Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Multiples problèmes

maxou39

Par maxou39
dans Analyses et éradication malwares

 Partager

Messages recommandés

maxou39 Junior Member

maxou39

Posté(e)
Posté(e)

Bonjour,

 

l'ordi de mon frangin a de multiples problèmes.

Déja il ne peut plus lancer le gestionnaire de tache celui ci est désactivé et l'accès à la base de registre aussi.

Ensuite l'ordi ne reconnait plus les clefs usb externes.

Par ailleurs il est très lent.

 

Je joins ci dessous le rapport généré par hijackthis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:50, on 2009-04-14

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\dhcp\svchost.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\tdctxte.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\TEST\CDPLAYER.EXE

C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Genius\TVGo DVB-T02PRO\DetectTray.exe

C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe

C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\DOCUME~1\Maxime\LOCALS~1\Temp\Répertoire temporaire 2 pour KillProcess.zip\KillProcess.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\Maxime\LOCALS~1\Temp\341761280.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.42.172.254:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: C:\WINDOWS\system32\hsf73ikmdf3f.dll - {b2ba40a2-74f3-42bd-f434-2604812c8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spool] C:\WINDOWS\spool.exe

O4 - HKLM\..\Run: [DeluxeCD] C:\TEST\CDPLAYER.EXE -tray

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

O4 - HKCU\..\Run: [DetectTray] C:\Program Files\Genius\TVGo DVB-T02PRO\DetectTray.exe

O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Maxime\LOCALS~1\Temp\341761280.exe

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [inetChk] C:\WINDOWS\TEMP\ms1239172062.exe work (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j3rvuau4me.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j3rvuau4me.exe (User 'Default user')

O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O22 - SharedTaskScheduler: jkxg983iksnf934uitmgs3gt - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll

O22 - SharedTaskScheduler: lkjf9873jhifjnsfi8w3fe - {D5BF49A0-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\ds43g4nfjkn93.dll

O23 - Service: 6to4 - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: afisicx - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: Apple Mobile Device - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: AppMgmt - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: AudioSrv - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: BITS - Unknown owner - Cf\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: Bonjour Service - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: Browser - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: COMSysApp - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: DcomLaunch - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: Dhcp - Unknown owner - C:\WINDOWS\TEMP\VRT2.tmp (file missing)

O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe

O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: PsExec (psexesvc) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)

O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

 

--

End of file - 8872 bytes

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonsoir maxou39 :P

 

Messages: 1
Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement :P

 

Ton système présente des traces importantes d'infections.

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

  • Double-clique combofix.exe afin de l'exécuter et suis les instructions.
  • Lorsque l'analyse sera complétée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.

maxou39 Junior Member

maxou39

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

et merci de ton aide.

J'ai fait ce que tu m'as dit.

Lors de l'execution de combofix l'ordi a redémarré 2 fois.

 

Voici le rapport généré par combofix :

 

ComboFix 09-04-14.09 - Maxime 2009-04-14 22:32.5 - NTFSx86

Lancé depuis: c:\down\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Maxime\reader_s.exe

c:\windows\dhcp\svchost.exe

c:\windows\system32\comsa32.sys

c:\windows\system32\drivers\ovfsth.sys

c:\windows\system32\drivers\ovfsthalkddoqwsnsulvmttmsnbegceyjalsgq.sys

c:\windows\system32\ovfsthbicjejgbgyhceqrkqykpkopxpgspgnqq.dll

c:\windows\system32\ovfsthfqgpinluyurwlvhannrwqubfhyxthqoj.dll

c:\windows\system32\ovfsthnefbpunlxdgjpreyjtphqimadrgnilvk.dat

c:\windows\system32\ovfsthvrsbrrpibfwkklhtffiewxnlvnsbfnqf.dll

c:\windows\system32\ovfsthxuintymaxtfniqxovtnlbyvgcklkomec.dat

c:\windows\system32\tdctxte.exe

 

c:\windows\system32\userinit.exe . . . est infecté!!

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_ovfsthwvivbnykteooqxrxhkdkbwemxewfelwm

-------\Legacy_afisicx

-------\Legacy_dhcpsrv

-------\Legacy_sopidkc

-------\Legacy_tdctxte

-------\Service_afisicx

-------\Service_dhcpsrv

-------\Service_restore

-------\Service_sopidkc

-------\Service_tdctxte

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-14 20:26 . 2006-03-02 22:42 73728 ----a-w C:\pv.exe

2009-04-14 19:27 . 2009-04-14 19:27 325 ----a-w c:\windows\KillProcess.INI

2009-04-14 16:47 . 2009-04-14 16:47 -------- d-----w C:\rsit

2009-04-14 16:46 . 2009-04-14 20:25 -------- d-----w C:\Down

2009-04-14 15:01 . 2008-04-14 02:34 162304 ----a-w C:\tm.exe

2009-04-08 06:32 . 2009-04-08 06:32 155 ----a-w c:\windows\system32\SelfDel.bat

2009-04-08 06:32 . 2009-04-08 06:32 15000 ----a-w c:\windows\system32\ds43g4nfjkn93.dll

2009-04-08 06:31 . 2009-04-08 06:31 84045 ----a-w c:\windows\system32\ftp_non_crp.exe

2009-04-08 06:21 . 2009-04-14 20:32 -------- d-----w c:\windows\dhcp

2009-04-08 06:18 . 2009-04-08 06:33 -------- d-sh--r c:\program files\ThunMail

2009-04-08 06:17 . 2009-04-07 18:59 21704 ----a-w c:\windows\system32\rr.exe

2009-04-08 06:17 . 2009-04-08 06:17 213120 -c--a-w c:\windows\system32\dllcache\ndis.sys

2009-04-08 06:17 . 2009-04-14 20:44 90350 ----a-w c:\windows\system32\drivers\accdeb50.sys

2009-04-08 06:17 . 2009-04-08 06:17 705 ----a-w C:\ytiva.exe

2009-04-08 06:17 . 2009-04-08 06:17 21504 ----a-w C:\gyekuc.exe

2009-04-08 06:16 . 2009-04-08 06:16 2 ----a-w C:\1156295225

2009-04-08 06:16 . 2009-04-08 06:16 15000 ----a-w c:\windows\system32\hsf73ikmdf3f.dll

2009-04-03 17:22 . 2009-04-14 20:44 105170 ----a-w c:\windows\system32\drivers\1c30c3b9.sys

2009-04-03 16:49 . 2009-04-08 06:35 41984 ----a-w C:\0xf9.exe

2009-04-03 16:42 . 2008-04-14 02:33 54784 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll

2009-04-03 16:42 . 2008-04-14 02:33 54784 ----a-w c:\windows\system32\vfwwdm32.dll

2009-04-03 16:42 . 2003-03-19 10:44 45056 ----a-w c:\windows\system32\MFC71CHT.DLL

2009-04-03 16:41 . 2006-12-12 15:56 104 ----a-w c:\windows\system32\drivers\EC168Hid.dat

2009-04-03 16:41 . 2006-07-31 09:56 4096 ----a-w c:\windows\system32\HUCoInstaller.dll

2009-04-03 16:41 . 2007-05-18 11:18 67968 ----a-w c:\windows\system32\drivers\EC168BDA.sys

2009-04-03 16:41 . 2007-02-26 09:40 7107 ----a-w c:\windows\system32\drivers\EC168BDA.bin

2009-04-03 16:41 . 2009-04-03 16:41 -------- d-----w c:\program files\Genius

2009-04-03 09:18 . 2007-06-01 05:13 238848 ------r c:\windows\system32\drivers\BLKWGU.sys

2009-04-03 09:18 . 2009-04-03 09:18 21035 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-04-03 09:17 . 2006-12-18 08:07 14523 ------w c:\windows\system32\drivers\string.ini

2009-04-03 09:17 . 2006-11-15 14:23 38144 ----a-w c:\windows\system32\drivers\EAPPkt.sys

2009-04-03 09:17 . 2009-04-03 09:17 -------- d-----w c:\program files\Belkin

2009-04-03 09:16 . 2009-04-03 09:16 -------- d-----w c:\documents and settings\Maxime\Application Data\InstallShield

2009-03-26 17:51 . 2009-03-26 17:54 -------- d-----w C:\32788R22FWJFW.0.tmp

2009-03-26 16:45 . 2009-03-26 16:45 -------- d-----w c:\program files\Trend Micro

2009-03-26 16:34 . 2009-03-26 16:33 311808 ----a-w c:\windows\sms.ex_

2009-03-26 16:33 . 2009-03-26 16:33 311808 ----a-w c:\windows\spool.ex_

2009-03-26 15:59 . 2009-03-26 15:59 -------- d-----w c:\documents and settings\Maxime\Application Data\Talkback

2009-03-23 13:54 . 2009-03-26 16:35 162 --sha-w c:\windows\system32\1156295225.dat

2009-03-23 13:54 . 2009-03-23 13:53 41472 --sh--r c:\windows\system32\advpack.dlln.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-12 07:25 . 2009-04-03 16:50 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

2009-04-09 15:20 . 2005-01-15 17:12 -------- d-----w c:\program files\Budget Familial

2009-04-08 06:17 . 2003-01-26 12:57 213120 ----a-w c:\windows\system32\drivers\ndis.sys

2009-04-07 16:29 . 2005-01-28 17:20 -------- d-----w c:\program files\Budget Rotary

2009-04-03 16:41 . 2003-01-26 13:36 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-01 17:11 . 2008-07-18 12:35 -------- d-----w c:\program files\EoRezo

2009-04-01 17:11 . 2008-07-18 12:35 -------- d-----w c:\documents and settings\Maxime\Application Data\EoRezo

2009-04-01 16:27 . 2006-11-04 14:34 -------- d-----w c:\documents and settings\Maxime\Application Data\Skype

2009-04-01 06:27 . 2008-07-18 12:35 -------- d-----w c:\program files\ItsLabel

2009-03-29 13:02 . 2003-01-26 12:57 49054 ----a-w c:\windows\system32\perfc00C.dat

2009-03-29 13:02 . 2003-01-26 12:57 368314 ----a-w c:\windows\system32\perfh00C.dat

2009-03-26 10:35 . 2008-06-28 13:03 -------- d-----w c:\program files\TomTom HOME 2

2009-03-05 10:16 . 2007-04-02 11:56 -------- d-----w c:\documents and settings\All Users\Application Data\EBP

2009-03-05 10:16 . 2005-02-22 07:33 -------- d-----w c:\documents and settings\Maxime\Application Data\EBP

2009-03-05 10:15 . 2009-03-05 10:13 -------- d--h--w c:\documents and settings\All Users\Application Data\{C95A54B6-9527-4037-8135-C31A156AA451}

2009-03-05 10:13 . 2003-05-13 17:16 -------- d-----w c:\program files\EBP

2009-02-14 15:26 . 2009-02-14 15:26 -------- d-----w c:\program files\Axis Communications

2009-02-09 14:05 . 2003-01-26 12:57 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-05 15:40 . 2009-03-05 10:15 3715072 ----a-w c:\windows\system32\cdintf300.dll

2008-09-30 17:09 . 2005-11-02 09:05 113128 ----a-w c:\documents and settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT

2008-07-18 17:07 . 2003-05-09 16:34 116520 ----a-w c:\documents and settings\Maxime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-02-17 18:35 . 2005-08-29 11:56 112632 ----a-w c:\documents and settings\Myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-16 19:55 . 2006-01-16 19:55 112632 ----a-w c:\documents and settings\Viviane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-06 19:02 . 2006-01-06 18:52 278528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2003-09-25 23:24 . 2003-09-25 23:24 1187840 ----a-w c:\program files\Fichiers communs\vfp8rfra.dll

2003-09-25 20:36 . 2003-09-25 20:36 4300800 ----a-w c:\program files\Fichiers communs\vfp8r.dll

2003-09-25 19:47 . 2003-09-25 19:47 1150976 ----a-w c:\program files\Fichiers communs\VFP8RENU.DLL

2001-09-06 06:00 . 2001-09-06 06:00 1700352 ----a-w c:\program files\Fichiers communs\gdiplus.dll

1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w c:\program files\Fichiers communs\IRAABOUT.DLL

1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w c:\program files\Fichiers communs\IRAMDMTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w c:\program files\Fichiers communs\IRALPTTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w c:\program files\Fichiers communs\IRAWEBTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w c:\program files\Fichiers communs\IRAREG.DLL

1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w c:\program files\Fichiers communs\IRASRIAL.DLL

2008-09-19 08:2008-09-19 08:27 27:20 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-30 22:2008-08-11 08:31 04:36 . c:\program files\mozilla firefox\components\jar50.dll

2009-03-30 22:2008-08-11 08:31 04:37 . c:\program files\mozilla firefox\components\jsd3250.dll

2009-03-30 22:2008-08-11 08:31 04:40 . c:\program files\mozilla firefox\components\xpinstal.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5bf49a0-94f3-42bd-f434-3604812c8955}]

2009-04-08 06:32 15000 ----a-w c:\windows\system32\ds43g4nfjkn93.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 34304]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1714176]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 151552]

"Diagnostic Manager"="c:\docume~1\Maxime\LOCALS~1\Temp\3229876768.exe" [2009-04-14 21505]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 208896]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 434176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"spool"="c:\windows\spool.exe" [bU]

"DeluxeCD"="c:\test\CDPLAYER.EXE" [1999-12-07 356624]

"DataLayer"="c:\program files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1125888]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 315392]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]

"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-02 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 34304]

"InetChk"="c:\windows\TEMP\ms1239172062.exe" [bU]

"svc"="c:\program files\ThunMail\testabd.exe" [bU]

"Windows Resurections"="c:\windows\TEMP\j3rvuau4me.exe" [bU]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2009-4-3 1585152]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 48640]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 86068]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFolderOptions"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{B2BA40A2-74F3-42BD-F434-2604812C8954}"= "c:\windows\system32\hsf73ikmdf3f.dll" [2009-04-08 15000]

"{D5BF49A0-94F3-42BD-F434-3604812C8955}"= "c:\windows\system32\ds43g4nfjkn93.dll" [2009-04-08 15000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\explorer.exe,"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.PIM1"= pclepim1.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Icône AOL.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Icône AOL.lnk

backup=c:\windows\pss\Icône AOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk

backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk

backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WallADay.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WallADay.lnk

backup=c:\windows\pss\WallADay.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^Pervasive.SQL Workgroup Engine.lnk]

path=c:\documents and settings\Maxime\Menu Démarrer\Programmes\Démarrage\Pervasive.SQL Workgroup Engine.lnk

backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\load]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\run]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-23 19:33 57344 ----a-w c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

2003-03-11 16:06 126976 ----a-w c:\program files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-09-19 08:27 29744 ----a-w c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]

2007-04-26 14:19 2928640 ----a-w c:\program files\ItsLabel\ItsTV.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2002-07-18 16:36 28672 ----a-w c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\moneyagent]

2002-07-17 10:00 225343 ----a-w c:\program files\Microsoft Money\System\mnyexpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2008-08-11 08:33 69632 ----a-w c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NsUpdate]

2004-05-04 10:56 79547 ----a-r c:\windows\NsUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

2005-03-22 07:39 167936 ----a-w c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

2005-04-20 07:57 847872 ----a-w c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-12-04 11:34 406016 ----a-w c:\windows\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2006-10-13 16:20 20058152 ----a-w c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2006-09-14 05:57 155896 ----a-w c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe]

2008-08-11 08:33 185896 ----a-w c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2008-12-09 10:12 234856 ----a-w c:\program files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2002-11-18 23:00 65536 ----a-w c:\windows\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"HidServ"=2 (0x2)

"gusvc"=3 (0x3)

"GoogleDesktopManager-061008-081103"=3 (0x3)

"PAVSRV"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\PVSW\\BIN\\w3dbsmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Maxime\\Application Data\\Vijeo-Runtime\\192.42.172.67\\public\\bin\\Koohi.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-05-18 67968]

R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]

R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-19 29744]

S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]

S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - AegisP

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - Compbatt

*Deregistered* - Dnscache

*Deregistered* - EAPPkt

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - ip6fw

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - irda

*Deregistered* - Irmon

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LexBceS

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PAVDRV

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - ScsiAccess

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SLService

*Deregistered* - SlWdmSup

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - Tcpip6

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - tunmp

*Deregistered* - UMWdf

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - viaagp

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - wanatw

*Deregistered* - WANMiniportService

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - WZCSVC

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b32896-8c3c-11dc-8a1e-00038a000015}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-diagnostic manager - c:\docume~1\Maxime\LOCALS~1\Temp\3304565328.exe

MSConfigStartUp-msavsc - c:\program files\Microsoft Security Adviser\msavsc.exe

MSConfigStartUp-msctrl - c:\program files\Microsoft Security Adviser\msctrl.exe

MSConfigStartUp-msfw - c:\program files\Microsoft Security Adviser\msfw.exe

MSConfigStartUp-msiemon - c:\program files\Microsoft Security Adviser\msiemon.exe

MSConfigStartUp-mssadv - c:\program files\Microsoft Security Adviser\msfw.exe

MSConfigStartUp-msscan - c:\program files\Microsoft Security Adviser\msscan.exe

MSConfigStartUp-reader_s - c:\windows\System32\reader_s.exe

MSConfigStartUp-sms - c:\windows\sms.exe

MSConfigStartUp-windows resurections - c:\docume~1\Maxime\LOCALS~1\Temp\kygxeiz84.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = wmplayer.exe

uInternet Settings,ProxyServer = 192.42.172.254:80

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Maxime\Application Data\Mozilla\Firefox\Profiles\glikdr29.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-14 22:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6to4]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Apple Mobile Device]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ImagePath"="Cf\WINDOWS\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1c30c3b9]

"ImagePath"="\SystemRoot\System32\drivers\1c30c3b9.sys"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\accdeb50]

"ImagePath"="\SystemRoot\System32\drivers\accdeb50.sys"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\0*2*ú%åw]

"DisplayName"=""

"DeviceDesc"=""

"ProviderName"="00"

"MFG"="???????????"

"ReinstallString"="???\16?\13\09"

"DeviceInstanceIds"=multi:"r\\2kxp_inf\\cx_06366.inf\00"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(1376)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\hsf73ikmdf3f.dll

c:\windows\system32\ds43g4nfjkn93.dll

c:\program files\Bonjour\mdnsNSP.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\lexbces.exE

c:\windows\system32\ScsiAccess.EXE

c:\windows\system32\slserv.exe

c:\windows\system32\wdfmgr.exe

c:\windows\wanmpsvc.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

c:\docume~1\Maxime\LOCALS~1\temp\3847072816.exe

.

**************************************************************************

.

Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by

ComboFix-quarantined-files.txt 2009-04-14 20:55

ComboFix2.txt 2009-04-11 10:33

ComboFix3.txt 2009-04-01 18:03

ComboFix4.txt 2009-03-30 22:50

ComboFix5.txt 2009-04-14 20:27

 

Avant-CF: 16,542,715,904 octets libres

Après-CF: 16,547,971,072 octets libres

 

458 --- E O F --- 2009-03-16 07:30

maxou39 Junior Member

maxou39

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

 

et merci de ton aide.

J'ai fait ce que tu m'as dit.

Lors de l'execution de combofix l'ordi a redémarré 2 fois.

 

Voici le rapport généré par combofix :

 

ComboFix 09-04-14.09 - Maxime 2009-04-14 22:32.5 - NTFSx86

Lancé depuis: c:\down\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Maxime\reader_s.exe

c:\windows\dhcp\svchost.exe

c:\windows\system32\comsa32.sys

c:\windows\system32\drivers\ovfsth.sys

c:\windows\system32\drivers\ovfsthalkddoqwsnsulvmttmsnbegceyjalsgq.sys

c:\windows\system32\ovfsthbicjejgbgyhceqrkqykpkopxpgspgnqq.dll

c:\windows\system32\ovfsthfqgpinluyurwlvhannrwqubfhyxthqoj.dll

c:\windows\system32\ovfsthnefbpunlxdgjpreyjtphqimadrgnilvk.dat

c:\windows\system32\ovfsthvrsbrrpibfwkklhtffiewxnlvnsbfnqf.dll

c:\windows\system32\ovfsthxuintymaxtfniqxovtnlbyvgcklkomec.dat

c:\windows\system32\tdctxte.exe

 

c:\windows\system32\userinit.exe . . . est infecté!!

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_ovfsthwvivbnykteooqxrxhkdkbwemxewfelwm

-------\Legacy_afisicx

-------\Legacy_dhcpsrv

-------\Legacy_sopidkc

-------\Legacy_tdctxte

-------\Service_afisicx

-------\Service_dhcpsrv

-------\Service_restore

-------\Service_sopidkc

-------\Service_tdctxte

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))

.

 

2009-04-14 20:26 . 2006-03-02 22:42 73728 ----a-w C:\pv.exe

2009-04-14 19:27 . 2009-04-14 19:27 325 ----a-w c:\windows\KillProcess.INI

2009-04-14 16:47 . 2009-04-14 16:47 -------- d-----w C:\rsit

2009-04-14 16:46 . 2009-04-14 20:25 -------- d-----w C:\Down

2009-04-14 15:01 . 2008-04-14 02:34 162304 ----a-w C:\tm.exe

2009-04-08 06:32 . 2009-04-08 06:32 155 ----a-w c:\windows\system32\SelfDel.bat

2009-04-08 06:32 . 2009-04-08 06:32 15000 ----a-w c:\windows\system32\ds43g4nfjkn93.dll

2009-04-08 06:31 . 2009-04-08 06:31 84045 ----a-w c:\windows\system32\ftp_non_crp.exe

2009-04-08 06:21 . 2009-04-14 20:32 -------- d-----w c:\windows\dhcp

2009-04-08 06:18 . 2009-04-08 06:33 -------- d-sh--r c:\program files\ThunMail

2009-04-08 06:17 . 2009-04-07 18:59 21704 ----a-w c:\windows\system32\rr.exe

2009-04-08 06:17 . 2009-04-08 06:17 213120 -c--a-w c:\windows\system32\dllcache\ndis.sys

2009-04-08 06:17 . 2009-04-14 20:44 90350 ----a-w c:\windows\system32\drivers\accdeb50.sys

2009-04-08 06:17 . 2009-04-08 06:17 705 ----a-w C:\ytiva.exe

2009-04-08 06:17 . 2009-04-08 06:17 21504 ----a-w C:\gyekuc.exe

2009-04-08 06:16 . 2009-04-08 06:16 2 ----a-w C:\1156295225

2009-04-08 06:16 . 2009-04-08 06:16 15000 ----a-w c:\windows\system32\hsf73ikmdf3f.dll

2009-04-03 17:22 . 2009-04-14 20:44 105170 ----a-w c:\windows\system32\drivers\1c30c3b9.sys

2009-04-03 16:49 . 2009-04-08 06:35 41984 ----a-w C:\0xf9.exe

2009-04-03 16:42 . 2008-04-14 02:33 54784 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll

2009-04-03 16:42 . 2008-04-14 02:33 54784 ----a-w c:\windows\system32\vfwwdm32.dll

2009-04-03 16:42 . 2003-03-19 10:44 45056 ----a-w c:\windows\system32\MFC71CHT.DLL

2009-04-03 16:41 . 2006-12-12 15:56 104 ----a-w c:\windows\system32\drivers\EC168Hid.dat

2009-04-03 16:41 . 2006-07-31 09:56 4096 ----a-w c:\windows\system32\HUCoInstaller.dll

2009-04-03 16:41 . 2007-05-18 11:18 67968 ----a-w c:\windows\system32\drivers\EC168BDA.sys

2009-04-03 16:41 . 2007-02-26 09:40 7107 ----a-w c:\windows\system32\drivers\EC168BDA.bin

2009-04-03 16:41 . 2009-04-03 16:41 -------- d-----w c:\program files\Genius

2009-04-03 09:18 . 2007-06-01 05:13 238848 ------r c:\windows\system32\drivers\BLKWGU.sys

2009-04-03 09:18 . 2009-04-03 09:18 21035 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-04-03 09:17 . 2006-12-18 08:07 14523 ------w c:\windows\system32\drivers\string.ini

2009-04-03 09:17 . 2006-11-15 14:23 38144 ----a-w c:\windows\system32\drivers\EAPPkt.sys

2009-04-03 09:17 . 2009-04-03 09:17 -------- d-----w c:\program files\Belkin

2009-04-03 09:16 . 2009-04-03 09:16 -------- d-----w c:\documents and settings\Maxime\Application Data\InstallShield

2009-03-26 17:51 . 2009-03-26 17:54 -------- d-----w C:\32788R22FWJFW.0.tmp

2009-03-26 16:45 . 2009-03-26 16:45 -------- d-----w c:\program files\Trend Micro

2009-03-26 16:34 . 2009-03-26 16:33 311808 ----a-w c:\windows\sms.ex_

2009-03-26 16:33 . 2009-03-26 16:33 311808 ----a-w c:\windows\spool.ex_

2009-03-26 15:59 . 2009-03-26 15:59 -------- d-----w c:\documents and settings\Maxime\Application Data\Talkback

2009-03-23 13:54 . 2009-03-26 16:35 162 --sha-w c:\windows\system32\1156295225.dat

2009-03-23 13:54 . 2009-03-23 13:53 41472 --sh--r c:\windows\system32\advpack.dlln.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-12 07:25 . 2009-04-03 16:50 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

2009-04-09 15:20 . 2005-01-15 17:12 -------- d-----w c:\program files\Budget Familial

2009-04-08 06:17 . 2003-01-26 12:57 213120 ----a-w c:\windows\system32\drivers\ndis.sys

2009-04-07 16:29 . 2005-01-28 17:20 -------- d-----w c:\program files\Budget Rotary

2009-04-03 16:41 . 2003-01-26 13:36 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-01 17:11 . 2008-07-18 12:35 -------- d-----w c:\program files\EoRezo

2009-04-01 17:11 . 2008-07-18 12:35 -------- d-----w c:\documents and settings\Maxime\Application Data\EoRezo

2009-04-01 16:27 . 2006-11-04 14:34 -------- d-----w c:\documents and settings\Maxime\Application Data\Skype

2009-04-01 06:27 . 2008-07-18 12:35 -------- d-----w c:\program files\ItsLabel

2009-03-29 13:02 . 2003-01-26 12:57 49054 ----a-w c:\windows\system32\perfc00C.dat

2009-03-29 13:02 . 2003-01-26 12:57 368314 ----a-w c:\windows\system32\perfh00C.dat

2009-03-26 10:35 . 2008-06-28 13:03 -------- d-----w c:\program files\TomTom HOME 2

2009-03-05 10:16 . 2007-04-02 11:56 -------- d-----w c:\documents and settings\All Users\Application Data\EBP

2009-03-05 10:16 . 2005-02-22 07:33 -------- d-----w c:\documents and settings\Maxime\Application Data\EBP

2009-03-05 10:15 . 2009-03-05 10:13 -------- d--h--w c:\documents and settings\All Users\Application Data\{C95A54B6-9527-4037-8135-C31A156AA451}

2009-03-05 10:13 . 2003-05-13 17:16 -------- d-----w c:\program files\EBP

2009-02-14 15:26 . 2009-02-14 15:26 -------- d-----w c:\program files\Axis Communications

2009-02-09 14:05 . 2003-01-26 12:57 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-05 15:40 . 2009-03-05 10:15 3715072 ----a-w c:\windows\system32\cdintf300.dll

2008-09-30 17:09 . 2005-11-02 09:05 113128 ----a-w c:\documents and settings\Maxime\Application Data\GDIPFONTCACHEV1.DAT

2008-07-18 17:07 . 2003-05-09 16:34 116520 ----a-w c:\documents and settings\Maxime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-02-17 18:35 . 2005-08-29 11:56 112632 ----a-w c:\documents and settings\Myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-16 19:55 . 2006-01-16 19:55 112632 ----a-w c:\documents and settings\Viviane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-01-06 19:02 . 2006-01-06 18:52 278528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2003-09-25 23:24 . 2003-09-25 23:24 1187840 ----a-w c:\program files\Fichiers communs\vfp8rfra.dll

2003-09-25 20:36 . 2003-09-25 20:36 4300800 ----a-w c:\program files\Fichiers communs\vfp8r.dll

2003-09-25 19:47 . 2003-09-25 19:47 1150976 ----a-w c:\program files\Fichiers communs\VFP8RENU.DLL

2001-09-06 06:00 . 2001-09-06 06:00 1700352 ----a-w c:\program files\Fichiers communs\gdiplus.dll

1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w c:\program files\Fichiers communs\IRAABOUT.DLL

1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w c:\program files\Fichiers communs\IRAMDMTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w c:\program files\Fichiers communs\IRALPTTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w c:\program files\Fichiers communs\IRAWEBTR.DLL

1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w c:\program files\Fichiers communs\IRAREG.DLL

1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w c:\program files\Fichiers communs\IRASRIAL.DLL

2008-09-19 08:2008-09-19 08:27 27:20 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-03-30 22:2008-08-11 08:31 04:36 . c:\program files\mozilla firefox\components\jar50.dll

2009-03-30 22:2008-08-11 08:31 04:37 . c:\program files\mozilla firefox\components\jsd3250.dll

2009-03-30 22:2008-08-11 08:31 04:40 . c:\program files\mozilla firefox\components\xpinstal.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5bf49a0-94f3-42bd-f434-3604812c8955}]

2009-04-08 06:32 15000 ----a-w c:\windows\system32\ds43g4nfjkn93.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 34304]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1714176]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 151552]

"Diagnostic Manager"="c:\docume~1\Maxime\LOCALS~1\Temp\3229876768.exe" [2009-04-14 21505]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 208896]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 434176]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"spool"="c:\windows\spool.exe" [bU]

"DeluxeCD"="c:\test\CDPLAYER.EXE" [1999-12-07 356624]

"DataLayer"="c:\program files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1125888]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 315392]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]

"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-02 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 34304]

"InetChk"="c:\windows\TEMP\ms1239172062.exe" [bU]

"svc"="c:\program files\ThunMail\testabd.exe" [bU]

"Windows Resurections"="c:\windows\TEMP\j3rvuau4me.exe" [bU]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2009-4-3 1585152]

Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 48640]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 86068]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFolderOptions"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{B2BA40A2-74F3-42BD-F434-2604812C8954}"= "c:\windows\system32\hsf73ikmdf3f.dll" [2009-04-08 15000]

"{D5BF49A0-94F3-42BD-F434-3604812C8955}"= "c:\windows\system32\ds43g4nfjkn93.dll" [2009-04-08 15000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\windows\explorer.exe,"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.PIM1"= pclepim1.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Icône AOL.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Icône AOL.lnk

backup=c:\windows\pss\Icône AOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk

backup=c:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk

backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WallADay.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WallADay.lnk

backup=c:\windows\pss\WallADay.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^Pervasive.SQL Workgroup Engine.lnk]

path=c:\documents and settings\Maxime\Menu Démarrer\Programmes\Démarrage\Pervasive.SQL Workgroup Engine.lnk

backup=c:\windows\pss\Pervasive.SQL Workgroup Engine.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\load]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\run]

???? [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-23 19:33 57344 ----a-w c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

2003-03-11 16:06 126976 ----a-w c:\program files\Panda Software\Panda Antivirus Titanium\Apvxdwin.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-09-19 08:27 29744 ----a-w c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]

2007-04-26 14:19 2928640 ----a-w c:\program files\ItsLabel\ItsTV.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2002-07-18 16:36 28672 ----a-w c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\moneyagent]

2002-07-17 10:00 225343 ----a-w c:\program files\Microsoft Money\System\mnyexpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2008-08-11 08:33 69632 ----a-w c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NsUpdate]

2004-05-04 10:56 79547 ----a-r c:\windows\NsUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

2005-03-22 07:39 167936 ----a-w c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

2005-04-20 07:57 847872 ----a-w c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

2003-12-04 11:34 406016 ----a-w c:\windows\system32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2006-10-13 16:20 20058152 ----a-w c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2006-09-14 05:57 155896 ----a-w c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe]

2008-08-11 08:33 185896 ----a-w c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2008-12-09 10:12 234856 ----a-w c:\program files\TomTom HOME 2\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2002-11-18 23:00 65536 ----a-w c:\windows\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"HidServ"=2 (0x2)

"gusvc"=3 (0x3)

"GoogleDesktopManager-061008-081103"=3 (0x3)

"PAVSRV"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\PVSW\\BIN\\w3dbsmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Maxime\\Application Data\\Vijeo-Runtime\\192.42.172.67\\public\\bin\\Koohi.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-05-18 67968]

R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]

R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-19 29744]

S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]

S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]

 

 

--- Autres Services/Pilotes en mémoire ---

 

*Deregistered* - AegisP

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - Compbatt

*Deregistered* - Dnscache

*Deregistered* - EAPPkt

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fastfat

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - ip6fw

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - irda

*Deregistered* - Irmon

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LexBceS

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PAVDRV

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasirda

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - ScsiAccess

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SLService

*Deregistered* - SlWdmSup

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - Tcpip6

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - tunmp

*Deregistered* - UMWdf

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - viaagp

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - wanatw

*Deregistered* - WANMiniportService

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - WZCSVC

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15b32896-8c3c-11dc-8a1e-00038a000015}]

\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-diagnostic manager - c:\docume~1\Maxime\LOCALS~1\Temp\3304565328.exe

MSConfigStartUp-msavsc - c:\program files\Microsoft Security Adviser\msavsc.exe

MSConfigStartUp-msctrl - c:\program files\Microsoft Security Adviser\msctrl.exe

MSConfigStartUp-msfw - c:\program files\Microsoft Security Adviser\msfw.exe

MSConfigStartUp-msiemon - c:\program files\Microsoft Security Adviser\msiemon.exe

MSConfigStartUp-mssadv - c:\program files\Microsoft Security Adviser\msfw.exe

MSConfigStartUp-msscan - c:\program files\Microsoft Security Adviser\msscan.exe

MSConfigStartUp-reader_s - c:\windows\System32\reader_s.exe

MSConfigStartUp-sms - c:\windows\sms.exe

MSConfigStartUp-windows resurections - c:\docume~1\Maxime\LOCALS~1\Temp\kygxeiz84.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = wmplayer.exe

uInternet Settings,ProxyServer = 192.42.172.254:80

uInternet Settings,ProxyOverride = *.local

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Maxime\Application Data\Mozilla\Firefox\Profiles\glikdr29.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-14 22:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\6to4]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Apple Mobile Device]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ImagePath"="Cf\WINDOWS\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ImagePath"="c:\windows\TEMP\VRT2.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1c30c3b9]

"ImagePath"="\SystemRoot\System32\drivers\1c30c3b9.sys"

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\accdeb50]

"ImagePath"="\SystemRoot\System32\drivers\accdeb50.sys"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\0*2*ú%åw]

"DisplayName"=""

"DeviceDesc"=""

"ProviderName"="00"

"MFG"="???????????"

"ReinstallString"="???\16?\13\09"

"DeviceInstanceIds"=multi:"r\\2kxp_inf\\cx_06366.inf\00"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(1376)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\hsf73ikmdf3f.dll

c:\windows\system32\ds43g4nfjkn93.dll

c:\program files\Bonjour\mdnsNSP.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\lexbces.exE

c:\windows\system32\ScsiAccess.EXE

c:\windows\system32\slserv.exe

c:\windows\system32\wdfmgr.exe

c:\windows\wanmpsvc.exe

c:\program files\Java\jre1.6.0_07\bin\jucheck.exe

c:\docume~1\Maxime\LOCALS~1\temp\3847072816.exe

.

**************************************************************************

.

Heure de fin: ~,10time:~,-3machine was rebootedCombobatch-by

ComboFix-quarantined-files.txt 2009-04-14 20:55

ComboFix2.txt 2009-04-11 10:33

ComboFix3.txt 2009-04-01 18:03

ComboFix4.txt 2009-03-30 22:50

ComboFix5.txt 2009-04-14 20:27

 

Avant-CF: 16,542,715,904 octets libres

Après-CF: 16,547,971,072 octets libres

 

458 --- E O F --- 2009-03-16 07:30

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Beaucoup de fichiers à traiter encore.

 

Quelques questions auparavant. ComboFix avait déjà été exécuté sur cette machine, je me trompe ? En quelles circonstances, quand ?

maxou39 Junior Member

maxou39

Posté(e)
  • Auteur
Posté(e)

Non tu as raison combofix a déja été lancé il y a une dizaine de jours environ.

Mon frangin a essayé de se dépanner sur le forum de commentcamarche.

Mais il n'avait plus de réponse avec son correspondant.

Alors il m'a demandé de l'aider.

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Ok. C'est bien une nouvelle version de ComboFix que tu as exécuté, ou celle déjà présente ?

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bon, on poursuit.

 

Télécharge CFScript.txt et enregistre le sur ton bureau.

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
     
    CFScriptB-4.gif
  • Une fenêtre bleue va apparaître, valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...