Pakes.csg probleme !!!
Dernière réponse : dans Sécurité
Bonjour a tous, voila, cet apres midi en allumant mon pc je me sui rendu compte que j'avais un virus car mon pc ramait enormement rien ne se lancait et en plus des insectes mangeaient mon ecran ![:ouch:]( ":ouch:")
signe evident d'un virus ^^ apres une petite recherhce il m'a paru evident que j'etait infecter par le virus pakes.csg, j'ai fait un scan avec ad aware qui a trouver qqchose que j'ai supprimer mais les problemes persistes, j'ai reussi a faire un scan avec hijackthis, je colle le log ici merci d'avance pour toutes vos reponses ![;)]( ";)")
Logfile of HijackThis v1.99.1
Scan saved at 22:45:37, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
K:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4647C2C7-9F3D-4220-87D9-43E617F67478} - C:\WINDOWS\system32\geBtRJCv.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [xldpagc] c:\documents and settings\hp_administrateur\local settings\application data\xldpagc.exe xldpagc
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: geBtRJCv - C:\WINDOWS\SYSTEM32\geBtRJCv.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vltdfabw - {12C83331-0D39-4A1D-832B-C65E1DB675A2} - C:\WINDOWS\vltdfabw.dll (file missing)
O21 - SSODL: vregfwlx - {1C52F1CE-C0F7-4E56-91F2-AFC3B48D2648} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: AvpStat - {590c34ee-e107-47f3-a125-4bfaf819d9a0} - C:\WINDOWS\Resources\AvpStat.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
signe evident d'un virus ^^ apres une petite recherhce il m'a paru evident que j'etait infecter par le virus pakes.csg, j'ai fait un scan avec ad aware qui a trouver qqchose que j'ai supprimer mais les problemes persistes, j'ai reussi a faire un scan avec hijackthis, je colle le log ici merci d'avance pour toutes vos reponses 
Logfile of HijackThis v1.99.1
Scan saved at 22:45:37, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
K:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4647C2C7-9F3D-4220-87D9-43E617F67478} - C:\WINDOWS\system32\geBtRJCv.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [xldpagc] c:\documents and settings\hp_administrateur\local settings\application data\xldpagc.exe xldpagc
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: geBtRJCv - C:\WINDOWS\SYSTEM32\geBtRJCv.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vltdfabw - {12C83331-0D39-4A1D-832B-C65E1DB675A2} - C:\WINDOWS\vltdfabw.dll (file missing)
O21 - SSODL: vregfwlx - {1C52F1CE-C0F7-4E56-91F2-AFC3B48D2648} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: AvpStat - {590c34ee-e107-47f3-a125-4bfaf819d9a0} - C:\WINDOWS\Resources\AvpStat.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
Autres pages sur : pakes csg probleme
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Merci de ta reponse, voila le rapport combofix
P.S: j'ai du lancer deux fois combofix car le premier scan s'est arreter en plein milieu .
ComboFix 08-05-29.1 - HP_Administrateur 2008-06-01 18:05:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.479 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
C:\Documents and Settings\HP_Administrateur\Application Data\hidires
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc.dat
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc_nav.dat
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc_navps.dat
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\WINDOWS\resources\AvpStat.dll
.
---- Previous Run -------
.
C:\Program Files\antiviirus.exe
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\WINDOWS\atfxqogp.dll
C:\WINDOWS\exefld
C:\WINDOWS\exefld\102703.exe
C:\WINDOWS\exefld\109781.exe
C:\WINDOWS\exefld\88703.exe
C:\WINDOWS\system32\818646
C:\WINDOWS\system32\818646\818646.dll
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\vregfwlx.dll
C:\WINDOWS\xmpstean.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
2008-05-31 17:33 . 2008-05-31 17:34 <REP> d-------- C:\Program Files\AXPDefender
2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-30 20:43 . 2008-05-30 20:43 33,920 --a------ C:\WINDOWS\system32\jkkhigFV.dll
2008-05-30 20:41 . 2008-05-30 20:41 33,920 --a------ C:\WINDOWS\system32\geBtRJCv.dll
2008-05-30 20:39 . 2008-06-01 17:37 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-30 20:39 . 2008-05-30 05:59 163,840 --a------ C:\WINDOWS\embd.exe
2008-05-30 20:39 . 2008-06-01 17:37 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-30 20:03 . 2008-05-30 20:03 <REP> d-------- C:\Program Files\Fake Webcam
2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
2008-06-01 15:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-06-01 15:54 --------- d-----w C:\Program Files\Steam
2008-05-31 15:40 --------- d-s---w C:\Program Files\Xfire
2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
2008-05-30 20:41 33920 --a------ C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23649E36-60C6-4433-880A-9DF59FC27342}"= "C:\WINDOWS\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
"TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 110592]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 03:29:28 3007824]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-07 12:14:03 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-07 11:24:42 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\geBtRJCv.dll [2008-05-30 20:41 33920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
geBtRJCv.dll 2008-05-30 20:41 33920 C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 18:13:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBtRJCv.dll
.
Temps d'accomplissement: 2008-06-01 18:15:47
ComboFix-quarantined-files.txt 2008-06-01 16:15:40
Pre-Run: 81,374,498,816 octets libres
Post-Run: 82,503,880,704 octets libres
282
P.S: j'ai du lancer deux fois combofix car le premier scan s'est arreter en plein milieu .
ComboFix 08-05-29.1 - HP_Administrateur 2008-06-01 18:05:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.479 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
C:\Documents and Settings\HP_Administrateur\Application Data\hidires
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc.dat
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc_nav.dat
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc_navps.dat
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\WINDOWS\resources\AvpStat.dll
.
---- Previous Run -------
.
C:\Program Files\antiviirus.exe
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\WINDOWS\atfxqogp.dll
C:\WINDOWS\exefld
C:\WINDOWS\exefld\102703.exe
C:\WINDOWS\exefld\109781.exe
C:\WINDOWS\exefld\88703.exe
C:\WINDOWS\system32\818646
C:\WINDOWS\system32\818646\818646.dll
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\vregfwlx.dll
C:\WINDOWS\xmpstean.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
2008-05-31 17:33 . 2008-05-31 17:34 <REP> d-------- C:\Program Files\AXPDefender
2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-30 20:43 . 2008-05-30 20:43 33,920 --a------ C:\WINDOWS\system32\jkkhigFV.dll
2008-05-30 20:41 . 2008-05-30 20:41 33,920 --a------ C:\WINDOWS\system32\geBtRJCv.dll
2008-05-30 20:39 . 2008-06-01 17:37 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-30 20:39 . 2008-05-30 05:59 163,840 --a------ C:\WINDOWS\embd.exe
2008-05-30 20:39 . 2008-06-01 17:37 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-30 20:03 . 2008-05-30 20:03 <REP> d-------- C:\Program Files\Fake Webcam
2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 15:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
2008-06-01 15:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-06-01 15:54 --------- d-----w C:\Program Files\Steam
2008-05-31 15:40 --------- d-s---w C:\Program Files\Xfire
2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
2008-05-30 20:41 33920 --a------ C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23649E36-60C6-4433-880A-9DF59FC27342}"= "C:\WINDOWS\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
"TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 110592]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 03:29:28 3007824]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-07 12:14:03 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-07 11:24:42 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\geBtRJCv.dll [2008-05-30 20:41 33920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
geBtRJCv.dll 2008-05-30 20:41 33920 C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 18:13:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBtRJCv.dll
.
Temps d'accomplissement: 2008-06-01 18:15:47
ComboFix-quarantined-files.txt 2008-06-01 16:15:40
Pre-Run: 81,374,498,816 octets libres
Post-Run: 82,503,880,704 octets libres
282
jpe pa utiliser mon pc donc j'ai vraiment besoind 'aide ^^ merci
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Voila j'ai fait comme tu m'a dit
P.S: J'ai fait "supprimmer la selection apres avoir enregistrer le rapport c'est pour ca qui y a ecrit no action taken![:D]( ":D")
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 815
20:40:56 03/06/2008
mbam-log-6-3-2008 (20-40-41).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 216618
Temps écoulé: 1 hour(s), 46 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBtRJCv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqQjJBR.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebtrjcv (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f5abb34f-676e-4763-8ee5-5fb41f1837a3} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5abb34f-676e-4763-8ee5-5fb41f1837a3} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1d0b9f7-f3c6-443a-af61-ad47771ace27} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{aaa0a546-2b51-4aed-b1e2-c14f38c73165} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ccdf25c (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjjbr -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\geBtRJCv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqQjJBR.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000001.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000002.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0001011.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0002010.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0003009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0004039.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005081.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005082.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005083.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005084.dll (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP5\A0007233.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\embd.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\jkkhigFV.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\AXPDefender\AXPDefender.exe.local (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\database.dat (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\license.txt (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\Uninstall.exe (Rogue.AdvancedXPDefender) -> No action taken.
C:\WINDOWS\system32\mpdaqhnh.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\All Users\Bureau\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> No action taken.
P.S: J'ai fait "supprimmer la selection apres avoir enregistrer le rapport c'est pour ca qui y a ecrit no action taken
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 815
20:40:56 03/06/2008
mbam-log-6-3-2008 (20-40-41).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 216618
Temps écoulé: 1 hour(s), 46 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 29
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\geBtRJCv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqQjJBR.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebtrjcv (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f5abb34f-676e-4763-8ee5-5fb41f1837a3} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5abb34f-676e-4763-8ee5-5fb41f1837a3} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1d0b9f7-f3c6-443a-af61-ad47771ace27} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{aaa0a546-2b51-4aed-b1e2-c14f38c73165} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ccdf25c (Trojan.Vundo) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjjbr -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\geBtRJCv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqQjJBR.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000001.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000002.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0001011.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0002010.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0003009.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0004039.scr (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005081.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005082.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005083.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005084.dll (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP5\A0007233.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\embd.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\jkkhigFV.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\AXPDefender\AXPDefender.exe.local (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\database.dat (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\license.txt (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> No action taken.
C:\Program Files\AXPDefender\Uninstall.exe (Rogue.AdvancedXPDefender) -> No action taken.
C:\WINDOWS\system32\mpdaqhnh.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\All Users\Bureau\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> No action taken.
voila je poste le log
ComboFix 08-05-29.1 - HP_Administrateur 2008-06-04 18:31:31.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.565 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\avjeifvk.ini
C:\WINDOWS\system32\hnhqadpm.ini
C:\WINDOWS\system32\pjljakri.ini
C:\WINDOWS\system32\RBJjQqru.ini
C:\WINDOWS\system32\RBJjQqru.ini2
C:\WINDOWS\system32\rkliorgw.ini
C:\WINDOWS\system32\vuunmnfx.ini
C:\WINDOWS\system32\wacMnUvw.ini
C:\WINDOWS\system32\wacMnUvw.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.
2008-06-04 12:29 . 2008-06-04 12:29 95,232 --a------ C:\WINDOWS\system32\irkajljp.dll
2008-06-04 10:34 . 2008-06-04 10:34 324,352 --a------ C:\WINDOWS\system32\wvUnMcaw.dll
2008-06-02 19:22 . 2008-06-02 19:22 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-06-02 19:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:21 . 2008-06-02 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 19:21 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 21:19 . 2008-06-01 21:19 324,864 --------- C:\WINDOWS\system32\urqQjJBR.dll
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Program Files\Avira
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-30 20:41 . 2008-05-30 20:41 33,920 --------- C:\WINDOWS\system32\geBtRJCv.dll
2008-05-30 20:03 . 2008-06-03 21:51 <REP> d-------- C:\Program Files\Fake Webcam
2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 16:47 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-06-04 16:45 --------- d-----w C:\Program Files\Steam
2008-06-04 10:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
2008-06-02 11:56 --------- d-s---w C:\Program Files\Xfire
2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_18.14.36.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 15:52:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 16:43:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
2008-05-30 20:41 33920 --------- C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C969D2D-2199-4A29-8483-BD417A1EF167}]
2008-06-04 18:49 324352 --a------ C:\WINDOWS\system32\nnnnLddc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D70A167-9D75-49D7-9F4C-DD7E79AE7A64}]
2008-06-01 21:19 324864 --------- C:\WINDOWS\system32\urqQjJBR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{877D76C4-BE5B-43D9-9AF9-0E693A84ECBB}]
2008-06-04 10:34 324352 --a------ C:\WINDOWS\system32\wvUnMcaw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23649E36-60C6-4433-880A-9DF59FC27342}"= "C:\WINDOWS\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
"TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"4ccdf25c"="C:\WINDOWS\system32\xjuxxtlw.dll" [2008-06-04 18:51 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\geBtRJCv.dll [2008-05-30 20:41 33920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
geBtRJCv.dll 2008-05-30 20:41 33920 C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\nnnnLddc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 18:46:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBtRJCv.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\xjuxxtlw.dll
-> C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparencyHook.dll
-> C:\WINDOWS\system32\nnnnLddc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-04 18:55:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 16:54:56
ComboFix2.txt 2008-06-01 16:15:49
Pre-Run: 82,978,988,032 octets libres
Post-Run: 82,879,619,072 octets libres
292
ComboFix 08-05-29.1 - HP_Administrateur 2008-06-04 18:31:31.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.565 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\avjeifvk.ini
C:\WINDOWS\system32\hnhqadpm.ini
C:\WINDOWS\system32\pjljakri.ini
C:\WINDOWS\system32\RBJjQqru.ini
C:\WINDOWS\system32\RBJjQqru.ini2
C:\WINDOWS\system32\rkliorgw.ini
C:\WINDOWS\system32\vuunmnfx.ini
C:\WINDOWS\system32\wacMnUvw.ini
C:\WINDOWS\system32\wacMnUvw.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.
2008-06-04 12:29 . 2008-06-04 12:29 95,232 --a------ C:\WINDOWS\system32\irkajljp.dll
2008-06-04 10:34 . 2008-06-04 10:34 324,352 --a------ C:\WINDOWS\system32\wvUnMcaw.dll
2008-06-02 19:22 . 2008-06-02 19:22 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-06-02 19:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:21 . 2008-06-02 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 19:21 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 21:19 . 2008-06-01 21:19 324,864 --------- C:\WINDOWS\system32\urqQjJBR.dll
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Program Files\Avira
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-30 20:41 . 2008-05-30 20:41 33,920 --------- C:\WINDOWS\system32\geBtRJCv.dll
2008-05-30 20:03 . 2008-06-03 21:51 <REP> d-------- C:\Program Files\Fake Webcam
2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 16:47 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-06-04 16:45 --------- d-----w C:\Program Files\Steam
2008-06-04 10:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
2008-06-02 11:56 --------- d-s---w C:\Program Files\Xfire
2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_18.14.36.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 15:52:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 16:43:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
2008-05-30 20:41 33920 --------- C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C969D2D-2199-4A29-8483-BD417A1EF167}]
2008-06-04 18:49 324352 --a------ C:\WINDOWS\system32\nnnnLddc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D70A167-9D75-49D7-9F4C-DD7E79AE7A64}]
2008-06-01 21:19 324864 --------- C:\WINDOWS\system32\urqQjJBR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{877D76C4-BE5B-43D9-9AF9-0E693A84ECBB}]
2008-06-04 10:34 324352 --a------ C:\WINDOWS\system32\wvUnMcaw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23649E36-60C6-4433-880A-9DF59FC27342}"= "C:\WINDOWS\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
"TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"4ccdf25c"="C:\WINDOWS\system32\xjuxxtlw.dll" [2008-06-04 18:51 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\geBtRJCv.dll [2008-05-30 20:41 33920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
geBtRJCv.dll 2008-05-30 20:41 33920 C:\WINDOWS\system32\geBtRJCv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\nnnnLddc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 18:46:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\geBtRJCv.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\nview.dll
-> C:\WINDOWS\system32\xjuxxtlw.dll
-> C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparencyHook.dll
-> C:\WINDOWS\system32\nnnnLddc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-04 18:55:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 16:54:56
ComboFix2.txt 2008-06-01 16:15:49
Pre-Run: 82,978,988,032 octets libres
Post-Run: 82,879,619,072 octets libres
292
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\irkajljp.dll
C:\WINDOWS\system32\wvUnMcaw.dll
C:\WINDOWS\system32\urqQjJBR.dll
C:\WINDOWS\system32\geBtRJCv.dll
C:\WINDOWS\system32\nnnnLddc.dll
C:\WINDOWS\atfxqogp.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C969D2D-2199-4A29-8483-BD417A1EF167}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D70A167-9D75-49D7-9F4C-DD7E79AE7A64}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{877D76C4-BE5B-43D9-9AF9-0E693A84ECBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23649E36-60C6-4433-880A-9DF59FC27342}"=-
[-HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
[-HKEY_CLASSES_ROOT\atfxqogp.1]
[-HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
[-HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4ccdf25c"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4647C2C7-9F3D-4220-87D9-43E617F67478}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
C:\WINDOWS\system32\irkajljp.dll
C:\WINDOWS\system32\wvUnMcaw.dll
C:\WINDOWS\system32\urqQjJBR.dll
C:\WINDOWS\system32\geBtRJCv.dll
C:\WINDOWS\system32\nnnnLddc.dll
C:\WINDOWS\atfxqogp.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C969D2D-2199-4A29-8483-BD417A1EF167}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D70A167-9D75-49D7-9F4C-DD7E79AE7A64}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{877D76C4-BE5B-43D9-9AF9-0E693A84ECBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23649E36-60C6-4433-880A-9DF59FC27342}"=-
[-HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
[-HKEY_CLASSES_ROOT\atfxqogp.1]
[-HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
[-HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"4ccdf25c"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4647C2C7-9F3D-4220-87D9-43E617F67478}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
voila le log combofix
ComboFix 08-05-29.1 - HP_Administrateur 2008-06-05 19:07:17.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.280 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\atfxqogp.dll
C:\WINDOWS\system32\geBtRJCv.dll
C:\WINDOWS\system32\irkajljp.dll
C:\WINDOWS\system32\nnnnLddc.dll
C:\WINDOWS\system32\urqQjJBR.dll
C:\WINDOWS\system32\wvUnMcaw.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\evpbrxxt.ini
C:\WINDOWS\system32\geBtRJCv.dll
C:\WINDOWS\system32\letbsrol.ini
C:\WINDOWS\system32\urqQjJBR.dll
C:\WINDOWS\system32\wacMnUvw.ini
C:\WINDOWS\system32\wacMnUvw.ini2
C:\WINDOWS\system32\wltxxujx.ini
C:\WINDOWS\system32\wvUnMcaw.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.
2008-06-05 10:51 . 2008-06-05 10:51 <REP> d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-05 10:51 . 2008-06-05 10:51 95,232 --a------ C:\WINDOWS\system32\txxrbpve.dll
2008-06-02 19:22 . 2008-06-02 19:22 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-06-02 19:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:21 . 2008-06-02 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 19:21 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Program Files\Avira
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-30 20:03 . 2008-06-03 21:51 <REP> d-------- C:\Program Files\Fake Webcam
2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 17:18 --------- d-----w C:\Program Files\Steam
2008-06-05 08:23 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
2008-06-05 08:21 --------- d-s---w C:\Program Files\Xfire
2008-06-05 08:20 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_18.14.36.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 15:52:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 17:16:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
"TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
geBtRJCv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 19:17:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\nview.dll
-> C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparencyHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 19:27:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 17:27:26
ComboFix2.txt 2008-06-04 16:55:20
ComboFix3.txt 2008-06-01 16:15:49
Pre-Run: 82,820,182,016 octets libres
Post-Run: 82,753,007,616 octets libres
268
ComboFix 08-05-29.1 - HP_Administrateur 2008-06-05 19:07:17.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.280 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\atfxqogp.dll
C:\WINDOWS\system32\geBtRJCv.dll
C:\WINDOWS\system32\irkajljp.dll
C:\WINDOWS\system32\nnnnLddc.dll
C:\WINDOWS\system32\urqQjJBR.dll
C:\WINDOWS\system32\wvUnMcaw.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\evpbrxxt.ini
C:\WINDOWS\system32\geBtRJCv.dll
C:\WINDOWS\system32\letbsrol.ini
C:\WINDOWS\system32\urqQjJBR.dll
C:\WINDOWS\system32\wacMnUvw.ini
C:\WINDOWS\system32\wacMnUvw.ini2
C:\WINDOWS\system32\wltxxujx.ini
C:\WINDOWS\system32\wvUnMcaw.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.
2008-06-05 10:51 . 2008-06-05 10:51 <REP> d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-05 10:51 . 2008-06-05 10:51 95,232 --a------ C:\WINDOWS\system32\txxrbpve.dll
2008-06-02 19:22 . 2008-06-02 19:22 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-06-02 19:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:21 . 2008-06-02 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-02 19:21 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-02 19:21 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Program Files\Avira
2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-30 20:03 . 2008-06-03 21:51 <REP> d-------- C:\Program Files\Fake Webcam
2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 17:18 --------- d-----w C:\Program Files\Steam
2008-06-05 08:23 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
2008-06-05 08:21 --------- d-s---w C:\Program Files\Xfire
2008-06-05 08:20 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
.
------- Sigcheck -------
2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_18.14.36.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 15:52:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 17:16:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
"TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
geBtRJCv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
"C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 19:17:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\system32\nview.dll
-> C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparencyHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 19:27:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 17:27:26
ComboFix2.txt 2008-06-04 16:55:20
ComboFix3.txt 2008-06-01 16:15:49
Pre-Run: 82,820,182,016 octets libres
Post-Run: 82,753,007,616 octets libres
268
et le log hijackthis ![:)]( ":)")
Logfile of HijackThis v1.99.1
Scan saved at 19:29:35, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
K:\WormingFight\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: geBtRJCv - geBtRJCv.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:29:35, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
K:\WormingFight\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: geBtRJCv - geBtRJCv.dll (file missing)
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
Lassé par la pub ? Créez un compte
