[virus/spyware] message "system alert"(Résolu)
Forum Sécurité - Virus : [virus/spyware] message "system alert"(Résolu)
Re
Copie (Ctrl+C) le texte ci-dessous :
File::
C:\WINDOWS\system32\hixcfxut.dll
C:\WINDOWS\system32\vkwlrshb.dll
C:\WINDOWS\system32\orileskm.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\avpksakl.exe
C:\WINDOWS\system32\hwegjqkd.dll
C:\WINDOWS\system32\jmrnjuks.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AB62737-E602-4A8B-A104-48A2D9B9C735}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7dc54ca0-2362-4ceb-be92-1f19488c768d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
"{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[-HKEY_CLASSES_ROOT\clsid\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b89e382e"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hixcfxut]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Vous avez un problème ? Créez votre propre post !
Répondre à chercheur_
Voila :
RAPPORT COMBOFIX :
ComboFix 07-11-19.3 - Michael 2007-11-23 16:26:17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.635 [GMT 1:00]
Running from: C:\Documents and Settings\Michael\Bureau\Aide Virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Bureau\Aide Virus\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\avpksakl.exe
C:\WINDOWS\system32\hixcfxut.dll
C:\WINDOWS\system32\hwegjqkd.dll
C:\WINDOWS\system32\jmrnjuks.dll
C:\WINDOWS\system32\orileskm.dll
C:\WINDOWS\system32\vkwlrshb.dll
C:\WINDOWS\system32\vtutq.dll
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Michael\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Michael\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Michael\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\avpksakl.exe
C:\WINDOWS\system32\hixcfxut.dll
C:\WINDOWS\system32\hixcfxut.dllbox
C:\WINDOWS\system32\hwegjqkd.dll
C:\WINDOWS\system32\jmrnjuks.dll
C:\WINDOWS\system32\orileskm.dll
C:\WINDOWS\system32\vkwlrshb.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.
2007-11-23 12:54 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-11-23 12:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-23 12:54 364,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 12:54 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-23 12:54 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-23 12:54 6,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-23 12:54 5,324 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 12:54 1,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-23 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-22 17:23 <REP> d-------- C:\Program Files\Trend Micro
2007-11-21 20:07 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-11-21 20:07 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-11-21 20:07 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-11-21 20:07 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2007-11-21 20:07 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-11-21 20:07 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-11-21 20:07 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-11-21 20:07 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-11-21 20:07 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2007-11-21 20:07 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-11-21 20:07 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-11-20 19:39 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-18 15:08 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Sierra Entertainment
2007-11-18 14:35 <REP> d-------- C:\WINDOWS\85EBB28365AF4C539EBE7C0A232762F7.TMP
2007-11-13 23:35 <REP> d-------- C:\WINDOWS\system32\Adobe
2007-11-13 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creature House
2007-11-12 17:19 <REP> d-------- C:\Program Files\Driver-Soft
2007-11-12 17:19 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2007-11-07 21:12 <REP> d-------- C:\Program Files\Fichiers communs\NSV
2007-11-06 13:45 <REP> d-------- C:\Program Files\Flagship Studios
2007-10-31 23:53 113,222 --a--c--- C:\WINDOWS\system32\dllcache\zoneclim.dll
2007-10-31 23:53 41,029 --a--c--- C:\WINDOWS\system32\dllcache\zcorem.dll
2007-10-31 23:53 36,937 --a--c--- C:\WINDOWS\system32\dllcache\zclientm.exe
2007-10-31 23:53 29,760 --a--c--- C:\WINDOWS\system32\dllcache\znetm.dll
2007-10-31 23:53 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-10-31 23:53 13,894 --a--c--- C:\WINDOWS\system32\dllcache\zonelibm.dll
2007-10-31 23:53 8,484 --a------ C:\WINDOWS\system32\kanji_2.uce
2007-10-31 23:53 6,948 --a------ C:\WINDOWS\system32\kanji_1.uce
2007-10-31 23:53 4,677 --a--c--- C:\WINDOWS\system32\dllcache\zeeverm.dll
2007-10-27 23:54 <REP> d-------- C:\Program Files\SereneScreen
2007-10-27 23:47 <REP> d-------- C:\Program Files\ScreenSaver.com
2007-10-27 23:41 <REP> d-------- C:\Program Files\Inside the Cell 3D Screensaver
2007-10-27 23:38 290,816 --------- C:\WINDOWS\Living 3D Dolphins Full.scr
2007-10-27 23:34 <REP> d-------- C:\Program Files\Freeze.com
2007-10-23 16:10 <REP> d-------- C:\Documents and Settings\Michael\Application Data\dvdcss
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 06:32 --------- d-----w C:\Program Files\Abe's Exoddus
2007-11-21 18:44 --------- d-----w C:\Program Files\AV VCS 3.0
2007-11-21 18:26 --------- d-----w C:\Documents and Settings\Michael\Application Data\uTorrent
2007-11-20 18:48 --------- d-----w C:\Program Files\Winamp
2007-11-20 18:15 --------- d-----w C:\Program Files\Electronic Arts
2007-11-19 16:57 --------- d-----w C:\Program Files\eMule
2007-11-18 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 13:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-16 22:33 --------- d-----w C:\Documents and Settings\Michael\Application Data\Skype
2007-11-16 17:18 --------- d-----w C:\Program Files\Warcraft III
2007-11-13 22:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-13 18:29 --------- d-----w C:\Documents and Settings\Michael\Application Data\MegauploadToolbar
2007-11-10 18:42 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-11-10 10:13 --------- d-----w C:\Program Files\World of Warcraft
2007-11-06 11:06 --------- d-----w C:\Program Files\GUILD WARS
2007-11-05 18:47 --------- d-----w C:\Program Files\Anno 1701
2007-10-31 23:06 --------- d-----w C:\Program Files\MegauploadToolbar
2007-10-31 10:12 --------- d-----w C:\Program Files\UselessCreations
2007-10-31 10:10 --------- d-----w C:\Program Files\Diablo II
2007-10-31 10:10 --------- d-----w C:\Documents and Settings\Michael\Application Data\Dev-Cpp
2007-10-22 05:39 --------- d-----w C:\Program Files\Opera
2007-10-21 19:19 --------- d-----w C:\Program Files\TrackManiaDemoInternet
2007-10-21 12:10 --------- d-----w C:\Documents and Settings\Michael\Application Data\SEGA
2007-10-21 12:04 --------- d-----w C:\Program Files\SEGA
2007-10-20 20:25 --------- d-----w C:\Program Files\trackmania
2007-10-14 16:26 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo
2007-10-13 18:17 --------- d-----w C:\Program Files\Script Edit
2007-10-13 15:26 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-13 14:33 --------- d-----w C:\Program Files\Marvell
2007-10-13 14:33 --------- d-----w C:\Program Files\Dictionnaire
2007-10-13 13:51 --------- d-----w C:\Program Files\Intel
2007-10-13 13:51 --------- d-----w C:\Documents and Settings\Michael\Application Data\Intel
2007-10-13 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-10-10 05:45 --------- d-----w C:\Program Files\Western Digital Technologies
2007-10-08 15:51 --------- d-----w C:\Program Files\Java
2007-10-07 12:38 --------- d-----w C:\Program Files\Google
2007-10-01 14:01 --------- d-----w C:\Program Files\Ubisoft
2007-10-01 13:36 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-01 13:35 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-09-30 18:37 --------- d-----w C:\Program Files\EasyPHP 2.0b1
2007-09-30 12:09 --------- d-----w C:\Documents and Settings\Michael\Application Data\Hamachi
2007-09-23 11:51 --------- d-----w C:\Program Files\Bomberman Online International
2007-04-19 19:19 1 ----a-w C:\Documents and Settings\Michael\SI.bin
2001-09-16 17:44 33,085 -c--a-w C:\Documents and Settings\ji\maj.bat
2000-03-22 08:27 188,416 -c--a-w C:\Documents and Settings\ji\dict.exe
2007-07-13 16:10 12,208 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-11-23_12.32.59.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-28 15:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-06-27 16:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-04-04 13:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-06-28 11:50:52 22,457 ----a-w C:\WINDOWS\system32\drivers\klop.dat
+ 2007-06-28 11:51:48 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2007-11-23 15:34:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_240.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 17:43]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2006-11-08 02:22]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 13:20]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 00:37]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 11:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-10 15:07]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 15:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2006-12-15 18:23]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 18:55]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 01:32]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-02-27 15:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-06 17:38]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hixcfxut]
hixcfxut.dll
C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
R3 W8335XP;WL_54PCI 802.11b/g Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\MRV8335XP.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 NETMDSHA;MDSHA031;C:\WINDOWS\system32\Drivers\MDSHA031.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S3 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70aa7448-eaed-11da-a5ce-0211223381c6}]
\Shell\AutoRun\command - H:\autoplay.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 12:20:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-31 23:00:05 C:\WINDOWS\Tasks\Zenma Updater.exe.job"
- C:\Program Files\World of Warcraft\Zenmas Addon Pack\Zenma Updater.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 16:35:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-23 16:36:58 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-23 12:33
.
--- E O F ---
(Je présise qu'il y a eu une "erreur" pendant le scan de combofix...(apres toutes les étapes) une fenetre me disant qu'il y avait un probleme et que "je ne sais plus" devait etre fermé, on pouvait fermer/ignorer , jai choisi fermer, ensuite il y a eu sous dos un message disant "DED ou DEV n'est pas une commande reconnue".... enfin il a fait 2/3 trucs et il a redémaré le pc)
RAPPORT Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:16, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Marvell\Mrv8000x.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Michael\Local Settings\Temp\{6CCC7382-4510-4858-89F1-A1947E62BA10}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ [...] .3.102.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F613E1CF-8115-42A8-BDD5-7EAAD3C5D069}: NameServer = 84.103.237.143
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: hixcfxut - hixcfxut.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
--
End of file - 11210 bytes
PS
epuis la dernirere "manip" les messages d'erreurs ont "disparu" enfin je ne les ai pas encore revu.
