RESOLU a l'aide SVp : System alert et Spyware alert
Dernière réponse : dans Sécurité
Bonjour,
J'ai un gros souci : des pops up intempestifs System Alert et Spyware Alert qui m'ouvre des pages internet soit disant pour telecharger des outils de nettoyage.
Comme je l'ai lu dans une discussion precedente ( mais different etresolu) , j'ai appliqué ceci :
SmitFraudFix v2.262
Rapport fait à 22:02:31,81, 11/12/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\WINSOS\WINSOS.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\jokvip.exe PRESENT !
C:\WINDOWS\leorop.dll PRESENT !
C:\WINDOWS\nopzet.dll PRESENT !
C:\WINDOWS\retnsrp.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris
C:\DOCUME~1\HP_PRO~1\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Favoris\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
C:\DOCUME~1\HP_PRO~1\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Bureau\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\RichVideoCodec\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.116.30
DNS Server Search Order: 85.255.112.19
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.116.30
DNS Server Search Order: 85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
J'ai un gros souci : des pops up intempestifs System Alert et Spyware Alert qui m'ouvre des pages internet soit disant pour telecharger des outils de nettoyage.
Comme je l'ai lu dans une discussion precedente ( mais different etresolu) , j'ai appliqué ceci :
SmitFraudFix v2.262
Rapport fait à 22:02:31,81, 11/12/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\WINSOS\WINSOS.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\jokvip.exe PRESENT !
C:\WINDOWS\leorop.dll PRESENT !
C:\WINDOWS\nopzet.dll PRESENT !
C:\WINDOWS\retnsrp.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris
C:\DOCUME~1\HP_PRO~1\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Favoris\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
C:\DOCUME~1\HP_PRO~1\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Bureau\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\RichVideoCodec\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.116.30
DNS Server Search Order: 85.255.112.19
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.116.30
DNS Server Search Order: 85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Autres pages sur : resolu aide svp system alert spyware alert
Lassé par la pub ? Créez un compte
Bonjour,
Redémarrem en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste les rapports Hijackthis et SmitfraudFix.
Redémarrem en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste les rapports Hijackthis et SmitfraudFix.
Bonjour ;
Voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:31, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: OFK System - {5F1F01A9-4013-4C28-90E9-8C50F03B5E37} - C:\WINDOWS\blopenvkgq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: The retnsrp - {AAA535B5-251D-4B8F-A8D0-0D3A29C7309E} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: leorop - {3304F570-09B8-4812-A1F6-333AC2FF9AE4} - C:\WINDOWS\leorop.dll
O21 - SSODL: nopzet - {C312BDBD-C16E-4B54-8320-61619522205C} - C:\WINDOWS\nopzet.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10664 bytes
++++++++++++++++++++++++++++++++++++++++++++
et le second :
SmitFraudFix v2.262
Rapport fait à 14:12:16,34, 12/12/2007
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\jokvip.exe supprimé
C:\WINDOWS\leorop.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{3304F570-09B8-4812-A1F6-333AC2FF9AE4}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3304F570-09B8-4812-A1F6-333AC2FF9AE4}]
C:\WINDOWS\nopzet.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{C312BDBD-C16E-4B54-8320-61619522205C}]
C:\WINDOWS\retnsrp.dll supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Error Cleaner.url supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Privacy Protector.url supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Spyware?Malware Protection.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Error Cleaner.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Privacy Protector.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Spyware?Malware Protection.url supprimé
C:\Program Files\RichVideoCodec\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
++++++++++++++++++++++++++++++++++++++
Voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:31, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: OFK System - {5F1F01A9-4013-4C28-90E9-8C50F03B5E37} - C:\WINDOWS\blopenvkgq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: The retnsrp - {AAA535B5-251D-4B8F-A8D0-0D3A29C7309E} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: leorop - {3304F570-09B8-4812-A1F6-333AC2FF9AE4} - C:\WINDOWS\leorop.dll
O21 - SSODL: nopzet - {C312BDBD-C16E-4B54-8320-61619522205C} - C:\WINDOWS\nopzet.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10664 bytes
++++++++++++++++++++++++++++++++++++++++++++
et le second :
SmitFraudFix v2.262
Rapport fait à 14:12:16,34, 12/12/2007
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\jokvip.exe supprimé
C:\WINDOWS\leorop.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{3304F570-09B8-4812-A1F6-333AC2FF9AE4}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3304F570-09B8-4812-A1F6-333AC2FF9AE4}]
C:\WINDOWS\nopzet.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{C312BDBD-C16E-4B54-8320-61619522205C}]
C:\WINDOWS\retnsrp.dll supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Error Cleaner.url supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Privacy Protector.url supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Spyware?Malware Protection.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Error Cleaner.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Privacy Protector.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Spyware?Malware Protection.url supprimé
C:\Program Files\RichVideoCodec\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
++++++++++++++++++++++++++++++++++++++
C'est déjà mieux ?
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Bonjour,
Oui c'est vrai que ca va mieux .....
Voici le rapport :
++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 07-12-12.3 - HP_Propriétaire 2007-12-12 18:07:54.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\search_res.txt
C:\WINDOWS\winsys.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))))))))
.
2007-12-11 20:31 . 2007-12-11 20:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-11 20:30 . 2007-12-12 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 14:25 . 2007-12-11 14:25 <REP> d-------- C:\Program Files\AxBx
2007-12-11 14:15 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-11 14:15 . 2007-12-11 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2007-12-11 14:01 . 2007-12-11 19:58 <REP> d-------- C:\Program Files\Winsos
2007-12-11 11:38 . 2006-06-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-11 11:38 . 2007-08-19 19:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 11:38 . 2006-06-01 06:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-11 11:14 . 2007-12-11 11:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 12:44 . 2007-12-10 12:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-11-25 22:30 . 2007-11-25 22:35 <REP> d-------- C:\Program Files\PhotoFiltre
2007-11-25 12:06 . 2007-11-25 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-14 16:48 . 2007-11-14 16:48 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
2007-11-14 13:03 . 2007-11-14 13:03 <REP> d-------- C:\Program Files\Yahoo!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 17:29 1,439,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-12 17:27 18,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-12 13:12 4,600 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-12 13:02 2,060 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-12 13:02 18,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 19:47 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-11 19:47 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-11 15:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-11 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2007-12-10 21:35 --------- d-----w C:\Program Files\Gamenext
2007-12-10 17:57 253,952 ----a-w C:\WINDOWS\blopenvkgq.dll
2007-12-10 13:15 --------- d-----w C:\Program Files\Total Video Converter
2007-11-25 11:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Creative
2007-11-23 22:14 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2007-11-18 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 16:47 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\muvee Technologies
2007-11-14 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-14 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 15:50 --------- d-----w C:\Program Files\muvee Technologies
2007-11-14 15:50 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-11-07 22:47 --------- d-----w C:\Program Files\Creative
2007-11-06 23:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 22:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-06 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-02 16:07 --------- d-----w C:\Program Files\STOIK
2007-10-30 14:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 14:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-29 10:28 --------- d-----w C:\Program Files\Zylom Games
2007-10-28 20:23 --------- d-----w C:\Program Files\GamesBar
2007-10-28 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-28 12:52 --------- d-----w C:\Program Files\D-Tools
2007-10-28 12:26 --------- d-----w C:\Program Files\EA GAMES
2007-10-27 21:54 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FileZilla
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 23:16 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-17 23:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-17 23:15 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-17 23:14 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37}]
2007-12-10 18:57 253952 --a------ C:\WINDOWS\blopenvkgq.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AAA535B5-251D-4B8F-A8D0-0D3A29C7309E}"= C:\WINDOWS\retnsrp.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{aaa535b5-251d-4b8f-a8d0-0d3a29c7309e}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{9E328EC6-4840-42A4-B849-4DCADF3E68AE}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [2007-05-15 12:53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b01f9d-50a6-11dc-a9aa-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea35efa-5c62-11dc-a9d0-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea35efc-5c62-11dc-a9d0-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b385e2f-7b09-11dc-aa0f-00025b00cbbe}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724983a0-4e83-11dc-a99f-0016ecba35da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724983a1-4e83-11dc-a99f-0016ecba35da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94155bc-56e0-11dc-a9bd-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 18:28:27
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-12 18:33:12
.
2007-12-11 18:57:22 --- E O F ---
+++++++++++++++++++++++++++++++++++++++++++++++++++
Oui c'est vrai que ca va mieux .....
Voici le rapport :
++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 07-12-12.3 - HP_Propriétaire 2007-12-12 18:07:54.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\search_res.txt
C:\WINDOWS\winsys.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))))))))
.
2007-12-11 20:31 . 2007-12-11 20:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-11 20:30 . 2007-12-12 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 14:25 . 2007-12-11 14:25 <REP> d-------- C:\Program Files\AxBx
2007-12-11 14:15 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-11 14:15 . 2007-12-11 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2007-12-11 14:01 . 2007-12-11 19:58 <REP> d-------- C:\Program Files\Winsos
2007-12-11 11:38 . 2006-06-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-11 11:38 . 2007-08-19 19:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 11:38 . 2006-06-01 06:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-11 11:14 . 2007-12-11 11:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 12:44 . 2007-12-10 12:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-11-25 22:30 . 2007-11-25 22:35 <REP> d-------- C:\Program Files\PhotoFiltre
2007-11-25 12:06 . 2007-11-25 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-14 16:48 . 2007-11-14 16:48 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
2007-11-14 13:03 . 2007-11-14 13:03 <REP> d-------- C:\Program Files\Yahoo!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 17:29 1,439,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-12 17:27 18,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-12 13:12 4,600 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-12 13:02 2,060 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-12 13:02 18,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 19:47 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-11 19:47 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-11 15:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-11 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2007-12-10 21:35 --------- d-----w C:\Program Files\Gamenext
2007-12-10 17:57 253,952 ----a-w C:\WINDOWS\blopenvkgq.dll
2007-12-10 13:15 --------- d-----w C:\Program Files\Total Video Converter
2007-11-25 11:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Creative
2007-11-23 22:14 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2007-11-18 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 16:47 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\muvee Technologies
2007-11-14 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-14 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 15:50 --------- d-----w C:\Program Files\muvee Technologies
2007-11-14 15:50 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-11-07 22:47 --------- d-----w C:\Program Files\Creative
2007-11-06 23:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 22:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-06 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-02 16:07 --------- d-----w C:\Program Files\STOIK
2007-10-30 14:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 14:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-29 10:28 --------- d-----w C:\Program Files\Zylom Games
2007-10-28 20:23 --------- d-----w C:\Program Files\GamesBar
2007-10-28 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-28 12:52 --------- d-----w C:\Program Files\D-Tools
2007-10-28 12:26 --------- d-----w C:\Program Files\EA GAMES
2007-10-27 21:54 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FileZilla
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 23:16 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-17 23:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-17 23:15 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-17 23:14 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37}]
2007-12-10 18:57 253952 --a------ C:\WINDOWS\blopenvkgq.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AAA535B5-251D-4B8F-A8D0-0D3A29C7309E}"= C:\WINDOWS\retnsrp.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{aaa535b5-251d-4b8f-a8d0-0d3a29c7309e}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{9E328EC6-4840-42A4-B849-4DCADF3E68AE}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [2007-05-15 12:53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b01f9d-50a6-11dc-a9aa-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea35efa-5c62-11dc-a9d0-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea35efc-5c62-11dc-a9d0-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b385e2f-7b09-11dc-aa0f-00025b00cbbe}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724983a0-4e83-11dc-a99f-0016ecba35da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724983a1-4e83-11dc-a99f-0016ecba35da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94155bc-56e0-11dc-a9bd-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 18:28:27
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-12 18:33:12
.
2007-12-11 18:57:22 --- E O F ---
+++++++++++++++++++++++++++++++++++++++++++++++++++
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\blopenvkgq.dll
C:\WINDOWS\retnsrp.dll
Folder::
C:\Program Files\WINSOS
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AAA535B5-251D-4B8F-A8D0-0D3A29C7309E}"=-
[-HKEY_CLASSES_ROOT\clsid\{aaa535b5-251d-4b8f-a8d0-0d3a29c7309e}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{9E328EC6-4840-42A4-B849-4DCADF3E68AE}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINSOS VERIFY"=-
C:\WINDOWS\blopenvkgq.dll
C:\WINDOWS\retnsrp.dll
Folder::
C:\Program Files\WINSOS
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AAA535B5-251D-4B8F-A8D0-0D3A29C7309E}"=-
[-HKEY_CLASSES_ROOT\clsid\{aaa535b5-251d-4b8f-a8d0-0d3a29c7309e}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{9E328EC6-4840-42A4-B849-4DCADF3E68AE}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINSOS VERIFY"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Bonsoir ;
Pas de reboot ....
Voila ComboFix :
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 19:17:48
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-12 19:19:34
C:\ComboFix2.txt ... 2007-12-12 18:33
.
2007-12-11 18:57:22 --- E O F ---
+++++++++++++++++++++++++++++++++
et HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:09, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11721 bytes
+++++++++++++++++++++++++++++++++++++++++++++++++
Pas de reboot ....
Voila ComboFix :
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 19:17:48
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-12 19:19:34
C:\ComboFix2.txt ... 2007-12-12 18:33
.
2007-12-11 18:57:22 --- E O F ---
+++++++++++++++++++++++++++++++++
et HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:09, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11721 bytes
+++++++++++++++++++++++++++++++++++++++++++++++++
Il est complet le rapport ?
Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.
Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
**Si le lien ne fonctionne pas, clique [#ff0000]ici**
Lance le fix (FixWareout.exe), clique sur Next puis Install.
Assure-toi que Run fixit soit bien activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Au final, poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.
Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
**Si le lien ne fonctionne pas, clique [#ff0000]ici**
Lance le fix (FixWareout.exe), clique sur Next puis Install.
Assure-toi que Run fixit soit bien activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Au final, poste le contenu du rapport C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
Bonsoir ,
Oui le rapport precedent était complet !
Voici celui de FixWareout :
Username "HP_Propriétaire" - 12/12/2007 19:51:06 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.30 85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D79A5205-D146-4139-BBEE-E66B91533ECD}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DB663096-3DD7-46FE-BFBD-853005F6867C}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DB663096-3DD7-46FE-BFBD-853005F6867C}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"PCMService"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"BTUSRBDG"="BtUsrBdg.exe"
"BTSETBOOTKEY"="BTSetBootKey.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
"V0230Mon.exe"="C:\\WINDOWS\\system32\\V0230Mon.exe"
"AVFX Engine"="C:\\Program Files\\Creative\\Creative Live! Cam\\VideoFX\\StartFX.exe"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"VirusKeeper"="C:\\Program Files\\AxBx\\VirusKeeper 2008 Pro Evaluation\\VirusKeeper.exe"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\WINDOWS\system32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"AlcoholAutomount"="\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Creative Live! Cam Manager"="\"C:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe\""
"ccleaner"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /AUTO"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Puis Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:07, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Spyware Doctor\SDLoader.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10346 bytes
++++++++++++++++++++++++++++++++++++++++
Oui le rapport precedent était complet !
Voici celui de FixWareout :
Username "HP_Propriétaire" - 12/12/2007 19:51:06 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.30 85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D79A5205-D146-4139-BBEE-E66B91533ECD}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DB663096-3DD7-46FE-BFBD-853005F6867C}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}
"nameserver"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DB663096-3DD7-46FE-BFBD-853005F6867C}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}
"DhcpNameServer"="85.255.116.30,85.255.112.19" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"PCMService"="\"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"BTUSRBDG"="BtUsrBdg.exe"
"BTSETBOOTKEY"="BTSetBootKey.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
"V0230Mon.exe"="C:\\WINDOWS\\system32\\V0230Mon.exe"
"AVFX Engine"="C:\\Program Files\\Creative\\Creative Live! Cam\\VideoFX\\StartFX.exe"
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"VirusKeeper"="C:\\Program Files\\AxBx\\VirusKeeper 2008 Pro Evaluation\\VirusKeeper.exe"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\WINDOWS\system32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"AlcoholAutomount"="\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Creative Live! Cam Manager"="\"C:\\Program Files\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe\""
"ccleaner"="\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /AUTO"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Puis Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:07, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Spyware Doctor\SDLoader.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10346 bytes
++++++++++++++++++++++++++++++++++++++++
Bonsoir,
Voila le scan :
ComboFix 07-12-12.3 - HP_Propriétaire 2007-12-12 21:36:48.3 - NTFSx86
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))))))))
.
2007-12-11 22:03 . 2007-12-12 14:12 4,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-11 20:34 . 2007-12-12 21:15 90,980 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-11 20:34 . 2007-12-12 21:15 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-11 20:31 . 2007-12-11 20:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-11 20:30 . 2007-12-12 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 20:30 . 2007-12-12 21:53 1,646,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-11 20:30 . 2007-12-12 21:54 26,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-11 20:30 . 2007-12-12 19:52 22,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 20:30 . 2007-12-12 19:52 3,116 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-11 14:25 . 2007-12-11 14:25 <REP> d-------- C:\Program Files\AxBx
2007-12-11 14:16 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-11 14:16 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-11 14:16 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-11 14:16 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-11 14:15 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-11 14:15 . 2007-12-11 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2007-12-11 14:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-11 14:01 . 1999-03-03 15:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-11 11:38 . 2006-06-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-11 11:38 . 2007-08-19 19:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 11:38 . 2006-06-01 06:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-11 11:14 . 2007-12-11 11:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 12:44 . 2007-12-10 12:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-12-08 12:13 . 2007-12-08 12:13 268 --ah----- C:\sqmdata03.sqm
2007-12-08 12:13 . 2007-12-08 12:13 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 00:24 . 2007-12-01 00:24 268 --ah----- C:\sqmdata02.sqm
2007-12-01 00:24 . 2007-12-01 00:24 244 --ah----- C:\sqmnoopt02.sqm
2007-11-25 22:30 . 2007-11-25 22:35 <REP> d-------- C:\Program Files\PhotoFiltre
2007-11-25 12:06 . 2007-11-25 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-14 16:48 . 2007-11-14 16:48 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
2007-11-14 13:03 . 2007-11-14 13:03 <REP> d-------- C:\Program Files\Yahoo!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-11 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2007-12-10 21:35 --------- d-----w C:\Program Files\Gamenext
2007-12-10 13:15 --------- d-----w C:\Program Files\Total Video Converter
2007-11-25 11:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Creative
2007-11-23 22:14 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2007-11-18 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 16:47 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\muvee Technologies
2007-11-14 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-14 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 15:50 --------- d-----w C:\Program Files\muvee Technologies
2007-11-14 15:50 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-11-07 22:47 --------- d-----w C:\Program Files\Creative
2007-11-06 23:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 22:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-06 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-02 16:07 --------- d-----w C:\Program Files\STOIK
2007-10-30 14:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 14:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-29 10:28 --------- d-----w C:\Program Files\Zylom Games
2007-10-28 20:23 --------- d-----w C:\Program Files\GamesBar
2007-10-28 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-28 12:52 --------- d-----w C:\Program Files\D-Tools
2007-10-28 12:26 --------- d-----w C:\Program Files\EA GAMES
2007-10-27 21:54 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FileZilla
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 21:55:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-12 22:01:47
C:\ComboFix2.txt ... 2007-12-12 19:19
C:\ComboFix3.txt ... 2007-12-12 18:33
.
2007-12-11 18:57:22 --- E O F ---
++++++++++++++++++++++++++++++++++++++++
Voila !!
Voila le scan :
ComboFix 07-12-12.3 - HP_Propriétaire 2007-12-12 21:36:48.3 - NTFSx86
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))))))))
.
2007-12-11 22:03 . 2007-12-12 14:12 4,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-11 20:34 . 2007-12-12 21:15 90,980 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-11 20:34 . 2007-12-12 21:15 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-11 20:31 . 2007-12-11 20:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-11 20:30 . 2007-12-12 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 20:30 . 2007-12-12 21:53 1,646,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-11 20:30 . 2007-12-12 21:54 26,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-11 20:30 . 2007-12-12 19:52 22,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 20:30 . 2007-12-12 19:52 3,116 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-11 14:25 . 2007-12-11 14:25 <REP> d-------- C:\Program Files\AxBx
2007-12-11 14:16 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-11 14:16 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-11 14:16 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-11 14:16 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-11 14:15 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-11 14:15 . 2007-12-11 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2007-12-11 14:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-11 14:01 . 1999-03-03 15:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-11 11:38 . 2006-06-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-11 11:38 . 2007-08-19 19:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 11:38 . 2006-06-01 06:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-11 11:14 . 2007-12-11 11:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 12:44 . 2007-12-10 12:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-12-08 12:13 . 2007-12-08 12:13 268 --ah----- C:\sqmdata03.sqm
2007-12-08 12:13 . 2007-12-08 12:13 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 00:24 . 2007-12-01 00:24 268 --ah----- C:\sqmdata02.sqm
2007-12-01 00:24 . 2007-12-01 00:24 244 --ah----- C:\sqmnoopt02.sqm
2007-11-25 22:30 . 2007-11-25 22:35 <REP> d-------- C:\Program Files\PhotoFiltre
2007-11-25 12:06 . 2007-11-25 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-14 16:48 . 2007-11-14 16:48 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
2007-11-14 13:03 . 2007-11-14 13:03 <REP> d-------- C:\Program Files\Yahoo!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-11 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2007-12-10 21:35 --------- d-----w C:\Program Files\Gamenext
2007-12-10 13:15 --------- d-----w C:\Program Files\Total Video Converter
2007-11-25 11:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Creative
2007-11-23 22:14 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2007-11-18 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 16:47 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\muvee Technologies
2007-11-14 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-14 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 15:50 --------- d-----w C:\Program Files\muvee Technologies
2007-11-14 15:50 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-11-07 22:47 --------- d-----w C:\Program Files\Creative
2007-11-06 23:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 22:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-06 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-02 16:07 --------- d-----w C:\Program Files\STOIK
2007-10-30 14:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 14:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-29 10:28 --------- d-----w C:\Program Files\Zylom Games
2007-10-28 20:23 --------- d-----w C:\Program Files\GamesBar
2007-10-28 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-28 12:52 --------- d-----w C:\Program Files\D-Tools
2007-10-28 12:26 --------- d-----w C:\Program Files\EA GAMES
2007-10-27 21:54 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FileZilla
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 21:55:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-12 22:01:47
C:\ComboFix2.txt ... 2007-12-12 19:19
C:\ComboFix3.txt ... 2007-12-12 18:33
.
2007-12-11 18:57:22 --- E O F ---
++++++++++++++++++++++++++++++++++++++++
Voila !!
Re,
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
Bonsoir :
Voila le rapport Btfix :
++++++++++++++++++++++++++++++++++++
BTFix 1.066 (par bibi26) - 13/12/2007 19:04:12 - Analyse
Lancé depuis C:\Documents and Settings\HP_Propriétaire\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Program Files\GamesBar
- C:\Documents and Settings\All Users\Application Data\GamesBar
---> Analyse terminée
++++++++++++++++++++++++++++++++++++++++++++++++++
Voila le rapport Btfix :
++++++++++++++++++++++++++++++++++++
BTFix 1.066 (par bibi26) - 13/12/2007 19:04:12 - Analyse
Lancé depuis C:\Documents and Settings\HP_Propriétaire\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Program Files\GamesBar
- C:\Documents and Settings\All Users\Application Data\GamesBar
---> Analyse terminée
++++++++++++++++++++++++++++++++++++++++++++++++++
Bonsoir ,
voici le rapport apres nettoyage :
BTFix 1.066 (par bibi26) - 13/12/2007 21:04:45 - Nettoyage - Mode sans échec
Lancé depuis C:\Documents and Settings\HP_Propriétaire\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\Program Files\GamesBar
- C:\Documents and Settings\All Users\Application Data\GamesBar
---> Nettoyage terminé
+++++++++++++++++++++++++
voici le rapport apres nettoyage :
BTFix 1.066 (par bibi26) - 13/12/2007 21:04:45 - Nettoyage - Mode sans échec
Lancé depuis C:\Documents and Settings\HP_Propriétaire\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\Program Files\GamesBar
- C:\Documents and Settings\All Users\Application Data\GamesBar
---> Nettoyage terminé
+++++++++++++++++++++++++
Bonsoir ,
Voila :
ComboFix 07-12-12.3 - HP_Propriétaire 2007-12-13 21:37:48.4 - NTFSx86
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.
2007-12-12 22:35 . 2007-12-12 22:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-12 22:35 . 2007-12-12 22:35 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-11 22:03 . 2007-12-12 14:12 4,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-11 20:34 . 2007-12-12 21:15 90,980 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-11 20:34 . 2007-12-12 21:15 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-11 20:31 . 2007-12-11 20:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-11 20:30 . 2007-12-13 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 20:30 . 2007-12-13 21:48 2,019,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-11 20:30 . 2007-12-13 21:48 41,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-11 20:30 . 2007-12-13 21:01 28,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 20:30 . 2007-12-13 21:01 4,748 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-11 14:25 . 2007-12-11 14:25 <REP> d-------- C:\Program Files\AxBx
2007-12-11 14:16 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-11 14:16 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-11 14:16 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-11 14:16 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-11 14:15 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-11 14:15 . 2007-12-11 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2007-12-11 14:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-11 14:01 . 1999-03-03 15:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-11 11:38 . 2006-06-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-11 11:38 . 2007-08-19 19:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 11:38 . 2006-06-01 06:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-11 11:14 . 2007-12-11 11:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 12:44 . 2007-12-10 12:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-12-08 12:13 . 2007-12-08 12:13 268 --ah----- C:\sqmdata03.sqm
2007-12-08 12:13 . 2007-12-08 12:13 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 00:24 . 2007-12-01 00:24 268 --ah----- C:\sqmdata02.sqm
2007-12-01 00:24 . 2007-12-01 00:24 244 --ah----- C:\sqmnoopt02.sqm
2007-11-25 22:30 . 2007-11-25 22:35 <REP> d-------- C:\Program Files\PhotoFiltre
2007-11-25 12:06 . 2007-11-25 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-14 16:48 . 2007-11-14 16:48 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
2007-11-14 13:03 . 2007-11-14 13:03 <REP> d-------- C:\Program Files\Yahoo!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-10 21:35 --------- d-----w C:\Program Files\Gamenext
2007-12-10 13:15 --------- d-----w C:\Program Files\Total Video Converter
2007-11-25 11:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Creative
2007-11-23 22:14 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2007-11-18 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 16:47 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\muvee Technologies
2007-11-14 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-14 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 15:50 --------- d-----w C:\Program Files\muvee Technologies
2007-11-14 15:50 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 22:47 --------- d-----w C:\Program Files\Creative
2007-11-06 23:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 22:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-06 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-02 16:07 --------- d-----w C:\Program Files\STOIK
2007-10-30 14:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 14:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-30 09:57 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 10:28 --------- d-----w C:\Program Files\Zylom Games
2007-10-28 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-28 12:52 --------- d-----w C:\Program Files\D-Tools
2007-10-28 12:26 --------- d-----w C:\Program Files\EA GAMES
2007-10-27 21:54 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FileZilla
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-10-11 05:59 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:59 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:59 620,032 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:59 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:59 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:59 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:59 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:59 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:59 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:59 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:59 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:59 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:59 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:59 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:59 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:59 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:59 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-12_18.30.41,28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:19:25 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
- 2007-08-22 12:57:25 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 05:59:18 1,024,512 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 12:57:25 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 05:59:18 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-08-22 12:57:26 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 05:59:21 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-08-22 12:57:26 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 05:59:22 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 12:57:26 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 05:59:22 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 12:57:26 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 05:59:22 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-22 12:57:26 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 05:59:22 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-22 12:57:26 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 05:59:22 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 12:57:26 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 05:59:22 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-22 12:57:28 3,085,824 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 09:57:54 3,086,848 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 12:57:28 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 05:59:26 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-22 12:57:28 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 05:59:26 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 12:57:28 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 05:59:27 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-22 12:57:28 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 05:59:27 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-22 12:57:29 1,498,624 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 05:59:28 1,498,624 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-08-22 12:57:30 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 05:59:28 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-22 12:57:30 620,032 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 05:59:29 620,032 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-22 12:57:30 669,696 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 05:59:29 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 21:48:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-13 21:50:16
C:\ComboFix2.txt ... 2007-12-12 22:01
C:\ComboFix3.txt ... 2007-12-12 19:19
.
2007-12-13 11:00:21 --- E O F ---
Voila :
ComboFix 07-12-12.3 - HP_Propriétaire 2007-12-13 21:37:48.4 - NTFSx86
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.
2007-12-12 22:35 . 2007-12-12 22:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-12 22:35 . 2007-12-12 22:35 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-11 22:03 . 2007-12-12 14:12 4,600 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-11 20:34 . 2007-12-12 21:15 90,980 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-11 20:34 . 2007-12-12 21:15 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-11 20:31 . 2007-12-11 20:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-11 20:30 . 2007-12-13 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 20:30 . 2007-12-13 21:48 2,019,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-11 20:30 . 2007-12-13 21:48 41,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-11 20:30 . 2007-12-13 21:01 28,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 20:30 . 2007-12-13 21:01 4,748 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-11 14:25 . 2007-12-11 14:25 <REP> d-------- C:\Program Files\AxBx
2007-12-11 14:16 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-11 14:16 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-11 14:16 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-11 14:16 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-11 14:15 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-11 14:15 . 2007-12-11 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2007-12-11 14:15 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-11 14:01 . 1999-03-03 15:50 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-11 11:38 . 2006-06-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-11 11:38 . 2007-08-19 19:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 11:38 . 2006-06-01 06:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-11 11:14 . 2007-12-11 11:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 12:44 . 2007-12-10 12:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-12-08 12:13 . 2007-12-08 12:13 268 --ah----- C:\sqmdata03.sqm
2007-12-08 12:13 . 2007-12-08 12:13 244 --ah----- C:\sqmnoopt03.sqm
2007-12-01 00:24 . 2007-12-01 00:24 268 --ah----- C:\sqmdata02.sqm
2007-12-01 00:24 . 2007-12-01 00:24 244 --ah----- C:\sqmnoopt02.sqm
2007-11-25 22:30 . 2007-11-25 22:35 <REP> d-------- C:\Program Files\PhotoFiltre
2007-11-25 12:06 . 2007-11-25 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-14 16:48 . 2007-11-14 16:48 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
2007-11-14 13:03 . 2007-11-14 13:03 <REP> d-------- C:\Program Files\Yahoo!
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-10 21:35 --------- d-----w C:\Program Files\Gamenext
2007-12-10 13:15 --------- d-----w C:\Program Files\Total Video Converter
2007-11-25 11:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Creative
2007-11-23 22:14 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2007-11-18 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 16:47 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\muvee Technologies
2007-11-14 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-14 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 15:50 --------- d-----w C:\Program Files\muvee Technologies
2007-11-14 15:50 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 22:47 --------- d-----w C:\Program Files\Creative
2007-11-06 23:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 22:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-06 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-02 16:07 --------- d-----w C:\Program Files\STOIK
2007-10-30 14:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 14:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-30 09:57 3,086,848 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 10:28 --------- d-----w C:\Program Files\Zylom Games
2007-10-28 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-28 12:52 --------- d-----w C:\Program Files\D-Tools
2007-10-28 12:26 --------- d-----w C:\Program Files\EA GAMES
2007-10-27 21:54 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FileZilla
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-10-11 05:59 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:59 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:59 620,032 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:59 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:59 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:59 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:59 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:59 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:59 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:59 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:59 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:59 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:59 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:59 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:59 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:59 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:59 1,024,512 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-12_18.30.41,28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:19:25 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
- 2007-08-22 12:57:25 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 05:59:18 1,024,512 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 12:57:25 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 05:59:18 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-08-22 12:57:26 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 05:59:21 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-08-22 12:57:26 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 05:59:22 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 12:57:26 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 05:59:22 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 12:57:26 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 05:59:22 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-22 12:57:26 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 05:59:22 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-22 12:57:26 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 05:59:22 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:31:21 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 12:57:26 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 05:59:22 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-22 12:57:28 3,085,824 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 09:57:54 3,086,848 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 12:57:28 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 05:59:26 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-22 12:57:28 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 05:59:26 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 12:57:28 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 05:59:27 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-22 12:57:28 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 05:59:27 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-22 12:57:29 1,498,624 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 05:59:28 1,498,624 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-08-22 12:57:30 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 05:59:28 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-22 12:57:30 620,032 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 05:59:29 620,032 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-22 12:57:30 669,696 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 05:59:29 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 21:48:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-13 21:50:16
C:\ComboFix2.txt ... 2007-12-12 22:01
C:\ComboFix3.txt ... 2007-12-12 19:19
.
2007-12-13 11:00:21 --- E O F ---
Reposte un rapport Hijackthis.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Bonsoirrrrr............. !!!
D'abord merci, vous etes vraiment sympa !!
Alors, voila le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:28, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9910 bytes
+++++++++++++++++++++++++++++++++++++++++++++++
Et je parviens pas a envoyer sur le site de malekal le fichier zippé !
J'ai essayé de le renommer en .zip et idem, je ne parviens pas a l'uploader
D'abord merci, vous etes vraiment sympa !!
Alors, voila le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:28, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9910 bytes
+++++++++++++++++++++++++++++++++++++++++++++++
Et je parviens pas a envoyer sur le site de malekal le fichier zippé !
J'ai essayé de le renommer en .zip et idem, je ne parviens pas a l'uploader
Lassé par la pub ? Créez un compte
- Contenus similaires :
Tags :
- ForumSystem Alert : Spyware Detected !! Besoin d'Aide
- Forum[RESOLU] Pop de "System Alert: Adware & Spyware"
- ForumSystem Alert: Adware & Spyware... [résolu]
- Forumsystem alert aidez moi svp [Résolu]
- ForumSystem alert,detécte spyware&malware
- Forumsystem alert number spyware
- ForumSystem Alert : Spyware, Adware, Popups !!!
- ForumSystem alert : Adware and spyware
- ForumVirus Alert! et System Alert: Adware & Spyware (impossible a enlever!!!)
- ForumSystem Alert: Spyware Detected...
- Voir plus