FENETRES INTEMPESTIVES
Dernière réponse : dans Sécurité
Bonjour,
Je suis novice en informatique et j'aurais besoin de votre aide
J'ai actuellement de gros problèmes suite à l'ouverture d'une pièce jointe zippée envoyée par msn : des fenêtres intempestives s'ouvrent sans arrêt et le virus cheval de troye apparait régulièrement
Je débute en informatique et ce serait très sympa si vous pouviez me conseiller par rapport à mes petits soucis actuels
Merci d'avance pour votre aide
Dans l'attente de recevoir de vos nouvelles
Bonne soirée
Carine de Bordeaux
Je suis novice en informatique et j'aurais besoin de votre aide
J'ai actuellement de gros problèmes suite à l'ouverture d'une pièce jointe zippée envoyée par msn : des fenêtres intempestives s'ouvrent sans arrêt et le virus cheval de troye apparait régulièrement
Je débute en informatique et ce serait très sympa si vous pouviez me conseiller par rapport à mes petits soucis actuels
Merci d'avance pour votre aide
Dans l'attente de recevoir de vos nouvelles
Bonne soirée
Carine de Bordeaux
Autres pages sur : fenetres intempestives
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Bonjour et merci pour ta réponse si rapide
Voici le rapport demandé
Dans l'attente de tes nouvelles
Encore merci pour ta précieuse aide
Bonne journée
Carine
***************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:50, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Performance Adapter] cbrsvc.exe
O4 - HKLM\..\Run: [9ca8f379] rundll32.exe "C:\WINDOWS\system32\dbfkkews.dll",b
O4 - HKLM\..\Run: [BM9f9bc0e5] Rundll32.exe "C:\WINDOWS\system32\rpiwkdbp.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/Tm...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\Software\..\Telephony: DomainName = Pomax.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Pomax.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9355 bytes
Voici le rapport demandé
Dans l'attente de tes nouvelles
Encore merci pour ta précieuse aide
Bonne journée
Carine
***************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:50, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Performance Adapter] cbrsvc.exe
O4 - HKLM\..\Run: [9ca8f379] rundll32.exe "C:\WINDOWS\system32\dbfkkews.dll",b
O4 - HKLM\..\Run: [BM9f9bc0e5] Rundll32.exe "C:\WINDOWS\system32\rpiwkdbp.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/Tm...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\Software\..\Telephony: DomainName = Pomax.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Pomax.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9355 bytes
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Rebonjour ...
Voici le rapport MalwareByte's
Dans l'attente de tes prochaines instructions
Bonne journée
Carine
Malwarebytes' Anti-Malware 1.17
Database version: 859
13:14:03 16/06/2008
mbam-log-6-16-2008 (13-14-03).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 61302
Time elapsed: 37 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\iiffDVpN.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\byXOhHBT.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\iiffDVpN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpVDffii.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpVDffii.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ntxbxwki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ikwxbxtn.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qqgmqlyl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lylqmgqq.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\utjuetex.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xeteujtu.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xixxieva.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aveixxix.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxluovuh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\huvoulxx.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Delete on reboot.
C:\WINDOWS\system32\byXOhHBT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJDTNGv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Delete on reboot.
Voici le rapport MalwareByte's
Dans l'attente de tes prochaines instructions
Bonne journée
Carine
Malwarebytes' Anti-Malware 1.17
Database version: 859
13:14:03 16/06/2008
mbam-log-6-16-2008 (13-14-03).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 61302
Time elapsed: 37 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\iiffDVpN.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\byXOhHBT.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\iiffDVpN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpVDffii.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\NpVDffii.ini2 (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ntxbxwki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ikwxbxtn.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qqgmqlyl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lylqmgqq.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\utjuetex.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xeteujtu.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xixxieva.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\aveixxix.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxluovuh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\huvoulxx.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Delete on reboot.
C:\WINDOWS\system32\byXOhHBT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJDTNGv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Delete on reboot.
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Re,
Voici le rapport ComboFix.txt
Dans l'attente de te lire
A+tard
Carine
******************************************************
ComboFix 08-06-15.4 - bordeaux 2008-06-16 16:03:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.140 [GMT 2:00]
Endroit: C:\Documents and Settings\bordeaux\bureaublad\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\efofhvyw.dll
C:\WINDOWS\system32\kayuebiq.dll
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
.
---- Previous Run -------
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\admyojoj.dll
C:\WINDOWS\system32\airkoffq.dll
C:\WINDOWS\system32\ajvxmgiv.dll
C:\WINDOWS\system32\arrlvjwc.dll
C:\WINDOWS\system32\avaclcft.ini
C:\WINDOWS\system32\aveixxix.ini
C:\WINDOWS\system32\bcrdkwwv.dll
C:\WINDOWS\system32\bgawbgpq.dll
C:\WINDOWS\system32\blhkjkyk.dll
C:\WINDOWS\system32\cldvnqbr.dll
C:\WINDOWS\system32\DegilUvw.ini
C:\WINDOWS\system32\DegilUvw.ini2
C:\WINDOWS\system32\dspjrkaq.dll
C:\WINDOWS\system32\dwiqgsqo.ini
C:\WINDOWS\system32\ecucuuex.dll
C:\WINDOWS\system32\ehknqtwa.ini
C:\WINDOWS\system32\ehknqtwa.ini2
C:\WINDOWS\system32\ewbrpfym.dll
C:\WINDOWS\system32\fmbhrtnu.ini
C:\WINDOWS\system32\fsdwxowf.ini
C:\WINDOWS\system32\giyuoqmi.ini
C:\WINDOWS\system32\gsrnfjcm.dll
C:\WINDOWS\system32\hbudmnjh.dll
C:\WINDOWS\system32\hikmoUtv.ini
C:\WINDOWS\system32\hikmoUtv.ini2
C:\WINDOWS\system32\hjhdwemk.dll
C:\WINDOWS\system32\hRtCbccf.ini
C:\WINDOWS\system32\hRtCbccf.ini2
C:\WINDOWS\system32\huvoulxx.ini
C:\WINDOWS\system32\ihpnykiy.dll
C:\WINDOWS\system32\ikwxbxtn.ini
C:\WINDOWS\system32\jnnulbkv.dll
C:\WINDOWS\system32\jxowxbbl.dll
C:\WINDOWS\system32\knrmntmn.dll
C:\WINDOWS\system32\kvwfuxdn.dll
C:\WINDOWS\system32\loystpjp.ini
C:\WINDOWS\system32\lylqmgqq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\memhknbr.dll
C:\WINDOWS\system32\mhwxmlin.ini
C:\WINDOWS\system32\mjwiduwc.ini
C:\WINDOWS\system32\mmiwywme.ini
C:\WINDOWS\system32\mnextgfw.ini
C:\WINDOWS\system32\mqufquat.dll
C:\WINDOWS\system32\msyjeprs.dll
C:\WINDOWS\system32\mwuadjyx.ini
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
C:\WINDOWS\system32\ntxbxwki.dll
C:\WINDOWS\system32\oaojqvgi.ini
C:\WINDOWS\system32\obfgyvcl.dll
C:\WINDOWS\system32\oevvsmbu.dll
C:\WINDOWS\system32\okhiktrk.dll
C:\WINDOWS\system32\ostviqho.dll
C:\WINDOWS\system32\otmmslvb.ini
C:\WINDOWS\system32\owapdrwg.ini
C:\WINDOWS\system32\pcetfcun.dll
C:\WINDOWS\system32\PqpWwyxx.ini
C:\WINDOWS\system32\PqpWwyxx.ini2
C:\WINDOWS\system32\ptueccdk.ini
C:\WINDOWS\system32\qqgmqlyl.dll
C:\WINDOWS\system32\rpiwkdbp.dll
C:\WINDOWS\system32\sgmopgkg.dll
C:\WINDOWS\system32\siqwiypy.dll
C:\WINDOWS\system32\swekkfbd.ini
C:\WINDOWS\system32\tsvxaGgh.ini
C:\WINDOWS\system32\tsvxaGgh.ini2
C:\WINDOWS\system32\tvdfrkob.ini
C:\WINDOWS\system32\udrdwffg.ini
C:\WINDOWS\system32\uothhjes.dll
C:\WINDOWS\system32\utjuetex.dll
C:\WINDOWS\system32\vbvhrqlf.dll
C:\WINDOWS\system32\vtvndefi.dll
C:\WINDOWS\system32\vviotlgh.dll
C:\WINDOWS\system32\wjtbdbiy.ini
C:\WINDOWS\system32\wlwpeheq.dll
C:\WINDOWS\system32\xaosivat.ini
C:\WINDOWS\system32\xeteujtu.ini
C:\WINDOWS\system32\xixxieva.dll
C:\WINDOWS\system32\xiyrpwsk.dll
C:\WINDOWS\system32\xkfsqlol.dll
C:\WINDOWS\system32\xxluovuh.dll
C:\WINDOWS\system32\yfpqsrhv.ini
C:\WINDOWS\system32\yiimxpii.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.
2008-06-16 16:14 . 2008-06-16 16:16 344 --ahs---- C:\WINDOWS\system32\NpVDffii.ini
2008-06-16 12:22 . 2008-06-16 12:22 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Malwarebytes
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage r‚seau
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage d'impression
2008-06-16 12:19 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\ModŠles
2008-06-16 12:19 . 2008-06-16 14:31 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Mes documents
2008-06-16 12:19 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Menu D‚marrer
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Favoris
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Bureau
2008-06-16 12:19 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Intel
2008-06-16 12:19 . 2008-06-16 12:19 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE
2008-06-16 11:49 . 2008-06-16 11:49 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-16 11:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 11:48 . 2008-06-16 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 11:48 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 11:29 . 2008-06-13 11:29 282,112 --a------ C:\WINDOWS\system32\iiffDVpN.dll
2008-06-09 12:37 . 2008-06-09 12:38 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-09 04:11 . 2008-06-09 04:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-08 10:47 . 2008-06-08 16:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:08 . 2008-06-08 10:08 164 --a------ C:\install.dat
2008-06-06 07:59 . 2008-06-06 07:59 <REP> d-------- C:\Program Files\Trend Micro
2008-06-06 07:41 . 2008-06-06 07:41 <REP> d-------- C:\VundoFix Backups
2008-06-05 23:28 . 2008-06-05 23:28 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\AVGTOOLBAR
2008-06-05 23:23 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Favoris
2008-06-05 23:23 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\Bercom\Bureau
2008-06-05 23:23 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\Intel
2008-06-05 23:23 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage r‚seau
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage d'impression
2008-06-05 23:22 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\Bercom\ModŠles
2008-06-05 23:22 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Mes documents
2008-06-05 23:22 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\Bercom\Menu D‚marrer
2008-06-05 23:22 . 2008-06-05 23:23 <REP> d-------- C:\Documents and Settings\Bercom
2008-06-05 23:08 . 2008-06-05 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-04 20:29 . 2008-06-04 20:29 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-04 00:13 . 2008-06-04 00:13 95 --a------ C:\WINDOWS\wininit.ini
2008-06-03 09:24 . 2008-06-16 09:19 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-02 15:46 . 2008-06-02 15:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:46 . 2008-06-02 15:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 15:45 . 2008-06-16 15:11 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Program Files\AVG
2008-06-02 15:45 . 2008-06-04 00:15 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\AVGTOOLBAR
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 14:12 . 2008-06-02 14:12 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-06-02 13:28 . 2008-06-02 13:28 <REP> d-------- C:\Program Files\Belarc
2008-06-02 13:28 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-05-26 09:48 . 2008-05-26 09:48 <REP> d-------- C:\Program Files\Alwil Software
2008-05-26 09:48 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-26 09:48 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-26 09:48 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-23 10:05 . 2008-05-23 10:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-22 21:34 . 2008-05-22 21:34 30,208 --a------ C:\WINDOWS\system32\ljJDTNGv.dll
2008-05-22 21:17 . 2008-05-22 21:17 30,208 --a------ C:\WINDOWS\system32\byXOhHBT.dll
2008-05-22 21:00 . 2008-05-22 21:00 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-22 18:59 . 2008-05-22 18:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-22 18:59 . 2008-05-22 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 14:14 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Skype
2008-06-16 14:04 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\skypePM
2008-06-16 09:47 --------- d-----w C:\Program Files\Common Files
2008-06-16 07:01 --------- d-----w C:\Program Files\LogMeIn
2008-06-04 18:25 --------- d-----w C:\Program Files\DynGate
2008-06-02 12:19 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-02 12:12 --------- d-----w C:\Program Files\Symantec
2008-06-02 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:45 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Symantec
2008-05-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 13:24 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-19 13:23 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-19 13:23 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-19 13:23 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll
2008-05-19 13:23 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2008-03-31 11:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-16_15.59.14.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 13:51:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 14:10:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D15A745-768A-4C05-9E7E-6905D7F63B40}]
C:\WINDOWS\system32\hgGaxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A76DEDC-F6C8-43BF-B869-C7AA3799C0E3}]
C:\WINDOWS\system32\wvUligeD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B17E868F-C0A0-4B4E-BB85-D315C97864B1}]
2008-06-13 11:29 282112 --a------ C:\WINDOWS\system32\iiffDVpN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}]
2008-05-22 21:17 30208 --a------ C:\WINDOWS\system32\byXOhHBT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B52F1792-2DB4-4CB0-B56B-33646F3CC432}]
C:\WINDOWS\system32\vtUomkih.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB932759-77B0-470D-A91E-6D7179059B69}]
C:\WINDOWS\system32\awtqnkhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75E2F25-CBAE-4C0B-8371-1C243F7569DE}]
C:\WINDOWS\system32\xxywWpqP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC2C23EB-9CD7-4D4E-B0A0-D93AD70F6F7E}]
C:\WINDOWS\system32\fccbCtRh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 11:43 413775]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-20 05:00 98304]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 00:07 147456]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:45 1177368]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58 696320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Windows Performance Adapter"="cbrsvc.exe" []
"9ca8f379"="C:\WINDOWS\system32\xraokuph.dll" [2008-06-16 16:17 87040]
"BM9f9bc0e5"="C:\WINDOWS\system32\ivynqlie.dll" [2008-06-16 16:17 94720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}"= C:\WINDOWS\system32\byXOhHBT.dll [2008-05-22 21:17 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOhHBT]
byXOhHBT.dll 2008-05-22 21:17 30208 C:\WINDOWS\system32\byXOhHBT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iiffDVpN
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:45]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-08 06:47:23 C:\WINDOWS\Tasks\backup.job"
- C:\backup.bat
"2008-06-16 14:17:11 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Voici le rapport ComboFix.txt
Dans l'attente de te lire
A+tard
Carine
******************************************************
ComboFix 08-06-15.4 - bordeaux 2008-06-16 16:03:23.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.140 [GMT 2:00]
Endroit: C:\Documents and Settings\bordeaux\bureaublad\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\efofhvyw.dll
C:\WINDOWS\system32\kayuebiq.dll
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
.
---- Previous Run -------
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\admyojoj.dll
C:\WINDOWS\system32\airkoffq.dll
C:\WINDOWS\system32\ajvxmgiv.dll
C:\WINDOWS\system32\arrlvjwc.dll
C:\WINDOWS\system32\avaclcft.ini
C:\WINDOWS\system32\aveixxix.ini
C:\WINDOWS\system32\bcrdkwwv.dll
C:\WINDOWS\system32\bgawbgpq.dll
C:\WINDOWS\system32\blhkjkyk.dll
C:\WINDOWS\system32\cldvnqbr.dll
C:\WINDOWS\system32\DegilUvw.ini
C:\WINDOWS\system32\DegilUvw.ini2
C:\WINDOWS\system32\dspjrkaq.dll
C:\WINDOWS\system32\dwiqgsqo.ini
C:\WINDOWS\system32\ecucuuex.dll
C:\WINDOWS\system32\ehknqtwa.ini
C:\WINDOWS\system32\ehknqtwa.ini2
C:\WINDOWS\system32\ewbrpfym.dll
C:\WINDOWS\system32\fmbhrtnu.ini
C:\WINDOWS\system32\fsdwxowf.ini
C:\WINDOWS\system32\giyuoqmi.ini
C:\WINDOWS\system32\gsrnfjcm.dll
C:\WINDOWS\system32\hbudmnjh.dll
C:\WINDOWS\system32\hikmoUtv.ini
C:\WINDOWS\system32\hikmoUtv.ini2
C:\WINDOWS\system32\hjhdwemk.dll
C:\WINDOWS\system32\hRtCbccf.ini
C:\WINDOWS\system32\hRtCbccf.ini2
C:\WINDOWS\system32\huvoulxx.ini
C:\WINDOWS\system32\ihpnykiy.dll
C:\WINDOWS\system32\ikwxbxtn.ini
C:\WINDOWS\system32\jnnulbkv.dll
C:\WINDOWS\system32\jxowxbbl.dll
C:\WINDOWS\system32\knrmntmn.dll
C:\WINDOWS\system32\kvwfuxdn.dll
C:\WINDOWS\system32\loystpjp.ini
C:\WINDOWS\system32\lylqmgqq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\memhknbr.dll
C:\WINDOWS\system32\mhwxmlin.ini
C:\WINDOWS\system32\mjwiduwc.ini
C:\WINDOWS\system32\mmiwywme.ini
C:\WINDOWS\system32\mnextgfw.ini
C:\WINDOWS\system32\mqufquat.dll
C:\WINDOWS\system32\msyjeprs.dll
C:\WINDOWS\system32\mwuadjyx.ini
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
C:\WINDOWS\system32\ntxbxwki.dll
C:\WINDOWS\system32\oaojqvgi.ini
C:\WINDOWS\system32\obfgyvcl.dll
C:\WINDOWS\system32\oevvsmbu.dll
C:\WINDOWS\system32\okhiktrk.dll
C:\WINDOWS\system32\ostviqho.dll
C:\WINDOWS\system32\otmmslvb.ini
C:\WINDOWS\system32\owapdrwg.ini
C:\WINDOWS\system32\pcetfcun.dll
C:\WINDOWS\system32\PqpWwyxx.ini
C:\WINDOWS\system32\PqpWwyxx.ini2
C:\WINDOWS\system32\ptueccdk.ini
C:\WINDOWS\system32\qqgmqlyl.dll
C:\WINDOWS\system32\rpiwkdbp.dll
C:\WINDOWS\system32\sgmopgkg.dll
C:\WINDOWS\system32\siqwiypy.dll
C:\WINDOWS\system32\swekkfbd.ini
C:\WINDOWS\system32\tsvxaGgh.ini
C:\WINDOWS\system32\tsvxaGgh.ini2
C:\WINDOWS\system32\tvdfrkob.ini
C:\WINDOWS\system32\udrdwffg.ini
C:\WINDOWS\system32\uothhjes.dll
C:\WINDOWS\system32\utjuetex.dll
C:\WINDOWS\system32\vbvhrqlf.dll
C:\WINDOWS\system32\vtvndefi.dll
C:\WINDOWS\system32\vviotlgh.dll
C:\WINDOWS\system32\wjtbdbiy.ini
C:\WINDOWS\system32\wlwpeheq.dll
C:\WINDOWS\system32\xaosivat.ini
C:\WINDOWS\system32\xeteujtu.ini
C:\WINDOWS\system32\xixxieva.dll
C:\WINDOWS\system32\xiyrpwsk.dll
C:\WINDOWS\system32\xkfsqlol.dll
C:\WINDOWS\system32\xxluovuh.dll
C:\WINDOWS\system32\yfpqsrhv.ini
C:\WINDOWS\system32\yiimxpii.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.
2008-06-16 16:14 . 2008-06-16 16:16 344 --ahs---- C:\WINDOWS\system32\NpVDffii.ini
2008-06-16 12:22 . 2008-06-16 12:22 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Malwarebytes
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage r‚seau
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage d'impression
2008-06-16 12:19 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\ModŠles
2008-06-16 12:19 . 2008-06-16 14:31 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Mes documents
2008-06-16 12:19 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Menu D‚marrer
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Favoris
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Bureau
2008-06-16 12:19 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Intel
2008-06-16 12:19 . 2008-06-16 12:19 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE
2008-06-16 11:49 . 2008-06-16 11:49 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-16 11:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 11:48 . 2008-06-16 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 11:48 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 11:29 . 2008-06-13 11:29 282,112 --a------ C:\WINDOWS\system32\iiffDVpN.dll
2008-06-09 12:37 . 2008-06-09 12:38 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-09 04:11 . 2008-06-09 04:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-08 10:47 . 2008-06-08 16:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:08 . 2008-06-08 10:08 164 --a------ C:\install.dat
2008-06-06 07:59 . 2008-06-06 07:59 <REP> d-------- C:\Program Files\Trend Micro
2008-06-06 07:41 . 2008-06-06 07:41 <REP> d-------- C:\VundoFix Backups
2008-06-05 23:28 . 2008-06-05 23:28 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\AVGTOOLBAR
2008-06-05 23:23 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Favoris
2008-06-05 23:23 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\Bercom\Bureau
2008-06-05 23:23 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\Intel
2008-06-05 23:23 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage r‚seau
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage d'impression
2008-06-05 23:22 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\Bercom\ModŠles
2008-06-05 23:22 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Mes documents
2008-06-05 23:22 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\Bercom\Menu D‚marrer
2008-06-05 23:22 . 2008-06-05 23:23 <REP> d-------- C:\Documents and Settings\Bercom
2008-06-05 23:08 . 2008-06-05 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-04 20:29 . 2008-06-04 20:29 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-04 00:13 . 2008-06-04 00:13 95 --a------ C:\WINDOWS\wininit.ini
2008-06-03 09:24 . 2008-06-16 09:19 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-02 15:46 . 2008-06-02 15:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:46 . 2008-06-02 15:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 15:45 . 2008-06-16 15:11 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Program Files\AVG
2008-06-02 15:45 . 2008-06-04 00:15 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\AVGTOOLBAR
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 14:12 . 2008-06-02 14:12 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-06-02 13:28 . 2008-06-02 13:28 <REP> d-------- C:\Program Files\Belarc
2008-06-02 13:28 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-05-26 09:48 . 2008-05-26 09:48 <REP> d-------- C:\Program Files\Alwil Software
2008-05-26 09:48 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-26 09:48 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-26 09:48 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-23 10:05 . 2008-05-23 10:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-22 21:34 . 2008-05-22 21:34 30,208 --a------ C:\WINDOWS\system32\ljJDTNGv.dll
2008-05-22 21:17 . 2008-05-22 21:17 30,208 --a------ C:\WINDOWS\system32\byXOhHBT.dll
2008-05-22 21:00 . 2008-05-22 21:00 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-22 18:59 . 2008-05-22 18:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-22 18:59 . 2008-05-22 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 14:14 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Skype
2008-06-16 14:04 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\skypePM
2008-06-16 09:47 --------- d-----w C:\Program Files\Common Files
2008-06-16 07:01 --------- d-----w C:\Program Files\LogMeIn
2008-06-04 18:25 --------- d-----w C:\Program Files\DynGate
2008-06-02 12:19 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-02 12:12 --------- d-----w C:\Program Files\Symantec
2008-06-02 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:45 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Symantec
2008-05-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 13:24 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-19 13:23 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-19 13:23 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-19 13:23 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll
2008-05-19 13:23 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2008-03-31 11:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-16_15.59.14.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 13:51:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 14:10:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D15A745-768A-4C05-9E7E-6905D7F63B40}]
C:\WINDOWS\system32\hgGaxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A76DEDC-F6C8-43BF-B869-C7AA3799C0E3}]
C:\WINDOWS\system32\wvUligeD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B17E868F-C0A0-4B4E-BB85-D315C97864B1}]
2008-06-13 11:29 282112 --a------ C:\WINDOWS\system32\iiffDVpN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}]
2008-05-22 21:17 30208 --a------ C:\WINDOWS\system32\byXOhHBT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B52F1792-2DB4-4CB0-B56B-33646F3CC432}]
C:\WINDOWS\system32\vtUomkih.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB932759-77B0-470D-A91E-6D7179059B69}]
C:\WINDOWS\system32\awtqnkhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75E2F25-CBAE-4C0B-8371-1C243F7569DE}]
C:\WINDOWS\system32\xxywWpqP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC2C23EB-9CD7-4D4E-B0A0-D93AD70F6F7E}]
C:\WINDOWS\system32\fccbCtRh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 11:43 413775]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-20 05:00 98304]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 00:07 147456]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:45 1177368]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58 696320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Windows Performance Adapter"="cbrsvc.exe" []
"9ca8f379"="C:\WINDOWS\system32\xraokuph.dll" [2008-06-16 16:17 87040]
"BM9f9bc0e5"="C:\WINDOWS\system32\ivynqlie.dll" [2008-06-16 16:17 94720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}"= C:\WINDOWS\system32\byXOhHBT.dll [2008-05-22 21:17 30208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOhHBT]
byXOhHBT.dll 2008-05-22 21:17 30208 C:\WINDOWS\system32\byXOhHBT.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iiffDVpN
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:45]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-08 06:47:23 C:\WINDOWS\Tasks\backup.job"
- C:\backup.bat
"2008-06-16 14:17:11 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\iiffDVpN.dll
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\xraokuph.dll
C:\WINDOWS\system32\ivynqlie.dll
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\byXOhHBT.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D15A745-768A-4C05-9E7E-6905D7F63B40}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A76DEDC-F6C8-43BF-B869-C7AA3799C0E3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B17E868F-C0A0-4B4E-BB85-D315C97864B1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B52F1792-2DB4-4CB0-B56B-33646F3CC432}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB932759-77B0-470D-A91E-6D7179059B69}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75E2F25-CBAE-4C0B-8371-1C243F7569DE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC2C23EB-9CD7-4D4E-B0A0-D93AD70F6F7E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Performance Adapter"=-
"9ca8f379"=-
"BM9f9bc0e5"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOhHBT]
C:\WINDOWS\system32\iiffDVpN.dll
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\xraokuph.dll
C:\WINDOWS\system32\ivynqlie.dll
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\byXOhHBT.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D15A745-768A-4C05-9E7E-6905D7F63B40}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A76DEDC-F6C8-43BF-B869-C7AA3799C0E3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B17E868F-C0A0-4B4E-BB85-D315C97864B1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B52F1792-2DB4-4CB0-B56B-33646F3CC432}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB932759-77B0-470D-A91E-6D7179059B69}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E75E2F25-CBAE-4C0B-8371-1C243F7569DE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC2C23EB-9CD7-4D4E-B0A0-D93AD70F6F7E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Performance Adapter"=-
"9ca8f379"=-
"BM9f9bc0e5"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B23676E9-0996-4FAC-A9BE-4B3D57925CEF}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXOhHBT]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Bonjour,
Me revoilà
Comme il s'agit de mon PC boulot, je ne peux pas faire les manips le soir
Voici les rapports demandés
Juste une remarque : lorsque Combofix s'est relancer, je n'ai pas eu à taper 1 ...
A+tard et bonne journée
Carine
****************
RAPPORT COMBOFIX
****************
ComboFix 08-06-15.4 - bordeaux 2008-06-17 9:33:40.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.110 [GMT 2:00]
Endroit: C:\Documents and Settings\bordeaux\bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\bordeaux\bureaublad\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\iiffDVpN.dll
C:\WINDOWS\system32\ivynqlie.dll
C:\WINDOWS\system32\xraokuph.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\gwqvprlf.dll
C:\WINDOWS\system32\hpukoarx.ini
C:\WINDOWS\system32\iiffDVpN.dll
C:\WINDOWS\system32\ivynqlie.dll
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
C:\WINDOWS\system32\xraokuph.dll
.
---- Previous Run -------
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\admyojoj.dll
C:\WINDOWS\system32\airkoffq.dll
C:\WINDOWS\system32\ajvxmgiv.dll
C:\WINDOWS\system32\arrlvjwc.dll
C:\WINDOWS\system32\avaclcft.ini
C:\WINDOWS\system32\aveixxix.ini
C:\WINDOWS\system32\bcrdkwwv.dll
C:\WINDOWS\system32\bgawbgpq.dll
C:\WINDOWS\system32\blhkjkyk.dll
C:\WINDOWS\system32\cldvnqbr.dll
C:\WINDOWS\system32\DegilUvw.ini
C:\WINDOWS\system32\DegilUvw.ini2
C:\WINDOWS\system32\dspjrkaq.dll
C:\WINDOWS\system32\dwiqgsqo.ini
C:\WINDOWS\system32\ecucuuex.dll
C:\WINDOWS\system32\efofhvyw.dll
C:\WINDOWS\system32\ehknqtwa.ini
C:\WINDOWS\system32\ehknqtwa.ini2
C:\WINDOWS\system32\ewbrpfym.dll
C:\WINDOWS\system32\fmbhrtnu.ini
C:\WINDOWS\system32\fsdwxowf.ini
C:\WINDOWS\system32\giyuoqmi.ini
C:\WINDOWS\system32\gsrnfjcm.dll
C:\WINDOWS\system32\hbudmnjh.dll
C:\WINDOWS\system32\hikmoUtv.ini
C:\WINDOWS\system32\hikmoUtv.ini2
C:\WINDOWS\system32\hjhdwemk.dll
C:\WINDOWS\system32\hRtCbccf.ini
C:\WINDOWS\system32\hRtCbccf.ini2
C:\WINDOWS\system32\huvoulxx.ini
C:\WINDOWS\system32\ihpnykiy.dll
C:\WINDOWS\system32\ikwxbxtn.ini
C:\WINDOWS\system32\jnnulbkv.dll
C:\WINDOWS\system32\jxowxbbl.dll
C:\WINDOWS\system32\kayuebiq.dll
C:\WINDOWS\system32\knrmntmn.dll
C:\WINDOWS\system32\kvwfuxdn.dll
C:\WINDOWS\system32\loystpjp.ini
C:\WINDOWS\system32\lylqmgqq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\memhknbr.dll
C:\WINDOWS\system32\mhwxmlin.ini
C:\WINDOWS\system32\mjwiduwc.ini
C:\WINDOWS\system32\mmiwywme.ini
C:\WINDOWS\system32\mnextgfw.ini
C:\WINDOWS\system32\mqufquat.dll
C:\WINDOWS\system32\msyjeprs.dll
C:\WINDOWS\system32\mwuadjyx.ini
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
C:\WINDOWS\system32\ntxbxwki.dll
C:\WINDOWS\system32\oaojqvgi.ini
C:\WINDOWS\system32\obfgyvcl.dll
C:\WINDOWS\system32\oevvsmbu.dll
C:\WINDOWS\system32\okhiktrk.dll
C:\WINDOWS\system32\ostviqho.dll
C:\WINDOWS\system32\otmmslvb.ini
C:\WINDOWS\system32\owapdrwg.ini
C:\WINDOWS\system32\pcetfcun.dll
C:\WINDOWS\system32\PqpWwyxx.ini
C:\WINDOWS\system32\PqpWwyxx.ini2
C:\WINDOWS\system32\ptueccdk.ini
C:\WINDOWS\system32\qqgmqlyl.dll
C:\WINDOWS\system32\rpiwkdbp.dll
C:\WINDOWS\system32\sgmopgkg.dll
C:\WINDOWS\system32\siqwiypy.dll
C:\WINDOWS\system32\swekkfbd.ini
C:\WINDOWS\system32\tsvxaGgh.ini
C:\WINDOWS\system32\tsvxaGgh.ini2
C:\WINDOWS\system32\tvdfrkob.ini
C:\WINDOWS\system32\udrdwffg.ini
C:\WINDOWS\system32\uothhjes.dll
C:\WINDOWS\system32\utjuetex.dll
C:\WINDOWS\system32\vbvhrqlf.dll
C:\WINDOWS\system32\vtvndefi.dll
C:\WINDOWS\system32\vviotlgh.dll
C:\WINDOWS\system32\wjtbdbiy.ini
C:\WINDOWS\system32\wlwpeheq.dll
C:\WINDOWS\system32\xaosivat.ini
C:\WINDOWS\system32\xeteujtu.ini
C:\WINDOWS\system32\xixxieva.dll
C:\WINDOWS\system32\xiyrpwsk.dll
C:\WINDOWS\system32\xkfsqlol.dll
C:\WINDOWS\system32\xxluovuh.dll
C:\WINDOWS\system32\yfpqsrhv.ini
C:\WINDOWS\system32\yiimxpii.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.
2008-06-16 12:22 . 2008-06-16 12:22 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Malwarebytes
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage r‚seau
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage d'impression
2008-06-16 12:19 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\ModŠles
2008-06-16 12:19 . 2008-06-16 14:31 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Mes documents
2008-06-16 12:19 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Menu D‚marrer
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Favoris
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Bureau
2008-06-16 12:19 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Intel
2008-06-16 12:19 . 2008-06-16 12:19 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE
2008-06-16 11:49 . 2008-06-16 11:49 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-16 11:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 11:48 . 2008-06-16 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 11:48 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 12:37 . 2008-06-09 12:38 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-09 04:11 . 2008-06-09 04:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-08 10:47 . 2008-06-08 16:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:08 . 2008-06-08 10:08 164 --a------ C:\install.dat
2008-06-06 07:59 . 2008-06-06 07:59 <REP> d-------- C:\Program Files\Trend Micro
2008-06-06 07:41 . 2008-06-06 07:41 <REP> d-------- C:\VundoFix Backups
2008-06-05 23:28 . 2008-06-05 23:28 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\AVGTOOLBAR
2008-06-05 23:23 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Favoris
2008-06-05 23:23 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\Bercom\Bureau
2008-06-05 23:23 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\Intel
2008-06-05 23:23 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage r‚seau
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage d'impression
2008-06-05 23:22 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\Bercom\ModŠles
2008-06-05 23:22 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Mes documents
2008-06-05 23:22 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\Bercom\Menu D‚marrer
2008-06-05 23:22 . 2008-06-05 23:23 <REP> d-------- C:\Documents and Settings\Bercom
2008-06-05 23:08 . 2008-06-05 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-04 20:29 . 2008-06-04 20:29 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-04 00:13 . 2008-06-04 00:13 95 --a------ C:\WINDOWS\wininit.ini
2008-06-03 09:24 . 2008-06-16 18:07 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-02 15:46 . 2008-06-02 15:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:46 . 2008-06-02 15:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 15:45 . 2008-06-16 15:11 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Program Files\AVG
2008-06-02 15:45 . 2008-06-04 00:15 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\AVGTOOLBAR
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 14:12 . 2008-06-02 14:12 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-06-02 13:28 . 2008-06-02 13:28 <REP> d-------- C:\Program Files\Belarc
2008-06-02 13:28 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-05-26 09:48 . 2008-05-26 09:48 <REP> d-------- C:\Program Files\Alwil Software
2008-05-26 09:48 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-26 09:48 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-26 09:48 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-23 10:05 . 2008-05-23 10:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-22 21:34 . 2008-05-22 21:34 30,208 --a------ C:\WINDOWS\system32\ljJDTNGv.dll
2008-05-22 21:00 . 2008-05-22 21:00 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-22 18:59 . 2008-05-22 18:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-22 18:59 . 2008-05-22 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 07:23 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Skype
2008-06-17 07:19 --------- d-----w C:\Program Files\LogMeIn
2008-06-16 14:04 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\skypePM
2008-06-16 09:47 --------- d-----w C:\Program Files\Common Files
2008-06-04 18:25 --------- d-----w C:\Program Files\DynGate
2008-06-02 12:19 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-02 12:12 --------- d-----w C:\Program Files\Symantec
2008-06-02 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:45 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Symantec
2008-05-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-31 11:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-06-16_15.59.14.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 13:51:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 07:41:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 11:43 413775]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-20 05:00 98304]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 00:07 147456]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:45 1177368]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58 696320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:45]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-08 06:47:23 C:\WINDOWS\Tasks\backup.job"
- C:\backup.bat
"2008-06-16 16:17:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
*****************
RAPPORT HIJACKTHIS
*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21, on 2008-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/Tm...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\Software\..\Telephony: DomainName = Pomax.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Pomax.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9744 bytes
Me revoilà
Comme il s'agit de mon PC boulot, je ne peux pas faire les manips le soir
Voici les rapports demandés
Juste une remarque : lorsque Combofix s'est relancer, je n'ai pas eu à taper 1 ...
A+tard et bonne journée
Carine
****************
RAPPORT COMBOFIX
****************
ComboFix 08-06-15.4 - bordeaux 2008-06-17 9:33:40.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.110 [GMT 2:00]
Endroit: C:\Documents and Settings\bordeaux\bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\bordeaux\bureaublad\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\iiffDVpN.dll
C:\WINDOWS\system32\ivynqlie.dll
C:\WINDOWS\system32\xraokuph.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXOhHBT.dll
C:\WINDOWS\system32\gwqvprlf.dll
C:\WINDOWS\system32\hpukoarx.ini
C:\WINDOWS\system32\iiffDVpN.dll
C:\WINDOWS\system32\ivynqlie.dll
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
C:\WINDOWS\system32\xraokuph.dll
.
---- Previous Run -------
.
C:\WINDOWS\BM9f9bc0e5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\admyojoj.dll
C:\WINDOWS\system32\airkoffq.dll
C:\WINDOWS\system32\ajvxmgiv.dll
C:\WINDOWS\system32\arrlvjwc.dll
C:\WINDOWS\system32\avaclcft.ini
C:\WINDOWS\system32\aveixxix.ini
C:\WINDOWS\system32\bcrdkwwv.dll
C:\WINDOWS\system32\bgawbgpq.dll
C:\WINDOWS\system32\blhkjkyk.dll
C:\WINDOWS\system32\cldvnqbr.dll
C:\WINDOWS\system32\DegilUvw.ini
C:\WINDOWS\system32\DegilUvw.ini2
C:\WINDOWS\system32\dspjrkaq.dll
C:\WINDOWS\system32\dwiqgsqo.ini
C:\WINDOWS\system32\ecucuuex.dll
C:\WINDOWS\system32\efofhvyw.dll
C:\WINDOWS\system32\ehknqtwa.ini
C:\WINDOWS\system32\ehknqtwa.ini2
C:\WINDOWS\system32\ewbrpfym.dll
C:\WINDOWS\system32\fmbhrtnu.ini
C:\WINDOWS\system32\fsdwxowf.ini
C:\WINDOWS\system32\giyuoqmi.ini
C:\WINDOWS\system32\gsrnfjcm.dll
C:\WINDOWS\system32\hbudmnjh.dll
C:\WINDOWS\system32\hikmoUtv.ini
C:\WINDOWS\system32\hikmoUtv.ini2
C:\WINDOWS\system32\hjhdwemk.dll
C:\WINDOWS\system32\hRtCbccf.ini
C:\WINDOWS\system32\hRtCbccf.ini2
C:\WINDOWS\system32\huvoulxx.ini
C:\WINDOWS\system32\ihpnykiy.dll
C:\WINDOWS\system32\ikwxbxtn.ini
C:\WINDOWS\system32\jnnulbkv.dll
C:\WINDOWS\system32\jxowxbbl.dll
C:\WINDOWS\system32\kayuebiq.dll
C:\WINDOWS\system32\knrmntmn.dll
C:\WINDOWS\system32\kvwfuxdn.dll
C:\WINDOWS\system32\loystpjp.ini
C:\WINDOWS\system32\lylqmgqq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\memhknbr.dll
C:\WINDOWS\system32\mhwxmlin.ini
C:\WINDOWS\system32\mjwiduwc.ini
C:\WINDOWS\system32\mmiwywme.ini
C:\WINDOWS\system32\mnextgfw.ini
C:\WINDOWS\system32\mqufquat.dll
C:\WINDOWS\system32\msyjeprs.dll
C:\WINDOWS\system32\mwuadjyx.ini
C:\WINDOWS\system32\NpVDffii.ini
C:\WINDOWS\system32\NpVDffii.ini2
C:\WINDOWS\system32\ntxbxwki.dll
C:\WINDOWS\system32\oaojqvgi.ini
C:\WINDOWS\system32\obfgyvcl.dll
C:\WINDOWS\system32\oevvsmbu.dll
C:\WINDOWS\system32\okhiktrk.dll
C:\WINDOWS\system32\ostviqho.dll
C:\WINDOWS\system32\otmmslvb.ini
C:\WINDOWS\system32\owapdrwg.ini
C:\WINDOWS\system32\pcetfcun.dll
C:\WINDOWS\system32\PqpWwyxx.ini
C:\WINDOWS\system32\PqpWwyxx.ini2
C:\WINDOWS\system32\ptueccdk.ini
C:\WINDOWS\system32\qqgmqlyl.dll
C:\WINDOWS\system32\rpiwkdbp.dll
C:\WINDOWS\system32\sgmopgkg.dll
C:\WINDOWS\system32\siqwiypy.dll
C:\WINDOWS\system32\swekkfbd.ini
C:\WINDOWS\system32\tsvxaGgh.ini
C:\WINDOWS\system32\tsvxaGgh.ini2
C:\WINDOWS\system32\tvdfrkob.ini
C:\WINDOWS\system32\udrdwffg.ini
C:\WINDOWS\system32\uothhjes.dll
C:\WINDOWS\system32\utjuetex.dll
C:\WINDOWS\system32\vbvhrqlf.dll
C:\WINDOWS\system32\vtvndefi.dll
C:\WINDOWS\system32\vviotlgh.dll
C:\WINDOWS\system32\wjtbdbiy.ini
C:\WINDOWS\system32\wlwpeheq.dll
C:\WINDOWS\system32\xaosivat.ini
C:\WINDOWS\system32\xeteujtu.ini
C:\WINDOWS\system32\xixxieva.dll
C:\WINDOWS\system32\xiyrpwsk.dll
C:\WINDOWS\system32\xkfsqlol.dll
C:\WINDOWS\system32\xxluovuh.dll
C:\WINDOWS\system32\yfpqsrhv.ini
C:\WINDOWS\system32\yiimxpii.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.
2008-06-16 12:22 . 2008-06-16 12:22 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Malwarebytes
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage r‚seau
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Voisinage d'impression
2008-06-16 12:19 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\ModŠles
2008-06-16 12:19 . 2008-06-16 14:31 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Mes documents
2008-06-16 12:19 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Menu D‚marrer
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Favoris
2008-06-16 12:19 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Bureau
2008-06-16 12:19 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE\Application Data\Intel
2008-06-16 12:19 . 2008-06-16 12:19 <REP> d-------- C:\Documents and Settings\bordeaux.POMAX-CAMILLE
2008-06-16 11:49 . 2008-06-16 11:49 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-16 11:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 11:48 . 2008-06-16 11:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 11:48 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 11:48 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 12:37 . 2008-06-09 12:38 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-09 04:11 . 2008-06-09 04:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-08 10:47 . 2008-06-08 16:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 10:08 . 2008-06-08 10:08 164 --a------ C:\install.dat
2008-06-06 07:59 . 2008-06-06 07:59 <REP> d-------- C:\Program Files\Trend Micro
2008-06-06 07:41 . 2008-06-06 07:41 <REP> d-------- C:\VundoFix Backups
2008-06-05 23:28 . 2008-06-05 23:28 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\AVGTOOLBAR
2008-06-05 23:23 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Favoris
2008-06-05 23:23 . 2006-12-27 13:04 <REP> d-------- C:\Documents and Settings\Bercom\Bureau
2008-06-05 23:23 . 2006-12-27 13:16 <REP> d-------- C:\Documents and Settings\Bercom\Application Data\Intel
2008-06-05 23:23 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage r‚seau
2008-06-05 23:22 . 2006-12-27 13:04 <REP> d--h----- C:\Documents and Settings\Bercom\Voisinage d'impression
2008-06-05 23:22 . 2006-12-27 12:15 <REP> d--h----- C:\Documents and Settings\Bercom\ModŠles
2008-06-05 23:22 . 2008-06-05 23:24 <REP> dr------- C:\Documents and Settings\Bercom\Mes documents
2008-06-05 23:22 . 2006-12-27 13:04 <REP> dr------- C:\Documents and Settings\Bercom\Menu D‚marrer
2008-06-05 23:22 . 2008-06-05 23:23 <REP> d-------- C:\Documents and Settings\Bercom
2008-06-05 23:08 . 2008-06-05 23:08 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-04 20:29 . 2008-06-04 20:29 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-04 00:13 . 2008-06-04 00:13 95 --a------ C:\WINDOWS\wininit.ini
2008-06-03 09:24 . 2008-06-16 18:07 <REP> d--h----- C:\$AVG8.VAULT$
2008-06-02 15:46 . 2008-06-02 15:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-02 15:46 . 2008-06-02 15:46 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 15:45 . 2008-06-16 15:11 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Program Files\AVG
2008-06-02 15:45 . 2008-06-04 00:15 <REP> d-------- C:\Documents and Settings\bordeaux\Application Data\AVGTOOLBAR
2008-06-02 15:45 . 2008-06-02 15:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 14:12 . 2008-06-02 14:12 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-06-02 13:28 . 2008-06-02 13:28 <REP> d-------- C:\Program Files\Belarc
2008-06-02 13:28 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-05-26 09:48 . 2008-05-26 09:48 <REP> d-------- C:\Program Files\Alwil Software
2008-05-26 09:48 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-26 09:48 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-05-26 09:48 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-05-23 10:05 . 2008-05-23 10:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-05-22 21:34 . 2008-05-22 21:34 30,208 --a------ C:\WINDOWS\system32\ljJDTNGv.dll
2008-05-22 21:00 . 2008-05-22 21:00 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-22 18:59 . 2008-05-22 18:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-22 18:59 . 2008-05-22 20:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 07:23 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Skype
2008-06-17 07:19 --------- d-----w C:\Program Files\LogMeIn
2008-06-16 14:04 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\skypePM
2008-06-16 09:47 --------- d-----w C:\Program Files\Common Files
2008-06-04 18:25 --------- d-----w C:\Program Files\DynGate
2008-06-02 12:19 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-02 12:12 --------- d-----w C:\Program Files\Symantec
2008-06-02 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:45 --------- d-----w C:\Documents and Settings\bordeaux\Application Data\Symantec
2008-05-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-31 11:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-06-16_15.59.14.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 13:51:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 07:41:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 11:43 413775]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" [2004-05-20 05:00 98304]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-11 00:07 147456]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 15:45 1177368]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58 696320]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-19 15:23 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 15:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 15:45]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-08 06:47:23 C:\WINDOWS\Tasks\backup.job"
- C:\backup.bat
"2008-06-16 16:17:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
*****************
RAPPORT HIJACKTHIS
*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21, on 2008-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB002" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: explorer.exe.lnk = C:\WINDOWS\explorer.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\bordeaux\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/Tm...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\Software\..\Telephony: DomainName = Pomax.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Pomax.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Pomax.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9744 bytes
Re ...
Je viens de ravoir la fenêtre du virus trojan horse
Voici les infos que j'ai relevées :
1- File name : C:\System Volume Information\ _ restore {606E5693-C113-437C-855C-AA04A5A45C13} \RP2\ A0000019.dll
Threat name : Trojan horse Generic 10.AMYV
Detected on Open
2- File name : C:\System Volume Information\ _ restore {606E5693-C113-437C-855C-AA04A5A45C13} \RP2\ A0000012.dll
Threat name : Trojan horse Generic 10.AMYT
Detected on Open
Process Name : C\WINDOWS\System32\svchost.exe
Process ID : 1300
Ensuite j'ai cliqué sur "Remove Threats"
Voilà toutes les infos que j'ai pu récupérer
Merci d'avance pour ton aide
A tout à l'heure
Carine
Je viens de ravoir la fenêtre du virus trojan horse
Voici les infos que j'ai relevées :
1- File name : C:\System Volume Information\ _ restore {606E5693-C113-437C-855C-AA04A5A45C13} \RP2\ A0000019.dll
Threat name : Trojan horse Generic 10.AMYV
Detected on Open
2- File name : C:\System Volume Information\ _ restore {606E5693-C113-437C-855C-AA04A5A45C13} \RP2\ A0000012.dll
Threat name : Trojan horse Generic 10.AMYT
Detected on Open
Process Name : C\WINDOWS\System32\svchost.exe
Process ID : 1300
Ensuite j'ai cliqué sur "Remove Threats"
Voilà toutes les infos que j'ai pu récupérer
Merci d'avance pour ton aide
A tout à l'heure
Carine
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forumfenetres intempestives sur mon pc sous windows 7 PcTuto SweetIm
- ForumFenêtres de publicités intempestives .
- Forum[résolu]Fenêtres intempestives - infection - aide pas à pas svp :-)
- ForumFenêtres intempestives avec firefox
- Forumfenetres intempestives !!! sos [RESOLU]
- solutionsDes fenêtres intempestives s'ouvrent avec Internet Explorer, comment les retirer ?
- ForumFenêtres POP UP intempestives (Résolu)
- ForumComment supprimer lo.st et les fenêtres de pub intempestives
- Forum[Résolu] Fenêtres intempestives
- ForumOuverture de fenêtres intempestives
- Voir plus
