besoin d'aide pour rapport hijackthis

[sanka974]

je suis nouveau en utilisation de forum,j'ais choper un virus aidez moi svp

[sanka974]

voici le rapport

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:20:16, on 28/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\windows\System32\WLTRYSVC.EXE

C:\windows\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device

 

Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\windows\system32\svchost.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\windows\system32\svchost.exe

C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Windows Live\installer\WLSetupSvc.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://www.ask.com/?o=13928&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

Liens

O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll -

 

{A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll

O3 - Toolbar: Lexmark Barre d'outils -

 

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark

 

Toolbar\toolband.dll

O3 - Toolbar: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835}

 

- C:\Program Files\AstroburnBar\tbAst0.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -

 

C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program

 

Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ

 

Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [LXCYCATS] rundll32

 

C:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'Default user')

O4 - Startup: zqosys32.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... -

 

C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 -

 

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth

 

Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -

 

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth

 

Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network

 

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

 

C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

 

http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection

 

Control) -

 

http://www.touslesdrivers.com/fichiers/har...dwaredetection_

 

2_0_4_9.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient

 

Class) -

 

http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)

 

- http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

 

C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: vtuturp - vtuturp.dll (file missing)

O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)

O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf -

 

{A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll

O22 - SharedTaskScheduler: Apartment - ThreadingModel - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

 

Files\Fichiers communs\Apple\Mobile Device

 

Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program

 

Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

 

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

 

Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

 

Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

 

Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -

 

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel

 

Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program

 

Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

 

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ICF - Unknown owner -

 

C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program

 

Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

 

Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers

 

communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program

 

Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers

 

communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel

 

Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel

 

Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited -

 

C:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited

 

- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program

 

Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program

 

Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program

 

Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner -

 

C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown

 

owner - C:\windows\System32\WLTRYSVC.EXE

 

--

End of file - 10639 bytes

 

 

--------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:20:16, on 28/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\windows\System32\WLTRYSVC.EXE

C:\windows\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\windows\Explorer.EXE

C:\windows\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile DeviceSupport\bin\AppleMobileDeviceService.exe

C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

C:\Program Files\Fichierscommuns\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\windows\system32\svchost.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\windows\system32\svchost.exe

C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Windows Live\installer\WLSetupSvc.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Fichiers communs\Lenovo\Logger\logmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.ask.com/?o=13928&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =Liens

O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll -{A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll

O3 - Toolbar: Lexmark Barre d'outils -{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\LexmarkToolbar\toolband.dll

O3 - Toolbar: AstroburnBar Toolbar - {e802027b-1f2b-40bd-b307-0bd96d036835}- C:\Program Files\AstroburnBar\tbAst0.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -{EF99BD32-C1FB-11D2-892F-0090271D4F88} -C:\ProgramFiles\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\ProgramFiles\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJConsole Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [LXCYCATS] rundll32C:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE(User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE(User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE(User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE(User 'Default user')

O4 - Startup: zqosys32.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel -res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... -C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 -{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\BluetoothSoftware\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\BluetoothSoftware\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\NetworkDiagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ProgramFiles\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetectionControl) -http://www.touslesdrivers.com/fichiers/har...dwaredetection_2_0_4_9.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClientClass) -http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)- http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: vtuturp - vtuturp.dll (file missing)

O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)

O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf -{A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll

O22 - SharedTaskScheduler: Apartment - ThreadingModel - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\ProgramFiles\Fichiers communs\Apple\Mobile DeviceSupport\bin\AppleMobileDeviceService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\ProgramFiles\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AlwilSoftware\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\ProgramFiles\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AlwilSoftware\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - IntelCorporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\ProgramFiles\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\ProgramFiles\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ICF - Unknown owner -C:\WINDOWS\system32\svchost.exe:exe.exe (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\ProgramFiles\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\ProgramFiles\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichierscommuns\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\ProgramFiles\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichierscommuns\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - IntelCorporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - IntelCorporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited -C:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited- C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\ProgramFiles\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\ProgramFiles\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\ProgramFiles\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner -C:\Program Files\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\windows\System32\WLTRYSVC.EXE

Modifié le 28 juillet 2009 par angelique
rapport remis en forme !

[angelique]

• telecharge sur ton bureau /!\ et passe l'option2 de http://eric.71.mespages.googlepages.com/ToolBarSD.exe

 

tuto:: http://forums.cnetfrance.fr/index.php?showtopic=107828

 

poste le rapport

 

*´¨ )

,.•´¸.•*¨) ¸.•*¨)

(¸.•´ : (¸.•´ : (´¸.•*´¯`*•

» Télécharge combofix.exe (par sUBs) » et sauvegarde le sur ton bureau , pas ailleurs!!!!!

 

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

 

http://imagesup.org/images/1238940640-cfdl.jpg

http://imagesup.org/images/1240127722-cfsave.jpg

 

 

 

Les Antivirus couinent sur ComboFix (Nircmd ....), faut autoriser ou désactiver temporairement son AV , ainsi que la demande d'access à la zone sure si le firewall couine , il faut autoriser \o/

 

* Double-clique combofix.exe, accepte le CluF qui s'affiche, afin de l'exécuter et suis les instructions.

* installe la console de recuperation quand ComboFix te le demande , soit connecté!

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

.*´¨ )

,.•´¸.•*¨) ¸.•*¨)

(¸.•´ : (¸.•´ : (´¸.•*´¯`*•

[sanka974]

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® M CPU 430 @ 1.73GHz )

BIOS : Ver 1.00PARTTBL

USER : Propriétaire ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090728-0] 4.8.1335 (Activated)

C:\ (Local Disk) - NTFS - Total:25 Go (Free:3 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:49 Go (Free:1 Go)

F:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 29/07/2009|14:58 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\windows\system32\mysidesearch_sidebar_uninstall.exe

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.ask.com/?o=13928&l=dis"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

C:\windows\system32\utstv.ini

C:\windows\system32\utstv.ini2

==> VUNDO <==

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\PROPRI~1\Bureau\jp\AppData\Roaming\Microsoft\Windows\Cookies\Low\jp@silentcracks.si.funpic[1].txt

C:\DOCUME~1\PROPRI~1\Bureau\jp\Desktop\virtual dj\AceCrack-VirtualDJ_2.04.exe

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 29/07/2009|14:59 - Option : [2]

 

-----------\\ Fin du rapport a 14:59:34,46

[angelique]

mouai on virera O23 - Service: ASKUpgrade - Unknown owner - C:\ProgramFiles\AskBarDis\bar\bin\ASKUpgrade.exe , avec ce qui reste à virer à la lecture du rapport de ComboFix.

[sanka974]

ComboFix 09-07-28.04 - Propriétaire 29/07/2009 15:19.1.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.214 [GMT 2:00]

Running from: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090728-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\dbar

c:\program files\dbar\basis.xml

c:\program files\dbar\channel.tmpl

c:\program files\dbar\content.tmpl

c:\program files\dbar\date.tmpl

c:\program files\dbar\dbaruninst.exe

c:\program files\dbar\deskbar.crc

c:\program files\dbar\deskbar.inf

c:\program files\dbar\edit_rss.tmpl

c:\program files\dbar\local.xml

c:\program files\dbar\nav1.bmp

c:\program files\dbar\nav2.bmp

c:\program files\dbar\new_alert.tmpl

c:\program files\dbar\version.ini

c:\program files\dbar\version.txt

c:\program files\IE Extensions

c:\program files\outlook

c:\program files\sFX

c:\program files\sFX\sfX.sYs

c:\program files\winvi

c:\program files\winvi\dsktp\AC_RunActiveContent.js

c:\program files\winvi\dsktp\desktop.html

c:\program files\winvi\dsktp\internetDetection.swf

c:\program files\winvi\dsktp\settings.sol

c:\program files\winvi\icons\removespyware.ico

c:\program files\winvi\version.ini

c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556

c:\recycler\S-1-5-21-1550561406-5551245603-642160598-3582

c:\recycler\S-1-5-21-1844237615-746137067-725345543-500

c:\windows\010112010146118114.dat

c:\windows\0101120101464849.dat

c:\windows\934fdfg34fgjf23

c:\windows\BM231ff09a.txt

c:\windows\BM231ff09a.xml

c:\windows\cookies.ini

c:\windows\Fonts\services.exe

c:\windows\Install.txt

c:\windows\Installer\3546bc0d.msp

c:\windows\Installer\3779d3f.msp

c:\windows\pskt.ini

c:\windows\system32\{ccdbd5e1-1495-ee01-a0d2-68cdeb1a5075}.dll-uninst.exe

c:\windows\system32\certstore.dat

c:\windows\system32\comsa32.sys

c:\windows\system32\drivers\ntndis.sys

c:\windows\system32\dumphive.exe

c:\windows\system32\eqcrjdig.ini

c:\windows\system32\fgmscohr.ini

c:\windows\system32\FInstall.sys

c:\windows\system32\geyekrgyurowky.dat

c:\windows\system32\geyekrjmruotqy.dat

c:\windows\system32\IEDFix.exe

c:\windows\system32\Install.txt

c:\windows\system32\lssqvybr.ini

c:\windows\system32\lymtltyc.ini

c:\windows\system32\msncache.dll

c:\windows\system32\Nx.exe

c:\windows\system32\Process.exe

c:\windows\system32\sopidkc.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\tvgotmef.ini

c:\windows\system32\utstv.ini

c:\windows\system32\utstv.ini2

c:\windows\system32\VCCLSID.exe

c:\windows\system32\wiawow32.sys

c:\windows\system32\WS2Fix.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ICF

-------\Service_ICF

 

 

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))

.

 

2009-07-29 12:56 . 2009-07-29 12:59 -------- d-----w- C:\ToolBar SD

2009-07-27 17:21 . 2009-07-27 17:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

2009-07-27 17:20 . 2009-07-27 17:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-07-27 16:52 . 2009-07-27 16:52 -------- d-----w- C:\fdb0607b709ca8363c6cf6aded51

2009-07-27 16:51 . 2009-07-28 06:50 -------- d-----w- c:\windows\SxsCaPendDel

2009-07-27 16:22 . 2009-07-28 21:31 54 ----a-w- c:\windows\system32\rp_stats.dat

2009-07-27 16:22 . 2009-07-28 21:31 39 ----a-w- c:\windows\system32\rp_rules.dat

2009-07-27 16:22 . 2009-07-27 16:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-07-27 16:18 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-07-27 16:18 . 2009-07-27 16:18 -------- d-----w- c:\windows\ie8updates

2009-07-27 16:17 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-07-27 16:17 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-27 16:15 . 2009-07-27 16:17 -------- dc-h--w- c:\windows\ie8

2009-07-27 09:15 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2009-07-27 09:15 . 2009-05-19 15:43 139264 ----a-w- c:\windows\system32\hdjcprop.dll

2009-07-27 09:15 . 2008-03-27 15:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2009-07-27 09:13 . 2009-05-20 07:08 24576 ----a-w- c:\windows\system32\drivers\HDJCtrl.sys

2009-07-27 09:13 . 2009-05-20 07:08 122240 ----a-w- c:\windows\system32\drivers\HDJMidi.sys

2009-07-27 09:13 . 2009-05-20 07:08 125056 ----a-w- c:\windows\system32\drivers\HDJBulk.sys

2009-07-27 09:13 . 2009-05-20 07:08 172416 ----a-w- c:\windows\system32\drivers\HDJAsioK.sys

2009-07-27 09:13 . 2009-07-27 09:13 -------- d-----w- c:\program files\Guillemot

2009-07-27 09:13 . 2009-05-19 15:43 79872 ----a-w- c:\windows\system32\HerculesDJDevices.dll

2009-07-27 09:13 . 2009-05-19 14:56 106496 ----a-w- c:\windows\system32\HRFDongle.dll

2009-07-27 09:13 . 2008-04-28 09:29 27136 ----a-w- c:\windows\system32\HDJSAPI.dll

2009-07-27 09:13 . 2009-05-19 14:56 262144 ----a-w- c:\windows\system32\HDJAPI.dll

2009-07-27 09:13 . 2009-07-27 09:13 -------- d-----w- c:\program files\Hercules

2009-07-27 07:56 . 2009-07-27 07:47 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-07-27 07:48 . 2009-07-27 07:46 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-07-27 07:42 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe

2009-07-27 07:41 . 2009-07-28 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-07-27 07:41 . 2009-07-27 07:41 -------- d-----w- c:\program files\Lavasoft

2009-07-22 14:44 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-07-22 14:44 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-07-22 07:19 . 2009-07-28 06:56 -------- d-----w- C:\FindyKill

2009-07-18 11:39 . 2009-07-18 11:39 -------- d-----w- c:\program files\Trend Micro

2009-07-18 11:39 . 2009-07-27 07:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-07-16 20:37 . 2009-07-16 20:38 215279 ----a-w- C:\errigh.exe

2009-07-16 20:37 . 2009-07-16 20:37 59392 ----a-w- C:\ymws.exe

2009-07-16 20:37 . 2009-07-16 20:37 23040 --sha-w- c:\windows\system32\Adobek.dll

2009-07-16 20:36 . 2009-07-16 20:36 212224 -c--a-w- c:\windows\system32\dllcache\ndis.sys

2009-07-16 20:35 . 2009-07-16 20:37 212 --s-a-w- c:\windows\system32\224112670.dat

2009-07-16 20:35 . 2009-07-16 20:35 59392 --sh--r- c:\windows\system32\Adobec.exe

2009-07-06 21:25 . 2009-07-06 21:25 -------- d-----w- c:\windows\l2schemas

2009-07-06 21:25 . 2009-07-06 21:25 -------- d-----w- c:\windows\system32\fr

2009-07-06 21:25 . 2009-07-06 21:25 -------- d-----w- c:\windows\system32\bits

2009-07-06 21:23 . 2009-07-06 21:25 -------- d-----w- c:\windows\ServicePackFiles

2009-07-06 21:14 . 2009-07-06 21:14 -------- d-----w- c:\windows\EHome

2009-07-06 21:00 . 2009-07-06 21:00 -------- d-----w- c:\program files\Fichiers communs\Digidesign

2009-07-06 21:00 . 2009-07-06 21:04 -------- d-----w- c:\program files\Waves

2009-07-06 20:47 . 2009-07-06 20:47 -------- d-----w- c:\program files\PowerISO

2009-07-06 15:40 . 2009-07-06 15:40 -------- d-----w- c:\program files\uTorrent

2009-07-03 07:34 . 2009-07-03 07:35 -------- d-----w- c:\program files\Kellogg's Arctique

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-29 13:10 . 2008-03-12 19:15 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 4

2009-07-28 21:35 . 2008-03-18 15:56 -------- d-----w- c:\program files\Yahoo!

2009-07-28 21:26 . 2008-07-13 19:47 -------- d-----w- c:\program files\EoRezo

2009-07-28 18:55 . 2004-08-05 12:00 80706 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-28 18:55 . 2004-08-05 12:00 500720 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-27 09:15 . 2009-07-27 09:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HDJCtrl_01007.Wdf

2009-07-27 09:15 . 2009-07-27 09:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-07-27 09:13 . 2007-09-14 13:18 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-25 15:42 . 2007-09-16 17:18 -------- d-----w- c:\program files\lx_cats

2009-07-24 16:01 . 2008-05-16 16:06 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2009-07-24 16:00 . 2008-05-15 15:38 -------- d-----w- c:\program files\Norton Security Scan

2009-07-18 15:37 . 2008-03-12 19:20 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-16 20:36 . 2004-08-05 12:00 212224 ----a-w- c:\windows\system32\drivers\ndis.sys

2009-07-15 18:35 . 2007-09-20 18:33 -------- d-----w- c:\program files\MSN Messenger

2009-07-14 08:39 . 2007-10-31 06:30 -------- d-----w- c:\program files\TuxPaint

2009-07-06 21:26 . 2007-09-13 08:53 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-06-24 17:47 . 2007-11-04 17:15 -------- d-----w- c:\program files\Native Instruments

2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll

2009-05-13 05:04 . 2004-08-05 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-08-05 12:00 348672 ----a-w- c:\windows\system32\localspl.dll

2007-11-19 11:37 . 2007-11-19 11:34 11978626 -c--a-w- c:\program files\Virtu

.

 

------- Sigcheck -------

 

[7] 2004-08-05 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys

[-] 2009-07-16 20:36 212224 58357C46BEB236D8D1566F3530DDFBF2 c:\windows\system32\dllcache\ndis.sys

[-] 2009-07-16 20:36 212224 58357C46BEB236D8D1566F3530DDFBF2 c:\windows\system32\drivers\ndis.sys

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

 

c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\

zqosys32.exe [2008-4-14 28672]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2006-12-14 09:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"=ma_cmidn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.2.lnk]

path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk

backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^zqosys32.exe]

path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\zqosys32.exe

backup=c:\windows\pss\zqosys32.exeStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox 3 Beta 4\\firefox.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27/07/2009 09:48 64160]

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [28/02/2008 19:17 11264]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/07/2009 16:44 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/07/2009 16:44 20560]

R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [09/04/2007 10:24 54832]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/07/2007 20:38 569344]

R3 HDJCtrl;Hercules DJ Control MP3 Service;c:\windows\system32\drivers\HDJCtrl.sys [27/07/2009 11:13 24576]

R3 HDJMidi;Hercules DJ Control MP3 MIDI;c:\windows\system32\drivers\HDJMidi.sys [27/07/2009 11:13 122240]

R3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 15:59 30336]

S0 Duw71;Duw71; [x]

S2 riode32;riode32;\??\c:\windows\system32\drivers\riode32.sys --> c:\windows\system32\drivers\riode32.sys [?]

S3 {FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};\??\c:\windows\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3} --> c:\windows\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3} [?]

S3 rrau0001;rrau0001;c:\windows\system32\drivers\rrau0001.sys [13/02/2008 14:27 24576]

S3 rrwd0001;rrwd0001;c:\windows\system32\drivers\rrwd0001.sys [12/01/2008 09:38 71936]

S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\drivers\SaiH5F0D.sys [31/01/2009 22:15 176640]

S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\drivers\SaiU5F0D.sys [31/01/2009 22:16 27264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-07-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:45]

 

2009-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

 

2009-07-24 c:\windows\Tasks\Norton Security Scan for Propriétaire.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20]

.

- - - - ORPHANS REMOVED - - - -

 

SharedTaskScheduler-ThreadingModel - (no file)

Notify-vtuturp - vtuturp.dll

Notify-winbjt32 - winbjt32.dll

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?o=13928&l=dis

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\y5vu102d.default\

FF - prefs.js: browser.startup.homepage - hxxp://lo.st#

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-29 15:38

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3}]

"ImagePath"="\??\c:\windows\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3}"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,4a,7a,f1,81,15,b7,48,84,2f,37,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,4a,7a,f1,81,15,b7,48,84,2f,37,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,85,3d,2a,4c,46,

50,27,a8,c8,28,51,af,b0,29,a3,98,a8,a2,e7,21,c8,72,74,14,e2,63,26,f1,3f,c8,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,47,5e,fe,4a,ae,

b8,fe,e9,71,3b,04,66,8b,46,0d,96,9c,65,94,60,4e,b6,a6,de,6a,9c,d6,61,af,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,7f,2b,ec,54,a0,

17,5c,c7,25,da,ec,7e,55,20,c9,26,09,26,4d,e4,d6,7c,ff,c8,ff,7c,85,e0,43,d4,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,e9,52,6c,7f,39,

dc,d4,1f,3e,1e,9e,e0,57,5a,93,61,10,e9,e2,f2,a9,1e,85,52,86,8c,21,01,be,91,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,81,aa,83,d3,76,

ff,3e,48,cd,44,cd,b9,a6,33,6c,cd,54,a2,9f,65,fb,f4,bd,01,f5,1d,4d,73,a8,13,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,36,bc,42,29,a2,

a1,db,7f,b0,18,ed,a7,3f,8d,37,a4,0b,30,53,26,3b,f0,4d,b3,df,20,58,62,78,6b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,fd,15,ea,3e,6d,

37,6b,0c,31,77,e1,ba,b1,f8,68,02,61,42,3e,20,76,9d,83,1a,fb,a7,78,e6,12,2f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,fc,1a,50,c0,20,

9d,6b,33,83,6c,56,8b,a0,85,96,ab,b7,db,cd,f2,75,91,03,9b,01,3a,48,fc,e8,04,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,de,c8,7d,cc,bd,

74,ce,fc,51,fa,6e,91,28,9e,14,cc,71,a9,76,60,f3,33,3b,47,f6,0f,4e,58,98,5b,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,b7,72,80,62,77,

68,9d,65,b1,cd,45,5a,a8,c4,f8,b9,fe,20,74,c1,49,76,5e,c6,3d,ce,ea,26,2d,45,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a2,21,d8,59,0d,

30,fa,25,e3,0e,66,d5,eb,bc,2f,6b,99,c9,a8,65,c9,9f,3a,1c,2a,b7,cc,b5,b9,7f,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,c8,b8,5d,2c,d6,

57,03,58,fa,ea,66,7f,d4,3b,6b,70,c7,d5,e8,f4,fe,9a,85,18,6c,43,2d,1e,aa,22,\

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(1256)

c:\program files\Lenovo\HOTKEY\tphklock.dll

c:\windows\System32\BCMLogon.dll

 

- - - - - - - > 'explorer.exe'(8140)

c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\WLTRYSVC.EXE

c:\windows\system32\BCMWLTRY.EXE

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe

c:\windows\system32\msiexec.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

c:\program files\Windows Live\installer\WLSetupSvc.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Fichiers communs\Lenovo\Logger\logmon.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe

c:\windows\system32\lxcycoms.exe

.

**************************************************************************

.

Completion time: 2009-07-29 15:44 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-29 13:44

 

Pre-Run: 3 166 269 440 octets libres

Post-Run: 3 095 937 024 octets libres

 

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5

388 --- E O F --- 2009-07-28 18:58

[angelique]

avant de continuer , rends toi sur ce site : http://www.virustotal.com/

 

et fait analyser les 2 fichiers suivant:

 

c:\windows\system32\Adobek.dll

c:\windows\system32\Adobec.exe

 

 

Donne le lien de l'analyse

[sanka974]

[bonjour, je n'arrive pa a trouver le fichier system 32 dans windows:

 

c:\windows\system32\Adobek.dll

c:\windows\system32\Adobec.exe

 

ps: mortel le lien sur la radio reggae!!pull up

[angelique]

il faut afficher les dossiers\fichiers cachés...pour les voir , recommence.

 

Ouvre le poste de travail

Clic sur le menu outils en haut à droite puis options des dossiers

Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut

Coche dans la liste "Afficher les fichiers cachés"

Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"\appliquer

Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.

 

et scan ces 2 fichiers , puis donne le lien de chaque analyse

[sanka974]

http://www.virustotal.com/fr/analisis/7280...04cf-1247803206