Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Aide pour désinfection - Malware sérieux


Messages recommandés

Invité Jean-Michel
Posté(e)

Voila :

 

SmitFraudFix v2.316

 

Rapport fait à 22:28:27,67, 22/04/2008

Executé à partir de C:\Documents and Settings\Val‚rie Catherin\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

C:\WINDOWS\dsktbwfe.dll deleted.

C:\WINDOWS\ogxtsepr.dll deleted.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\WINDOWS\.protected supprimé

C:\DOCUME~1\VALRIE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected supprimé

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected supprimé

C:\DOCUME~1\VALRIE~1\Bureau\Error Cleaner.url supprimé

C:\DOCUME~1\VALRIE~1\Bureau\Privacy Protector.url supprimé

C:\DOCUME~1\VALRIE~1\Bureau\Spyware?Malware Protection.url supprimé

C:\DOCUME~1\VALRIE~1\Favoris\Error Cleaner.url supprimé

C:\DOCUME~1\VALRIE~1\Favoris\Privacy Protector.url supprimé

C:\DOCUME~1\VALRIE~1\Favoris\Spyware?Malware Protection.url supprimé

C:\Program Files\akl\ supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer=192.168.1.1,194.117.200.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{93394C40-E7D1-4706-BF72-75FB6CE65818}: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer=192.168.1.1,194.117.200.10

HKLM\SYSTEM\CS1\Services\Tcpip\..\{93394C40-E7D1-4706-BF72-75FB6CE65818}: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer=192.168.1.1,194.117.200.10

HKLM\SYSTEM\CS3\Services\Tcpip\..\{93394C40-E7D1-4706-BF72-75FB6CE65818}: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Invité Jean-Michel
Posté(e)

Et enfin:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:37:01, on 22/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Fichiers communs\Talkway\vmtalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\system32\GSICON.EXE

C:\WINDOWS\system32\dslagent.exe

C:\WINDOWS\Dit.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

C:\Program Files\Wireless\Client Manager\CMAGS.EXE

C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe

C:\WINDOWS\system32\CTPdeSrv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {10F0C2A9-8E38-43e3-204D-45524C494E20} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: (no name) - {DC2F45AB-1977-4FEE-9EF5-BBE1443C883B} - C:\WINDOWS\system32\urqOIcDw.dll (file missing)

O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration740.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: (no name) - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Workflow] J:\install\Workflow.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [PC-Antispyware] "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [AS01_Netgear] C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe -hide

O4 - HKLM\..\Run: [646c6a30] rundll32.exe "C:\WINDOWS\system32\chlyrtcw.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKLM\..\Policies\Explorer\Run: [a0l0exKfbC] C:\Documents and Settings\All Users\Application Data\sdkhozer\wzwjwfof.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

O4 - Global Startup: Wireless Client Manager.lnk = ?

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15035/CTPID.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer = 192.168.1.1,194.117.200.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer = 192.168.1.1,194.117.200.10

O20 - Winlogon Notify: efcDUnkl - efcDUnkl.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 11230 bytes

Posté(e)

Il y en a encore un et on va lui faire la peau :P

 

Télécharge ComboFix

http://www.forospyware.com/sUBs/ComboFix.exe

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Assure toi que tous les programmes sont fermés avant de lancer le fix!
  • Fait un double clique sur combofix.exe.
  • Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  • Si le rapport est trop long, poste le en deux fois.

Invité Jean-Michel
Posté(e)

Combofix Log :

 

ComboFix 08-04-20.5 - Valérie Catherin 2008-04-22 22:48:33.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.659 [GMT 2:00]

Endroit: C:\Documents and Settings\Valérie Catherin\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\.protected

C:\Documents and Settings\Hippolyte Catherin\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\Jean-Michel Catherin\Bureau\Error Cleaner.url

C:\Documents and Settings\Jean-Michel Catherin\Bureau\Privacy Protector.url

C:\Documents and Settings\Jean-Michel Catherin\Bureau\Spyware&Malware Protection.url

C:\Documents and Settings\Jean-Michel Catherin\Bureaublackbird.jpg

C:\Documents and Settings\Jean-Michel Catherin\BureauEditorFKWP1.5.exe

C:\Documents and Settings\Jean-Michel Catherin\BureauEditorFKWP2.0.exe

C:\Documents and Settings\Jean-Michel Catherin\Bureaufilemanagerclient.exe

C:\Documents and Settings\Jean-Michel Catherin\Bureaufkwp1.5.exe

C:\Documents and Settings\Jean-Michel Catherin\Bureaufkwp2.0.exe

C:\Documents and Settings\Jean-Michel Catherin\Bureaufwebd.exe

C:\Documents and Settings\Jean-Michel Catherin\BureauFWebdEditor.exe

C:\Documents and Settings\Jean-Michel Catherin\BureauTrojan.Win32.BlackBird.exe

C:\Documents and Settings\Jean-Michel Catherin\Bureauvirii

C:\Documents and Settings\Jean-Michel Catherin\Favoris\Error Cleaner.url

C:\Documents and Settings\Jean-Michel Catherin\Favoris\Privacy Protector.url

C:\Documents and Settings\Jean-Michel Catherin\Favoris\Spyware&Malware Protection.url

C:\Documents and Settings\Jean-Michel Catherin\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Program Files\Inet Delivery

C:\Program Files\Inet Delivery\inetdl.exe

C:\Program Files\Inet Delivery\intdel.exe

C:\Program Files\ShoppingReport

C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

C:\WINDOWS\a.bat

C:\WINDOWS\base64.tmp

C:\WINDOWS\bdn.com

C:\WINDOWS\FVProtect.exe

C:\WINDOWS\iTunesMusic.exe

C:\WINDOWS\mssecu.exe

C:\WINDOWS\rs.txt

C:\WINDOWS\system32\bsnzafqa.bin

C:\WINDOWS\system32\cfg.dat

C:\WINDOWS\system32\drivers\etc\.protected

C:\WINDOWS\system32\eonvqclq.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\wDcIOqru.ini

C:\WINDOWS\system32\wDcIOqru.ini2

C:\WINDOWS\system32akttzn.exe

C:\WINDOWS\system32anticipator.dll

C:\WINDOWS\system32awtoolb.dll

C:\WINDOWS\system32bdn.com

C:\WINDOWS\system32bsva-egihsg52.exe

C:\WINDOWS\system32dpcproxy.exe

C:\WINDOWS\system32emesx.dll

C:\WINDOWS\system32h@tkeysh@@k.dll

C:\WINDOWS\system32hoproxy.dll

C:\WINDOWS\system32hxiwlgpm.dat

C:\WINDOWS\system32hxiwlgpm.exe

C:\WINDOWS\system32medup012.dll

C:\WINDOWS\system32medup020.dll

C:\WINDOWS\system32msgp.exe

C:\WINDOWS\system32msnbho.dll

C:\WINDOWS\system32mssecu.exe

C:\WINDOWS\system32msvchost.exe

C:\WINDOWS\system32mtr2.exe

C:\WINDOWS\system32mwin32.exe

C:\WINDOWS\system32netode.exe

C:\WINDOWS\system32newsd32.exe

C:\WINDOWS\system32ps1.exe

C:\WINDOWS\system32psof1.exe

C:\WINDOWS\system32psoft1.exe

C:\WINDOWS\system32regc64.dll

C:\WINDOWS\system32regm64.dll

C:\WINDOWS\system32Rundl1.exe

C:\WINDOWS\system32smp

C:\WINDOWS\system32smp\msrc.exe

C:\WINDOWS\system32sncntr.exe

C:\WINDOWS\system32ssurf022.dll

C:\WINDOWS\system32ssvchost.com

C:\WINDOWS\system32ssvchost.exe

C:\WINDOWS\system32sysreq.exe

C:\WINDOWS\system32taack.dat

C:\WINDOWS\system32taack.exe

C:\WINDOWS\system32temp#01.exe

C:\WINDOWS\system32thun.dll

C:\WINDOWS\system32thun32.dll

C:\WINDOWS\system32VBIEWER.OCX

C:\WINDOWS\system32vbsys2.dll

C:\WINDOWS\system32vcatchpi.dll

C:\WINDOWS\system32winlogonpc.exe

C:\WINDOWS\system32winsystem.exe

C:\WINDOWS\system32WINWGPX.EXE

C:\WINDOWS\userconfig9x.dll

C:\WINDOWS\Web\def.htm

C:\WINDOWS\winsystem.exe

C:\WINDOWS\zip1.tmp

C:\WINDOWS\zip2.tmp

C:\WINDOWS\zip3.tmp

C:\WINDOWS\zipped.tmp

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-22 22:18 . 2008-04-22 22:28 3,904 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-22 21:40 . 2008-04-22 22:15 <REP> d-------- C:\Program Files\Navilog1

2008-04-15 23:00 . 2008-04-15 23:00 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM

2008-04-15 22:12 . 2008-04-15 22:12 <REP> d-------- C:\Program Files\Avira

2008-04-15 22:12 . 2008-04-15 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-15 17:30 . 2008-04-15 22:46 2,034,511 ---hs---- C:\WINDOWS\system32\wctrylhc.ini

2008-04-14 16:13 . 2008-04-14 16:13 273,408 --a------ C:\WINDOWS\system32\urqOIcDw.VIR

2008-04-14 16:04 . 2008-04-14 16:04 <REP> d-------- C:\Documents and Settings\Jean-Michel Catherin\Application Data\TmpRecentIcons

2008-04-14 10:21 . 2008-04-14 16:05 <REP> d-------- C:\Documents and Settings\Jean-Michel Catherin\Application Data\PC-Antispyware

2008-04-14 09:32 . 2008-04-15 22:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sdkhozer

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 20:53 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-04-22 19:36 --------- d-----w C:\Program Files\Trend Micro

2008-04-21 22:06 --------- d-----w C:\Documents and Settings\Jean-Michel Catherin\Application Data\Skype

2008-04-15 20:46 --------- d-----w C:\Program Files\Creative

2008-04-15 20:40 --------- d--h--w C:\Program Files\Creative Installation Information

2008-04-15 20:29 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-04-15 20:29 --------- d-----w C:\Program Files\Enigma Software Group

2008-04-15 20:18 --------- d-----w C:\Program Files\Java

2008-04-15 20:02 --------- d-----w C:\Program Files\CA

2008-04-15 15:39 --------- d-----w C:\Program Files\Dofus

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC2F45AB-1977-4FEE-9EF5-BBE1443C883B}]

C:\WINDOWS\system32\urqOIcDw.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 19:09 68856]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-07 13:11 3809280]

"Workflow"="J:\install\Workflow.exe" [ ]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08 335872]

"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-06-16 11:54 61440]

"PC-Antispyware"="C:\Program Files\PC-Antispyware\PC-Antispyware.exe" [ ]

"nwiz"="nwiz.exe" [2004-06-07 13:11 831488 C:\WINDOWS\system32\nwiz.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-01-26 11:46 118784]

"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-01-26 11:46 53248]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\HDAudPropShortcut.exe]

"GSICONEXE"="GSICON.EXE" [2002-02-20 10:02 90112 C:\WINDOWS\system32\gsicon.exe]

"DSLAGENTEXE"="dslagent.exe" [2002-02-20 10:02 16384 C:\WINDOWS\system32\dslagent.exe]

"Dit"="Dit.exe" [2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe]

"Cmaudio"="cmicnfg.cpl" []

"CHotkey"="mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 22:37 262401]

"AS01_Netgear"="C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-12-19 13:49 446464]

"646c6a30"="C:\WINDOWS\system32\chlyrtcw.dll" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"a0l0exKfbC"= C:\Documents and Settings\All Users\Application Data\sdkhozer\wzwjwfof.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDUnkl]

efcDUnkl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"LogWatch"=2 (0x2)

"CA_LIC_SRVR"=3 (0x3)

"CA_LIC_CLNT"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Look@LAN\\LookAtLan.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=

"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"=

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]

R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]

S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-02-20 10:02]

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-22 22:53]

S3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-06-08 19:09]

S3 FXDRV;FXDRV;F:\Fxdrv.sys []

S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-10-07 23:23]

S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 10:31]

S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]

S3 wlags51b;Agere Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\wlags51b.sys [2003-08-19 18:32]

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-22 20:56:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-22 22:53:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\X10\Common\X10nets.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

C:\Program Files\Wireless\Client Manager\CmAGS.exe

C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe

C:\WINDOWS\system32\CTPdeSrv.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-22 22:57:30 - machine was rebooted [Val‚rie Catherin]

ComboFix-quarantined-files.txt 2008-04-22 20:57:26

 

Pre-Run: 34,791,141,376 octets libres

Post-Run: 36,716,605,440 octets libres

 

232 --- E O F --- 2008-04-22 20:57:11

Posté(e)

Re,

 

Poste un nouveau log Hijackthis stp.

Invité Jean-Michel
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:07:43, on 22/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Fichiers communs\Talkway\vmtalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\system32\GSICON.EXE

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\dslagent.exe

C:\WINDOWS\Dit.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

C:\Program Files\Wireless\Client Manager\CMAGS.EXE

C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe

C:\WINDOWS\system32\CTPdeSrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: (no name) - {DC2F45AB-1977-4FEE-9EF5-BBE1443C883B} - C:\WINDOWS\system32\urqOIcDw.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration740.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: (no name) - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Workflow] J:\install\Workflow.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [PC-Antispyware] "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [AS01_Netgear] C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe -hide

O4 - HKLM\..\Run: [646c6a30] rundll32.exe "C:\WINDOWS\system32\chlyrtcw.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKLM\..\Policies\Explorer\Run: [a0l0exKfbC] C:\Documents and Settings\All Users\Application Data\sdkhozer\wzwjwfof.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

O4 - Global Startup: Wireless Client Manager.lnk = ?

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15035/CTPID.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer = 192.168.1.1,194.117.200.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer = 192.168.1.1,194.117.200.10

O20 - Winlogon Notify: efcDUnkl - efcDUnkl.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 11266 bytes

Posté(e)

Ok,

 

Je vais te créer un script de désinfection, je reviens dans 5 minutes. :P

 

@+

Posté(e)

Stp rends- toi sur cette page afin de télécharger CFScript > http://www.sendspace.com/file/xi820i

 

pour cela, clique sur le lien en bas de page > pointright.gifDownload Link: CFScript et enregistre-le sur le bureau

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
     
    CFScript.gif
  • Une fenêtre bleue va apparaitre: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Reposte de nouveau un log Hijackthis à la suite (deux posts si nécessaire).

@+

Invité Jean-Michel
Posté(e)

ComboFix 08-04-20.5 - Valérie Catherin 2008-04-22 23:28:42.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.606 [GMT 2:00]

Endroit: C:\Documents and Settings\Valérie Catherin\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Valérie Catherin\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

c:\windows\system32\chlyrtcw.dll

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-22 22:57 . 2008-04-22 22:57 <REP> d-------- C:\Documents and Settings\ValÚrie Catherin

2008-04-22 22:18 . 2008-04-22 22:28 3,904 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-22 21:40 . 2008-04-22 22:15 <REP> d-------- C:\Program Files\Navilog1

2008-04-15 23:00 . 2008-04-15 23:00 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM

2008-04-15 22:30 . 2008-04-15 22:30 <REP> d-------- C:\Documents and Settings\Valérie Catherin\Application Data\Talkback

2008-04-15 22:29 . 2008-04-15 22:29 <REP> d-------- C:\Documents and Settings\Valérie Catherin\Application Data\SUPERAntiSpyware.com

2008-04-15 22:21 . 2008-04-22 22:15 <REP> d-------- C:\Documents and Settings\Valérie Catherin\Application Data\TmpRecentIcons

2008-04-15 22:12 . 2008-04-15 22:12 <REP> d-------- C:\Program Files\Avira

2008-04-15 22:12 . 2008-04-15 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-04-15 17:30 . 2008-04-15 22:46 2,034,511 ---hs---- C:\WINDOWS\system32\wctrylhc.ini

2008-04-14 16:13 . 2008-04-14 16:13 273,408 --a------ C:\WINDOWS\system32\urqOIcDw.VIR

2008-04-14 16:04 . 2008-04-14 16:04 <REP> d-------- C:\Documents and Settings\Jean-Michel Catherin\Application Data\TmpRecentIcons

2008-04-14 10:21 . 2008-04-14 16:05 <REP> d-------- C:\Documents and Settings\Jean-Michel Catherin\Application Data\PC-Antispyware

2008-04-14 09:32 . 2008-04-15 22:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sdkhozer

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 20:53 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS

2008-04-22 19:36 --------- d-----w C:\Program Files\Trend Micro

2008-04-21 22:06 --------- d-----w C:\Documents and Settings\Jean-Michel Catherin\Application Data\Skype

2008-04-15 20:46 --------- d-----w C:\Program Files\Creative

2008-04-15 20:40 --------- d--h--w C:\Program Files\Creative Installation Information

2008-04-15 20:29 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-04-15 20:29 --------- d-----w C:\Program Files\Enigma Software Group

2008-04-15 20:18 --------- d-----w C:\Program Files\Java

2008-04-15 20:02 --------- d-----w C:\Program Files\CA

2008-04-15 15:39 --------- d-----w C:\Program Files\Dofus

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-22_22.57.14.81 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC2F45AB-1977-4FEE-9EF5-BBE1443C883B}]

C:\WINDOWS\system32\urqOIcDw.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 19:09 68856]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-07 13:11 3809280]

"Workflow"="J:\install\Workflow.exe" [ ]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SoundMan"="SOUNDMAN.EXE" [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 20:08 335872]

"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2004-06-16 11:54 61440]

"PC-Antispyware"="C:\Program Files\PC-Antispyware\PC-Antispyware.exe" [ ]

"nwiz"="nwiz.exe" [2004-06-07 13:11 831488 C:\WINDOWS\system32\nwiz.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-01-26 11:46 118784]

"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-01-26 11:46 53248]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\HDAudPropShortcut.exe]

"GSICONEXE"="GSICON.EXE" [2002-02-20 10:02 90112 C:\WINDOWS\system32\gsicon.exe]

"DSLAGENTEXE"="dslagent.exe" [2002-02-20 10:02 16384 C:\WINDOWS\system32\dslagent.exe]

"Dit"="Dit.exe" [2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe]

"Cmaudio"="cmicnfg.cpl" []

"CHotkey"="mHotkey.exe" [2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe]

"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 22:37 262401]

"AS01_Netgear"="C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe" [2003-12-19 13:49 446464]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Docteur Club Internet.lnk - C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe [2005-07-01 18:56:11 217088]

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 11:15:56 65588]

WinZip Quick Pick.lnk - C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE [2002-03-29 08:10:00 106561]

Wireless Client Manager.lnk - C:\Program Files\Wireless\Client Manager\CMAGS.EXE [2004-09-26 14:33:45 323584]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"a0l0exKfbC"= C:\Documents and Settings\All Users\Application Data\sdkhozer\wzwjwfof.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDUnkl]

efcDUnkl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"LogWatch"=2 (0x2)

"CA_LIC_SRVR"=3 (0x3)

"CA_LIC_CLNT"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Look@LAN\\LookAtLan.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\WINDOWS\\system32\\rundll32.exe"=

"C:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=

"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"=

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]

R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]

R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]

S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-02-20 10:02]

S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-22 22:53]

S3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-06-08 19:09]

S3 FXDRV;FXDRV;F:\Fxdrv.sys []

S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys [2003-10-07 23:23]

S3 PRISM_A00;CREATIX 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 10:31]

S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 17:13]

S3 wlags51b;Agere Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\wlags51b.sys [2003-08-19 18:32]

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-04-22 20:56:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-22 23:29:42

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-04-22 23:30:24

ComboFix-quarantined-files.txt 2008-04-22 21:30:19

ComboFix2.txt 2008-04-22 20:57:30

 

Pre-Run: 36,689,371,136 octets libres

Post-Run: 36,684,050,432 octets libres

 

143 --- E O F --- 2008-04-22 20:57:11

Invité Jean-Michel
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:53, on 22/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Fichiers communs\Talkway\vmtalk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\WINDOWS\system32\GSICON.EXE

C:\WINDOWS\system32\dslagent.exe

C:\WINDOWS\Dit.exe

C:\WINDOWS\mHotkey.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

C:\Program Files\Wireless\Client Manager\CMAGS.EXE

C:\WINDOWS\system32\CTPdeSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: (no name) - {DC2F45AB-1977-4FEE-9EF5-BBE1443C883B} - C:\WINDOWS\system32\urqOIcDw.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration740.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: (no name) - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Workflow] J:\install\Workflow.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [PC-Antispyware] "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [AS01_Netgear] C:\Program Files\NETGEAR\WG311 Wireless Smart Configuration\Utility\NetgearAG.exe -hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKLM\..\Policies\Explorer\Run: [a0l0exKfbC] C:\Documents and Settings\All Users\Application Data\sdkhozer\wzwjwfof.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip 8.1 Fr\WZQKPICK.EXE

O4 - Global Startup: Wireless Client Manager.lnk = ?

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...031/CTSUEng.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15035/CTPID.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer = 192.168.1.1,194.117.200.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{1B5360B4-E6F3-4880-B408-DE8EE95014DC}: NameServer = 192.168.1.1,194.117.200.10

O20 - Winlogon Notify: efcDUnkl - efcDUnkl.dll (file missing)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 11122 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...