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-12 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games

2008-03-12 10:15 0 ----a-w C:\Program Files\temp01

2008-03-12 10:15 --------- d-----w C:\Program Files\bfgclient

2008-03-12 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

2008-03-11 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo

2008-03-09 15:23 --------- d-----w C:\Program Files\Magic Match The Genies Journey

2008-03-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\SEGA

2008-03-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames

2008-03-06 08:25 --------- d-----w C:\Program Files\OpenAL

2008-03-02 13:24 --------- d-----w C:\Documents and Settings\Admin\Application Data\Gamelab

2008-03-01 17:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Total Eclipse

2008-02-22 20:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-02-20 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

2008-01-23 11:26 107,132 -c--a-w C:\WINDOWS\UninstallThunderbird.exe

2008-01-23 11:25 107,132 -c--a-w C:\WINDOWS\UninstallFirefox.exe

2008-01-23 11:20 737,280 -c--a-w C:\WINDOWS\iun6002.exe

2008-01-19 12:53 21,361 -c--a-w C:\WINDOWS\AegisP.sys

.

 

------- Sigcheck -------

 

2005-07-26 15:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll

 

2005-10-12 10:25 662528 a2dd7ec3ac1ead13f65e2898fcabbd1a C:\WINDOWS\system32\wininet.dll

 

2005-09-18 12:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys

 

2005-10-12 10:33 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe

 

2005-07-26 15:01 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe

 

2005-07-26 15:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-12-19 18:16 200747]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824]

"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 20:55 475180]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]

"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21 4857856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]

"CARPService"="carpserv.exe" [2003-03-19 15:00 4608 C:\WINDOWS\system32\carpserv.exe]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]

"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 19:45 286720]

"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 07:10 98304]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 10:11 290816]

"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 20:38 65536]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]

"EoEngine"="" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 11:24 341]

"nlsf"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 15:45]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-07-22 12:14]

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-03-27 16:24]

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\E.tmp []

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-11 15:27:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 11:34:38

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\C:\WINDOWS\system32\E.tmp"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-16 11:37:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-16 09:37:08

 

Pre-Run: 8,623,329,280 octets libres

Post-Run: 8,590,454,784 octets libres

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Bon CF l'a traité comme un grand tout seul ton RK

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Driver::
MEMSWEEP2

File::
C:\WINDOWS\system32\E.tmp 

Folder::
C:\Program Files\eoRezo

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

 

* Une fenêtre bleue va apparaitre, suis les instructions , t'as l'habitude maintenant :P

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• reposte un nouveau rapport HJT avec le rapport CF

ginangelheart Junior Member

ginangelheart

Posté(e)
  • Auteur
Posté(e)

Pour Angélique

 

rapport combo :

 

ComboFix 08-04-15.4 - Admin 2008-04-16 17:21:43.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.473 [GMT 2:00]

Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-16 14:26 . 2008-04-16 14:27 <REP> d-------- C:\WINDOWS\system32\NtmsData

2008-04-15 14:22 . 2008-04-15 14:22 <REP> dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM

2008-04-15 14:22 . 2008-04-15 14:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-15 13:51 . 2008-04-15 13:51 <REP> d-------- C:\Funsta

2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Program Files\Avira

2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-14 22:09 . 2008-04-14 22:09 250 --a------ C:\WINDOWS\gmer.ini

2008-04-13 13:28 . 2008-04-13 13:28 <REP> d-------- C:\Program Files\Sophos

2008-04-13 12:35 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-04-12 09:25 . 2008-04-12 09:25 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-06 17:00 . 2008-04-06 17:00 38,280 --a------ C:\WINDOWS\macromix.dll

2008-04-06 17:00 . 2008-04-06 17:00 30,544 --a------ C:\WINDOWS\dirdib.drv

2008-04-06 17:00 . 2008-04-06 17:12 18 --a------ C:\WINDOWS\system\maxime.toy

2008-04-06 17:00 . 2008-04-06 17:00 6 --a------ C:\WINDOWS\system\toyland.nam

2008-04-06 16:15 . 2008-04-06 16:15 <REP> d-------- C:\WINDOWS\system32\Adobe

2008-04-06 16:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-06 16:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-05 23:29 . 2008-04-06 12:19 <REP> d-------- C:\Program Files\iWin.com

2008-04-05 22:41 . 2008-04-05 22:41 <REP> d-------- C:\Documents and Settings\Admin\Application Data\iWinArcade

2008-04-05 22:40 . 2008-04-06 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games

2008-04-03 14:04 . 2008-04-06 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2

2008-04-02 17:46 . 2008-04-04 14:29 <REP> d-------- C:\Program Files\Fashion Solitaire

2008-04-02 17:35 . 2008-04-03 15:10 <REP> d-------- C:\Program Files\Kitty Luv

2008-04-02 17:35 . 2008-04-05 15:46 <REP> d-------- C:\Program Files\Doggie Dash

2008-04-01 20:46 . 2008-04-02 16:30 <REP> d-------- C:\Program Files\Fashion Craze

2008-04-01 10:47 . 2008-04-01 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Runic

2008-03-30 13:35 . 2008-04-05 09:01 <REP> d-------- C:\Program Files\Runic

2008-03-27 17:10 . 2008-03-28 10:19 <REP> d-------- C:\Program Files\Microsoft SQL Server

2008-03-27 16:24 . 2008-03-27 16:24 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared

2008-03-27 15:59 . 2008-03-28 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-26 21:03 . 2005-09-27 15:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2008-03-26 21:03 . 2006-11-10 11:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll

2008-03-26 21:03 . 2005-03-11 18:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll

2008-03-26 20:45 . 2008-03-28 10:22 <REP> d-------- C:\Program Files\BoontyGames

2008-03-26 20:45 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Boonty

2008-03-23 22:44 . 2008-03-23 23:14 9,216 --ahs---- C:\WINDOWS\Thumbs.db

2008-03-22 19:31 . 2008-03-22 19:31 <REP> d-------- C:\Program Files\orange

2008-03-19 18:31 . 2008-03-19 18:31 <REP> d-------- C:\Program Files\ReflexiveArcade

2008-03-19 14:34 . 2008-03-19 14:34 <REP> d-------- C:\My Download Files

2008-03-19 14:15 . 2008-03-19 14:15 774,144 --a------ C:\Program Files\RngInterstitial.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 09:57 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2

2008-04-16 09:48 --------- d-----w C:\Program Files\eMule

2008-04-15 08:42 --------- d-----w C:\Program Files\lx_cats

2008-04-06 10:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-02 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst

2008-04-02 16:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\PlayFirst

2008-04-01 08:47 --------- d-----w C:\Program Files\Zylom Games

2008-04-01 08:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\Zylom

2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 17:35 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 17:23 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr

2008-03-28 11:14 --------- d-----w C:\Program Files\Windows Live

2008-03-28 11:14 --------- d-----w C:\Program Files\eoRezo

2008-03-28 11:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\EoRezo

2008-03-28 11:12 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint

2008-03-23 20:44 --------- d-----w C:\Program Files\PC Inspector File Recovery

2008-03-23 20:44 --------- d-----w C:\Program Files\ma-config.com

2008-03-23 20:44 --------- d-----w C:\Program Files\FireTune

2008-03-22 09:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-03-19 15:41 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-19 12:15 --------- d-----w C:\Program Files\Real

2008-03-19 11:11 --------- d-----w C:\Program Files\BFG

2008-03-16 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-12 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games

2008-03-12 10:15 0 ----a-w C:\Program Files\temp01

2008-03-12 10:15 --------- d-----w C:\Program Files\bfgclient

2008-03-12 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

2008-03-11 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo

2008-03-09 15:23 --------- d-----w C:\Program Files\Magic Match The Genies Journey

2008-03-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\SEGA

2008-03-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames

2008-03-06 08:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-03-06 08:25 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-03-06 08:25 --------- d-----w C:\Program Files\OpenAL

2008-03-02 13:24 --------- d-----w C:\Documents and Settings\Admin\Application Data\Gamelab

2008-03-01 17:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Total Eclipse

2008-02-22 20:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-02-20 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

2008-01-23 11:44 8,464 -c--a-w C:\WINDOWS\system32\sporder.dll

2008-01-23 11:26 107,132 -c--a-w C:\WINDOWS\UninstallThunderbird.exe

2008-01-23 11:25 107,132 -c--a-w C:\WINDOWS\UninstallFirefox.exe

2008-01-23 11:20 737,280 -c--a-w C:\WINDOWS\iun6002.exe

2008-01-19 12:53 21,361 -c--a-w C:\WINDOWS\AegisP.sys

2008-01-17 18:55 745,547 -c--a-w C:\WINDOWS\system32\Magentic Screensaver.scr

.

 

------- Sigcheck -------

 

2005-07-26 15:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll

 

2005-10-12 10:25 662528 a2dd7ec3ac1ead13f65e2898fcabbd1a C:\WINDOWS\system32\wininet.dll

 

2005-09-18 12:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys

 

2005-10-12 10:33 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe

 

2005-07-26 15:01 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe

 

2005-07-26 15:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-16_11.36.57.17 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-16 09:32:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-16 09:47:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-16 09:47:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_76c.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-12-19 18:16 200747]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824]

"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 20:55 475180]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]

"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21 4857856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]

"CARPService"="carpserv.exe" [2003-03-19 15:00 4608 C:\WINDOWS\system32\carpserv.exe]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]

"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 19:45 286720]

"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 07:10 98304]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 10:11 290816]

"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 20:38 65536]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]

"EoEngine"="" []

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 11:24 341]

"nlsf"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

 

C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\

BoontyBox 01net.lnk - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe [2008-03-26 21:03:28 902712]

OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 18:01:20 61440]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]

Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 15:04:48 176128]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 15:45]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-07-22 12:14]

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-03-27 16:24]

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\E.tmp []

 

*Newly Created Service* - NTMSSVC

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-04-11 15:27:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 17:22:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\C:\WINDOWS\system32\E.tmp"

.

Temps d'accomplissement: 2008-04-16 17:23:30

ComboFix-quarantined-files.txt 2008-04-16 15:23:26

ComboFix2.txt 2008-04-16 09:37:12

 

Pre-Run: 8,594,153,472 octets libres

Post-Run: 8,584,388,608 octets libres

 

 

 

Rapport HJT

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:24:09, on 16/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Lexmark 2400 Series\ezprint.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\PROGRA~1\INCRED~1\bin\IncMail.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\Bureau\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{960EE8BE-9717-4577-A312-3D755AB3D525}: NameServer = 217.169.242.2 217.169.242.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3842F0-7756-483F-8769-C15D6D4EBE4C}: NameServer = 212.27.53.252,212.27.54.252

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

angelique Devil Member !

angelique

Posté(e)
Posté(e)

:P execute moi http://files.avast.com/files/eng/aswclear.exe

 

http://www.avast.com/fre/avast-uninstall-utility.html

 

• desactive temporairement antivir et desinstalle ComboFix de cette maniere en copiant_collant la ligne ci dessous ds executer et valide:

 

ComboFix /u

 

• retelecharge ComboFix , antivir toujours desactivé !!!!!!!! et refait la manip du CFScript de mon message #7

http://forum.zebulon.fr/rapport-hijackthis...48#entry1209548

 

et poste le rapport avec un nouveau rapport HJT

ginangelheart Junior Member

ginangelheart

Posté(e)
  • Auteur
Posté(e)

rapport combofix

 

 

ComboFix 08-04-15.8 - Admin 2008-04-16 20:07:00.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.419 [GMT 2:00]

Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Admin\Bureau\dossier important\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\E.tmp

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\eoRezo

C:\Program Files\eoRezo\cmhost.cyp

C:\Program Files\eoRezo\EoAdv\eoAdv.url

C:\Program Files\eoRezo\EoAdv\EoRezoBho.old

C:\Program Files\eoRezo\EoRezoImg_7.dll

C:\Program Files\eoRezo\EoRezoTools_7.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_MEMSWEEP2

-------\Service_MEMSWEEP2

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-16 14:26 . 2008-04-16 14:27 <REP> d-------- C:\WINDOWS\system32\NtmsData

2008-04-15 14:22 . 2008-04-15 14:22 <REP> dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM

2008-04-15 14:22 . 2008-04-15 14:22 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-15 13:51 . 2008-04-15 13:51 <REP> d-------- C:\Funsta

2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Program Files\Avira

2008-04-15 11:08 . 2008-04-15 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-14 22:09 . 2008-04-14 22:09 250 --a------ C:\WINDOWS\gmer.ini

2008-04-13 13:28 . 2008-04-13 13:28 <REP> d-------- C:\Program Files\Sophos

2008-04-13 12:35 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2008-04-12 09:25 . 2008-04-12 09:25 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-06 17:00 . 2008-04-06 17:00 38,280 --a------ C:\WINDOWS\macromix.dll

2008-04-06 17:00 . 2008-04-06 17:00 30,544 --a------ C:\WINDOWS\dirdib.drv

2008-04-06 17:00 . 2008-04-06 17:12 18 --a------ C:\WINDOWS\system\maxime.toy

2008-04-06 17:00 . 2008-04-06 17:00 6 --a------ C:\WINDOWS\system\toyland.nam

2008-04-06 16:15 . 2008-04-06 16:15 <REP> d-------- C:\WINDOWS\system32\Adobe

2008-04-06 16:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-06 16:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-05 23:29 . 2008-04-06 12:19 <REP> d-------- C:\Program Files\iWin.com

2008-04-05 22:41 . 2008-04-05 22:41 <REP> d-------- C:\Documents and Settings\Admin\Application Data\iWinArcade

2008-04-05 22:40 . 2008-04-06 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games

2008-04-03 14:04 . 2008-04-06 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2

2008-04-02 17:46 . 2008-04-04 14:29 <REP> d-------- C:\Program Files\Fashion Solitaire

2008-04-02 17:35 . 2008-04-03 15:10 <REP> d-------- C:\Program Files\Kitty Luv

2008-04-02 17:35 . 2008-04-05 15:46 <REP> d-------- C:\Program Files\Doggie Dash

2008-04-01 20:46 . 2008-04-02 16:30 <REP> d-------- C:\Program Files\Fashion Craze

2008-04-01 10:47 . 2008-04-01 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Runic

2008-03-30 13:35 . 2008-04-05 09:01 <REP> d-------- C:\Program Files\Runic

2008-03-27 17:10 . 2008-03-28 10:19 <REP> d-------- C:\Program Files\Microsoft SQL Server

2008-03-27 16:24 . 2008-03-27 16:24 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared

2008-03-27 15:59 . 2008-03-28 10:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-03-26 21:03 . 2005-09-27 15:11 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

2008-03-26 21:03 . 2006-11-10 11:55 120,952 --a------ C:\WINDOWS\system32\PandoraCtrl2.dll

2008-03-26 21:03 . 2005-03-11 18:06 102,400 --a------ C:\WINDOWS\system32\PandoraCtrl.dll

2008-03-26 20:45 . 2008-03-28 10:22 <REP> d-------- C:\Program Files\BoontyGames

2008-03-26 20:45 . 2008-03-26 21:03 <REP> d-------- C:\Program Files\Boonty

2008-03-23 22:44 . 2008-03-23 23:14 9,216 --ahs---- C:\WINDOWS\Thumbs.db

2008-03-22 19:31 . 2008-03-22 19:31 <REP> d-------- C:\Program Files\orange

2008-03-19 18:31 . 2008-03-19 18:31 <REP> d-------- C:\Program Files\ReflexiveArcade

2008-03-19 14:34 . 2008-03-19 14:34 <REP> d-------- C:\My Download Files

2008-03-19 14:15 . 2008-03-19 14:15 774,144 --a------ C:\Program Files\RngInterstitial.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 18:10 --------- d-----w C:\Program Files\eMule

2008-04-16 09:57 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2

2008-04-15 08:42 --------- d-----w C:\Program Files\lx_cats

2008-04-06 10:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-04-02 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst

2008-04-02 16:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\PlayFirst

2008-04-01 08:47 --------- d-----w C:\Program Files\Zylom Games

2008-04-01 08:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\Zylom

2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 17:35 94,544 -c--a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 -c--a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 -c--a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 -c--a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 17:23 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr

2008-03-28 11:14 --------- d-----w C:\Program Files\Windows Live

2008-03-28 11:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\EoRezo

2008-03-28 11:12 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint

2008-03-23 20:44 --------- d-----w C:\Program Files\PC Inspector File Recovery

2008-03-23 20:44 --------- d-----w C:\Program Files\ma-config.com

2008-03-23 20:44 --------- d-----w C:\Program Files\FireTune

2008-03-22 09:22 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-03-19 15:41 --------- d-----w C:\Program Files\Fichiers communs\Real

2008-03-19 12:15 --------- d-----w C:\Program Files\Real

2008-03-19 11:11 --------- d-----w C:\Program Files\BFG

2008-03-16 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-12 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games

2008-03-12 10:15 0 ----a-w C:\Program Files\temp01

2008-03-12 10:15 --------- d-----w C:\Program Files\bfgclient

2008-03-12 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache

2008-03-11 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo

2008-03-09 15:23 --------- d-----w C:\Program Files\Magic Match The Genies Journey

2008-03-09 14:33 --------- d-----w C:\Documents and Settings\Admin\Application Data\SEGA

2008-03-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames

2008-03-06 08:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-03-06 08:25 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-03-06 08:25 --------- d-----w C:\Program Files\OpenAL

2008-03-02 13:24 --------- d-----w C:\Documents and Settings\Admin\Application Data\Gamelab

2008-03-01 17:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Total Eclipse

2008-02-22 20:49 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-02-20 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

2008-01-23 11:44 8,464 -c--a-w C:\WINDOWS\system32\sporder.dll

2008-01-23 11:26 107,132 -c--a-w C:\WINDOWS\UninstallThunderbird.exe

2008-01-23 11:25 107,132 -c--a-w C:\WINDOWS\UninstallFirefox.exe

2008-01-23 11:20 737,280 -c--a-w C:\WINDOWS\iun6002.exe

2008-01-19 12:53 21,361 -c--a-w C:\WINDOWS\AegisP.sys

2008-01-17 18:55 745,547 -c--a-w C:\WINDOWS\system32\Magentic Screensaver.scr

.

 

------- Sigcheck -------

 

2005-07-26 15:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll

 

2005-10-12 10:25 662528 a2dd7ec3ac1ead13f65e2898fcabbd1a C:\WINDOWS\system32\wininet.dll

 

2005-09-18 12:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys

 

2005-10-12 10:33 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\system32\ntkrnlpa.exe

 

2005-07-26 15:01 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\system32\ntoskrnl.exe

 

2005-07-26 15:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-12-19 18:16 200747]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824]

"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 20:55 475180]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]

"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2006-01-26 18:21 4857856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]

"CARPService"="carpserv.exe" [2003-03-19 15:00 4608 C:\WINDOWS\system32\carpserv.exe]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]

"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 19:45 286720]

"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 07:10 98304]

"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 10:11 290816]

"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 20:38 65536]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 11:24 341]

"nlsf"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoDesktopCleanupWizard"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoAutoUpdate"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=

"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=

"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 15:45]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2003-07-22 12:14]

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-03-27 16:24]

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-11 15:27:51 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 20:10:49

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-16 20:13:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-16 18:13:08

ComboFix2.txt 2008-04-16 15:23:31

 

Pre-Run: 9,139,961,856 octets libres

Post-Run: 9,084,354,560 octets libres

 

 

 

Rapport HJT

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:14:05, on 16/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Lexmark 2400 Series\ezprint.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\Bureau\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)

O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3842F0-7756-483F-8769-C15D6D4EBE4C}: NameServer = 212.27.53.252,212.27.54.252

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...