Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infection du trojan.virtumonde

grisly

Par grisly
dans Analyses et éradication malwares

 Partager

Messages recommandés

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Le pc ne bouge pas mais si je supprime le rapport de toolscleaner il va m'enlever les logiciels qui sont apres une analyse antivir infecter je ne comprend plus rien....

 

Antivir râle avec beaucoup de logiciels de désinfection comme d'autres logiciels de même type..

C'est la raison pour laquelle on demande de désinstaller les protections avant l'installation.

mais en aucun cas, il n'y a eu infection.

 

D'autre part, avec Toolscleaner vous n'avez rien à faire .L'outil se charge de tout.

 

Dans Hijackthis,cochez ces lignes puis clic sur Fix checked

C:\WINDOWS\SOUNDMAN.EXE => Realtek®Avance Logic Sound

O2 - BHO: (no name) - {bda132bd-6bb7-4abe-a709-435db7bef7ed} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

 

Tous ces logiciels sont actifs:

Zone Labs®ZoneAlarm

Avira®AntiVir PersonalEdition Classic

Emsi Software®A-Squared Anti-malware

Avira®AntiVir PersonalEdition

Grisoft®AVG AntiSpyware

Safer Net Working®Spybot S&D

Safer Net Working Spybot S&D

Alwil Avast! Antivirus

Avira AntiVir PersonalEdition Classic

PC Tools®Spyware Doctor

 

Il est fortement recommandé de n'en avoir qu'un seul par genre:

1 parefeu, 1 antivirus, 1 antispyware actifs,c'est à dire résidents sous peine de conflits.

 

Je vous conseille de garder Antivir et Avg antispyware.

Spybot n'est plus ce qu'il était.Avast ne vous protège pas bien.

A propos d'Avast

 

Avast vs Antivir

 

vous pouvez utiliser cet outil de suppression d'Avast!

 

Supprimer Avast

Il est conseillé de redémarrer l'ordinateur une fois Avast! désinstallé.

 

grisly Junior Member

grisly

Posté(e)
  • Auteur
Posté(e)

voici un rapport combofix avec tout les logiciel fermer et merci de m'aidez je savais plus quoi faire

 

ComboFix 08-07-02.5 - morgan 2008-07-03 12:39:32.7 - NTFSx86

 

Endroit: D:\Documents and Settings\morgan.049143220406\Bureau\ComboFix.exe

Command switches used :: D:\Documents and Settings\morgan.049143220406\Bureau\CFScript.txt

 

FILE ::

D:\DOCUME~1\MORGAN~1.049\LOCALS~1\Temp\CGJBRKN.exe

D:\DOCUME~1\MORGAN~1.049\LOCALS~1\Temp\naecd.sys

.

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-02 16:20 . 2008-07-02 16:20 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\WinPatrol

2008-07-02 01:52 . 2008-07-03 12:43 825,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-02 01:52 . 2008-07-03 12:41 11,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-02 01:49 . 2008-07-02 01:49 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier

2008-07-02 01:49 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-07-02 01:49 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll

2008-07-02 01:49 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll

2008-07-02 01:49 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll

2008-07-02 01:49 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll

2008-07-02 01:49 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2008-07-02 01:48 . 2008-07-02 01:48 <REP> d-------- C:\Program Files\Zone Labs

2008-07-01 19:50 . 2008-07-01 19:52 <REP> d-------- C:\Program Files\Logon Loader

2008-07-01 19:42 . 2008-07-01 19:41 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-06-30 12:33 . 2008-06-30 12:37 <REP> d-------- C:\Program Files\a-squared Anti-Malware

2008-06-30 12:31 . 2008-06-30 12:32 <REP> d-------- C:\Program Files\RegCleaner

2008-06-28 16:28 . 2008-06-28 16:28 <REP> d-------- C:\Program Files\Trend Micro

2008-06-28 00:44 . 2008-06-28 00:44 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\Malwarebytes

2008-06-28 00:44 . 2008-06-28 00:44 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-28 00:44 . 2008-07-02 12:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-28 00:44 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-28 00:44 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-27 23:59 . 2008-06-27 23:59 <REP> d-------- C:\VundoFix Backups

2008-06-27 22:26 . 2008-06-27 22:26 <REP> d-------- C:\Program Files\BillP Studios

2008-06-27 22:25 . 1998-02-06 23:39 304,128 --a------ C:\WINDOWS\unin040c.exe

2008-06-27 22:19 . 2008-06-27 22:19 <REP> d-------- C:\Program Files\File Recover

2008-06-27 22:16 . 2008-07-02 11:21 <REP> d-------- C:\Program Files\RamBoost XP

2008-06-27 22:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-06-27 22:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-06-27 22:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-06-27 22:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-06-27 22:10 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-06-27 22:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe

2008-06-27 22:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-06-27 22:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-06-27 22:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-06-27 22:06 . 2008-07-02 18:43 <REP> d-------- C:\Program Files\Zeb-Utility

2008-06-27 21:37 . 2008-07-03 11:03 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-06-27 21:32 . 2008-07-03 11:01 <REP> d-------- C:\WINDOWS\Internet Logs

2008-06-27 21:30 . 2008-06-28 15:31 <REP> d-------- C:\Program Files\RootKit Hook Analyzer

2008-06-27 21:30 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys

2008-06-27 21:23 . 2008-06-28 16:18 <REP> d-------- C:\Program Files\BHODemon 2

2008-06-27 21:22 . 2008-06-27 21:22 <REP> d-------- C:\Program Files\Defraggler

2008-06-27 21:20 . 2008-06-27 21:20 <REP> d-------- C:\Program Files\SpywareBlaster

2008-06-27 21:14 . 2008-06-27 21:14 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\Grisoft

2008-06-27 21:14 . 2008-06-27 21:14 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft

2008-06-27 21:14 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-06-26 11:46 . 2008-06-27 20:54 375 --a------ C:\WINDOWS\wininit.ini

2008-06-26 01:35 . 2008-06-26 01:36 <REP> d-------- C:\WINDOWS\ERUNT

2008-06-26 00:35 . 2008-06-26 00:35 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.004\Favoris

2008-06-26 00:35 . 2008-06-26 00:35 <REP> d-------- D:\Documents and Settings\LocalService.AUTORITE NT.004\Application Data\Talkback

2008-06-26 00:18 . 2008-06-26 00:18 <REP> d--hs---- D:\Documents and Settings\NetworkService.AUTORITE NT.004

2008-06-26 00:18 . 2008-06-26 00:35 <REP> d--hs---- D:\Documents and Settings\LocalService.AUTORITE NT.004

2008-06-24 17:12 . 2008-06-24 17:12 <REP> d-------- C:\Program Files\SDFix'

2008-06-24 14:17 . 2008-06-24 14:17 <REP> d-------- C:\Program Files\FileASSASSIN

2008-06-24 14:14 . 2008-06-24 14:14 <REP> d-------- C:\Program Files\RogueRemover FREE

2008-06-24 14:08 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-06-24 14:08 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-06-24 14:05 . 2008-06-24 14:05 <REP> d-------- C:\Program Files\Sun

2008-06-24 13:52 . 2008-06-24 13:52 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\PC Tools

2008-06-24 13:52 . 2008-07-02 19:00 <REP> d-------- C:\Program Files\Spyware Doctor

2008-06-24 13:52 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-06-24 13:52 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-06-24 13:52 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-06-24 13:52 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-06-24 13:50 . 2008-07-02 15:09 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-24 13:26 . 2008-06-24 13:35 <REP> d-------- C:\Program Files\Panda Security

2008-06-20 21:04 . 2008-06-20 21:04 <REP> d-------- C:\Program Files\BatchDPG

2008-06-18 22:41 . 2008-06-18 22:41 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\Viewpoint

2008-06-15 22:18 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-15 22:18 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-03 10:30 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\SiteAdvisor

2008-07-03 10:21 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP

2008-07-03 09:38 --------- d-----w C:\Program Files\Java

2008-07-02 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-02 11:08 --------- d-----w C:\Program Files\Arovax AntiSpyware

2008-06-28 13:45 --------- d-----w C:\Program Files\BitSpirit

2008-06-27 23:09 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\uTorrent

2008-06-27 23:08 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\ImgBurn

2008-06-27 19:42 --------- d-----w C:\Program Files\Google

2008-06-24 12:08 --------- d-----w C:\Program Files\Picasa2

2008-06-24 11:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-06-19 12:21 --------- d-----w C:\Program Files\HP

2008-05-28 19:57 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\AdobeUM

2008-05-14 12:14 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\Azureus

2008-05-14 12:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2006-03-13 16:38 56 --sh--r C:\WINDOWS\system32\7C3ABB3CBB.sys

2006-03-13 16:41 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe

2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-02_18.23.53,56 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-02 16:05:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-03 10:42:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]

@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"

[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]

%SystemRoot%\system32\VirtualExpander\VEShellExt.dll [bU]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="D:\morgan\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [bU]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [bU]

"AWMON"="C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe" [2005-06-27 16:49 516608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="D:\\Documents and Settings\\morgan.049143220406\\Bureau\\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ulmp3acm"= ulmp3acm.acm

"msacm.mpegacm"= mpegacm.acm

"vidc.MJ2C"= M3JP2K32.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^morgan.049143220406^Menu Démarrer^Programmes^Démarrage^BHODemon 2.0.lnk]

path=D:\Documents and Settings\morgan.049143220406\Menu Démarrer\Programmes\Démarrage\BHODemon 2.0.lnk

backup=C:\WINDOWS\pss\BHODemon 2.0.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^morgan.049143220406^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]

path=D:\Documents and Settings\morgan.049143220406\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^morgan.049143220406^Menu Démarrer^Programmes^Démarrage^VirtualExpander.lnk]

path=D:\Documents and Settings\morgan.049143220406\Menu Démarrer\Programmes\Démarrage\VirtualExpander.lnk

backup=C:\WINDOWS\pss\VirtualExpander.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]

--a------ 2003-05-02 11:31 24576 c:\APPS\ABOARD\ABOARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-03-22 21:05 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]

--a------ 2005-06-27 16:49 516608 C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

--a------ 2005-05-11 13:48 127118 c:\APPS\Powercinema\PCMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsLime]

C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]

--a------ 2004-08-30 16:37 286720 C:\WINDOWS\vsnpstd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]

--a------ 2005-03-14 01:37 1057280 D:\morgan\SuperCopier2\SuperCopier2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2005-10-27 01:28 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

--a------ 2004-11-26 11:43 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2003-04-02 04:20 12288 C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2k]

--a------ 2001-11-01 00:52 57344 C:\WINDOWS\system32\MMTray2k.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=2 (0x2)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"vsmon"=2 (0x2)

"usnjsvc"=3 (0x3)

"UPS"=3 (0x3)

"upnphost"=3 (0x3)

"TUWinStylerThemeSvc"=3 (0x3)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=2 (0x2)

"StarWindService"=2 (0x2)

"SSDPSRV"=3 (0x3)

"srservice"=2 (0x2)

"SPTISRV"=3 (0x3)

"Spooler"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"seclogon"=2 (0x2)

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"Pml Driver HPZ12"=3 (0x3)

"PlugPlay"=2 (0x2)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"Nla"=3 (0x3)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"NBService"=3 (0x3)

"MysqlInventime"=3 (0x3)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LmHosts"=2 (0x2)

"lanmanworkstation"=2 (0x2)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"IDriverT"=3 (0x3)

"HTTPFilter"=3 (0x3)

"HidServ"=2 (0x2)

"helpsvc"=2 (0x2)

"gusvc"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"EventSystem"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Dhcp"=2 (0x2)

"CyberLink Media Library Service"=2 (0x2)

"CryptSvc"=2 (0x2)

"COMSysApp"=3 (0x3)

"CLSched"=2 (0x2)

"CLCapSvc"=2 (0x2)

"CiSvc"=3 (0x3)

"CGJBRKN"=3 (0x3)

"Browser"=2 (0x2)

"BITS"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"AudioSrv"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirScheduler"=2 (0x2)

"ALG"=3 (0x3)

"a2AntiMalware"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\APPS\\Inventime\\my.exe"=

"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=

"D:\\morgan\\jeu fear\\FEAR.exe"=

"D:\\morgan\\jeu fear\\fpupdate.exe"=

"D:\\Program Files\\eMule\\emule.exe"=

"D:\\Program Files\\WF.exe"=

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\WINDOWS\\system32\\mshta.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]

R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-01-18 16:33]

R3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 18:14]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

S3 naecd;naecd;D:\DOCUME~1\MORGAN~1.049\LOCALS~1\Temp\naecd.sys []

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]

S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]

S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]

S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2006-03-13 17:51]

S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2006-03-13 17:51]

S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2006-03-13 17:51]

S4 CGJBRKN;CGJBRKN;D:\DOCUME~1\MORGAN~1.049\LOCALS~1\Temp\CGJBRKN.exe []

S4 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4588b7a-1134-11dd-898d-0060b3db8ce7}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-27 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-06-23 21:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-27 15:18:23 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

"2006-03-12 11:51:44 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{bda132bd-6bb7-4abe-a709-435db7bef7ed} - (no file)

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-03 12:43:25

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\D:\DOCUME~1\MORGAN~1.049\LOCALS~1\Temp\mc22.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]

"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"

.

Temps d'accomplissement: 2008-07-03 12:47:26 - machine was rebooted [morgan]

ComboFix-quarantined-files.txt 2008-07-03 10:47:21

 

Pre-Run: 9,621,098,496 octets libres

Post-Run: 9,605,464,064 octets libres

 

384 --- E O F --- 2008-06-20 09:30:37

 

et un rapport hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:11:36, on 03/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\MMTray2k.exe

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\morgan.049143220406\Bureau\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MMTray2k] MMTray2k.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"

O4 - HKCU\..\Run: [superCopier2.exe] D:\morgan\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CGJBRKN - Unknown owner - D:\DOCUME~1\MORGAN~1.049\LOCALS~1\Temp\CGJBRKN.exe (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 11130 bytes

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonjour,

 

)Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Driver::

CGJBRKN

naecd

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

wv0zyqhphc.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Relisez mon message précédent, svp.

Java 1.5, logiciels de protection inutiles ou obsolètes.

Bien sûr, rien ne vous y oblige mais ce serait préférable.

 

Videz vos fichiers temporaires.

 

Faites un scan Antivir et postez en le rapport.

 

 

NB : le choix d'Antivir comme antivirus à utiliser dans le cadre de cette procédure, a reposé sur les critères suivants :

--- failles de votre antivirus qui a laissé passer des malwares

--- En mode sans échec ,seuls les processus systèmes sont lancés.Il est donc plus facile de supprimer les infections

--- Antivir peut-être installé et désinstallé facilement

--- Antivir est reconnu pour son efficacité en mode sans échec

 

Paramètres conseillés

Clic droit sur le parapluie->Configure

Cliquer Expert mode->Scan:

Cocher: All files

Additionnal Settings:tout cocher

Clic sur scan +

Action for concerning files:

Cocher

copie file to quarantine before action

Primary action...................: repair => au cas ou ce serait un fichier système corrompu

Secondary action.................: delete => s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine

 

 

Désactivez votre antivirus actuel

 

Redémarrez en mode sans échec.

Lancez le scan

 

Postez le rapport

 

Modifié par pear
grisly Junior Member

grisly

Posté(e)
  • Auteur
Posté(e)

voici un rapport combofixe:

 

ComboFix 08-07-02.5 - morgan 2008-07-04 11:46:34.1 - NTFSx86

 

Endroit: D:\Documents and Settings\morgan.049143220406\Bureau\ComboFix.exe

Command switches used :: D:\Documents and Settings\morgan.049143220406\Bureau\CFScript.txt

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CGJBRKN

-------\Legacy_NAECD

-------\Service_CGJBRKN

-------\Service_naecd

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-04 to 2008-07-04 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-03 18:00 . 2008-07-03 18:00 3,602 --a------ C:\WINDOWS\system32\tmp.reg

2008-07-02 16:20 . 2008-07-02 16:20 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\WinPatrol

2008-07-02 01:52 . 2008-07-04 11:51 1,005,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-02 01:52 . 2008-07-04 11:49 13,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-02 01:49 . 2008-07-02 01:49 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MailFrontier

2008-07-02 01:49 . 2008-04-02 21:07 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-07-02 01:49 . 2008-04-02 21:08 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll

2008-07-02 01:49 . 2008-04-02 21:08 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll

2008-07-02 01:49 . 2008-04-02 21:08 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll

2008-07-02 01:49 . 2008-04-02 21:08 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll

2008-07-02 01:49 . 2004-04-27 05:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2008-07-02 01:48 . 2008-07-02 01:48 <REP> d-------- C:\Program Files\Zone Labs

2008-07-01 19:50 . 2008-07-01 19:52 <REP> d-------- C:\Program Files\Logon Loader

2008-07-01 19:42 . 2008-07-01 19:41 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-06-30 12:33 . 2008-06-30 12:37 <REP> d-------- C:\Program Files\a-squared Anti-Malware

2008-06-30 12:31 . 2008-06-30 12:32 <REP> d-------- C:\Program Files\RegCleaner

2008-06-28 16:28 . 2008-06-28 16:28 <REP> d-------- C:\Program Files\Trend Micro

2008-06-28 00:44 . 2008-06-28 00:44 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\Malwarebytes

2008-06-28 00:44 . 2008-06-28 00:44 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-28 00:44 . 2008-07-02 12:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-28 00:44 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-28 00:44 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-27 23:59 . 2008-06-27 23:59 <REP> d-------- C:\VundoFix Backups

2008-06-27 22:26 . 2008-06-27 22:26 <REP> d-------- C:\Program Files\BillP Studios

2008-06-27 22:25 . 1998-02-06 23:39 304,128 --a------ C:\WINDOWS\unin040c.exe

2008-06-27 22:19 . 2008-06-27 22:19 <REP> d-------- C:\Program Files\File Recover

2008-06-27 22:16 . 2008-07-02 11:21 <REP> d-------- C:\Program Files\RamBoost XP

2008-06-27 22:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-06-27 22:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-06-27 22:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-06-27 22:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-06-27 22:10 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-06-27 22:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe

2008-06-27 22:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-06-27 22:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-06-27 22:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-06-27 22:06 . 2008-07-02 18:43 <REP> d-------- C:\Program Files\Zeb-Utility

2008-06-27 21:37 . 2008-07-03 11:03 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-06-27 21:32 . 2008-07-04 11:42 <REP> d-------- C:\WINDOWS\Internet Logs

2008-06-27 21:30 . 2008-06-28 15:31 <REP> d-------- C:\Program Files\RootKit Hook Analyzer

2008-06-27 21:30 . 2007-07-07 00:39 19,248 --a------ C:\WINDOWS\system32\drivers\rspsc32.sys

2008-06-27 21:23 . 2008-06-28 16:18 <REP> d-------- C:\Program Files\BHODemon 2

2008-06-27 21:22 . 2008-06-27 21:22 <REP> d-------- C:\Program Files\Defraggler

2008-06-27 21:20 . 2008-06-27 21:20 <REP> d-------- C:\Program Files\SpywareBlaster

2008-06-27 21:14 . 2008-06-27 21:14 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\Grisoft

2008-06-27 21:14 . 2008-06-27 21:14 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft

2008-06-27 21:14 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-06-26 11:46 . 2008-06-27 20:54 375 --a------ C:\WINDOWS\wininit.ini

2008-06-26 01:35 . 2008-06-26 01:36 <REP> d-------- C:\WINDOWS\ERUNT

2008-06-26 00:35 . 2008-06-26 00:35 <REP> d---s---- D:\Documents and Settings\LocalService.AUTORITE NT.004\Favoris

2008-06-26 00:35 . 2008-06-26 00:35 <REP> d-------- D:\Documents and Settings\LocalService.AUTORITE NT.004\Application Data\Talkback

2008-06-26 00:18 . 2008-06-26 00:18 <REP> d--hs---- D:\Documents and Settings\NetworkService.AUTORITE NT.004

2008-06-26 00:18 . 2008-06-26 00:35 <REP> d--hs---- D:\Documents and Settings\LocalService.AUTORITE NT.004

2008-06-24 17:12 . 2008-06-24 17:12 <REP> d-------- C:\Program Files\SDFix'

2008-06-24 14:17 . 2008-06-24 14:17 <REP> d-------- C:\Program Files\FileASSASSIN

2008-06-24 14:14 . 2008-06-24 14:14 <REP> d-------- C:\Program Files\RogueRemover FREE

2008-06-24 14:08 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-06-24 14:08 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-06-24 14:05 . 2008-06-24 14:05 <REP> d-------- C:\Program Files\Sun

2008-06-24 13:52 . 2008-06-24 13:52 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\PC Tools

2008-06-24 13:52 . 2008-07-02 19:00 <REP> d-------- C:\Program Files\Spyware Doctor

2008-06-24 13:52 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-06-24 13:52 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-06-24 13:52 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-06-24 13:52 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-06-24 13:50 . 2008-07-03 16:09 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-24 13:26 . 2008-06-24 13:35 <REP> d-------- C:\Program Files\Panda Security

2008-06-20 21:04 . 2008-06-20 21:04 <REP> d-------- C:\Program Files\BatchDPG

2008-06-18 22:41 . 2008-06-18 22:41 <REP> d-------- D:\Documents and Settings\morgan.049143220406\Application Data\Viewpoint

2008-06-15 22:18 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-15 22:18 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-03 15:53 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\SiteAdvisor

2008-07-03 15:20 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP

2008-07-03 11:22 --------- d-----w C:\Program Files\Alwil Software

2008-07-03 09:38 --------- d-----w C:\Program Files\Java

2008-07-02 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-07-02 11:08 --------- d-----w C:\Program Files\Arovax AntiSpyware

2008-06-28 13:45 --------- d-----w C:\Program Files\BitSpirit

2008-06-27 23:09 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\uTorrent

2008-06-27 23:08 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\ImgBurn

2008-06-27 19:42 --------- d-----w C:\Program Files\Google

2008-06-24 12:08 --------- d-----w C:\Program Files\Picasa2

2008-06-24 11:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-06-19 12:21 --------- d-----w C:\Program Files\HP

2008-05-28 19:57 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\AdobeUM

2008-05-14 12:14 --------- d-----w D:\Documents and Settings\morgan.049143220406\Application Data\Azureus

2008-05-14 12:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2006-03-13 16:38 56 --sh--r C:\WINDOWS\system32\7C3ABB3CBB.sys

2006-03-13 16:41 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe

2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]

@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"

[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]

%SystemRoot%\system32\VirtualExpander\VEShellExt.dll [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-05 14:00 160768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="D:\\Documents and Settings\\morgan.049143220406\\Bureau\\logonui.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ulmp3acm"= ulmp3acm.acm

"msacm.mpegacm"= mpegacm.acm

"vidc.MJ2C"= M3JP2K32.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.HFYU"= huffyuv.dll

"VIDC.VP31"= vp31vfw.dll

"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^morgan.049143220406^Menu Démarrer^Programmes^Démarrage^BHODemon 2.0.lnk]

path=D:\Documents and Settings\morgan.049143220406\Menu Démarrer\Programmes\Démarrage\BHODemon 2.0.lnk

backup=C:\WINDOWS\pss\BHODemon 2.0.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^morgan.049143220406^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]

path=D:\Documents and Settings\morgan.049143220406\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk

backup=C:\WINDOWS\pss\RocketDock.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^morgan.049143220406^Menu Démarrer^Programmes^Démarrage^VirtualExpander.lnk]

path=D:\Documents and Settings\morgan.049143220406\Menu Démarrer\Programmes\Démarrage\VirtualExpander.lnk

backup=C:\WINDOWS\pss\VirtualExpander.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]

--a------ 2003-05-02 11:31 24576 c:\APPS\ABOARD\ABOARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-03-22 21:05 339968 C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]

--a------ 2005-06-27 16:49 516608 C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

--a------ 2005-05-11 13:48 127118 c:\APPS\Powercinema\PCMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsLime]

C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

--a------ 2004-08-05 14:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]

--a------ 2004-08-30 16:37 286720 C:\WINDOWS\vsnpstd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]

--a------ 2005-03-14 01:37 1057280 D:\morgan\SuperCopier2\SuperCopier2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2005-10-27 01:28 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]

--a------ 2004-11-26 11:43 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2003-04-02 04:20 12288 C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2k]

--a------ 2001-11-01 00:52 57344 C:\WINDOWS\system32\MMTray2k.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=2 (0x2)

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"vsmon"=2 (0x2)

"usnjsvc"=3 (0x3)

"UPS"=3 (0x3)

"upnphost"=3 (0x3)

"TUWinStylerThemeSvc"=3 (0x3)

"TrkWks"=2 (0x2)

"Themes"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=2 (0x2)

"StarWindService"=2 (0x2)

"SSDPSRV"=3 (0x3)

"srservice"=2 (0x2)

"SPTISRV"=3 (0x3)

"Spooler"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SharedAccess"=2 (0x2)

"SENS"=2 (0x2)

"seclogon"=2 (0x2)

"sdCoreService"=3 (0x3)

"sdAuxService"=3 (0x3)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"Pml Driver HPZ12"=3 (0x3)

"PlugPlay"=2 (0x2)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"Nla"=3 (0x3)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"NBService"=3 (0x3)

"MysqlInventime"=3 (0x3)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"LmHosts"=2 (0x2)

"lanmanworkstation"=2 (0x2)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"IDriverT"=3 (0x3)

"HTTPFilter"=3 (0x3)

"HidServ"=2 (0x2)

"helpsvc"=2 (0x2)

"gusvc"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"EventSystem"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Dhcp"=2 (0x2)

"CyberLink Media Library Service"=2 (0x2)

"CryptSvc"=3 (0x3)

"COMSysApp"=3 (0x3)

"CLSched"=2 (0x2)

"CLCapSvc"=2 (0x2)

"CiSvc"=3 (0x3)

"CGJBRKN"=3 (0x3)

"Browser"=2 (0x2)

"BITS"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"AudioSrv"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirScheduler"=2 (0x2)

"ALG"=3 (0x3)

"a2AntiMalware"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\APPS\\Inventime\\my.exe"=

"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=

"D:\\morgan\\jeu fear\\FEAR.exe"=

"D:\\morgan\\jeu fear\\fpupdate.exe"=

"D:\\Program Files\\eMule\\emule.exe"=

"D:\\Program Files\\WF.exe"=

"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\WINDOWS\\system32\\mshta.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]

R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-01-18 16:33]

R3 snpstd2;GE 98067 MiniCam Pro;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-12-16 18:14]

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]

S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]

S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]

S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]

S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]

S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]

S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

S3 w600bus;Sony Ericsson W600 driver (WDM);C:\WINDOWS\system32\DRIVERS\w600bus.sys [2006-03-13 17:51]

S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w600mdfl.sys [2006-03-13 17:51]

S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w600mdm.sys [2006-03-13 17:51]

S4 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4588b7a-1134-11dd-898d-0060b3db8ce7}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-27 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

"2008-06-23 21:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-27 15:18:23 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

"2006-03-12 11:51:44 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-04 11:51:01

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]

"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"

.

Temps d'accomplissement: 2008-07-04 11:54:44 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-04 09:54:41

ComboFix2.txt 2008-07-03 10:47:27

 

Pre-Run: 9,638,854,656 octets libres

Post-Run: 9,623,769,088 octets libres

 

371 --- E O F --- 2008-06-20 09:30:37

 

et un rapport hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:09:39, on 04/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\vsnpstd2.exe

C:\Apps\Powercinema\PCMService.exe

C:\WINDOWS\system32\MMTray2k.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\apps\ABoard\ABoard.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\apps\ABoard\AOSD.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Documents and Settings\morgan.049143220406\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [MMTray2k] MMTray2k.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe"

O4 - HKCU\..\Run: [superCopier2.exe] D:\morgan\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 10402 bytes

 

et mon antivirus (antivir) m'a trouvé 13 virus que jai supprimer

pear Devil Member !

pear

Posté(e)
Posté(e)
mon antivirus (antivir) m'a trouvé 13 virus que jai supprimer

 

Vous avez bien fait.

Ils étaient sans doute dans les quarantaines des outils utilisés.

J'aurais souhaité voir le rapport. Antivir, pour confirmation.

Il faut désinstaller Combofix,car seule la dernière version est valable car les mises à jour sont fréquentes.

Pour enlever Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

grisly Junior Member

grisly

Posté(e)
  • Auteur
Posté(e)

Bonjour

J'ai utiliser Zeb-utility 2.1 pour optimiser le pc et quand je fait une analyse avec spyware doctor et avg et mon antivirus, ils ne me trouvent plus rien donc je pense que mon pc doit etre propre....

jenvois un rapport hijackthis pour votre confirmation:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:57 Grisly, on 05/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\vsnpstd2.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Apps\Powercinema\PCMService.exe

C:\WINDOWS\system32\MMTray2k.exe

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\morgan.049143220406\Mes documents\logiciel pour pc\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sNPSTD2] C:\WINDOWS\vsnpstd2.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [MMTray2k] MMTray2k.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 10654 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...