Virus
Dernière réponse : dans Sécurité
Bonjour,
Alors voila j'ai des Pub qui s'affiche sur mon PC et sa me dit que j'ai des virus. Que dois-je faire svp?
Alors voila j'ai des Pub qui s'affiche sur mon PC et sa me dit que j'ai des virus. Que dois-je faire svp?
Autres pages sur : virus
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrateur\local settings\application data\qguqqqc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [qguqqqc] "c:\documents and settings\administrateur\local settings\application data\qguqqqc.exe" qguqqqc
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
O20 - Winlogon Notify: 8437bb70509 - C:\WINDOWS\System32\ds32gt32.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 8239 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrateur\local settings\application data\qguqqqc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [qguqqqc] "c:\documents and settings\administrateur\local settings\application data\qguqqqc.exe" qguqqqc
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_II] %systemroot%\LSD\lsd.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
O20 - Winlogon Notify: 8437bb70509 - C:\WINDOWS\System32\ds32gt32.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 8239 bytes
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Voici le rapport:
ComboFix 08-12-29.02 - Administrateur 2008-12-30 13:32:32.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.223.43 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\020000007f0256af509C.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509O.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509P.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509S.manifest
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc.exe
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc_nav.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc_navps.dat
c:\documents and settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
.
2008-12-30 13:38 . 2008-12-30 13:39 <REP> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-12-30 13:38 . 2008-12-30 13:38 373,760 --ahs---- c:\windows\system32\1.tmp
2008-12-25 21:29 . 2008-12-25 21:29 373,760 --ahs---- c:\windows\system32\374.tmp
2008-12-25 21:29 . 2008-12-25 21:29 135,168 --a------ c:\windows\system32\ds32gt32.dll
2008-12-25 18:41 . 2008-12-25 18:41 <REP> dr-h----- c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-25 18:41 . 2008-12-25 18:41 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-25 18:17 . 2008-12-25 18:17 <REP> d-------- c:\program files\Atari
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Logitech
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Fichiers communs\Logitech
2008-12-25 18:10 . 2004-05-13 23:40 167,936 --a------ c:\windows\system32\WmJoyFrc.dll
2008-12-25 18:10 . 2004-05-13 23:54 44,384 --a------ c:\windows\system32\drivers\WmXlCore.sys
2008-12-25 18:10 . 2004-05-13 23:54 21,440 --a------ c:\windows\system32\drivers\WmFilter.sys
2008-12-25 18:10 . 2004-05-13 23:54 14,720 --a------ c:\windows\system32\drivers\WmHidLo.sys
2008-12-25 18:10 . 2004-05-13 23:54 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2008-12-25 18:10 . 2004-05-13 23:54 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2008-12-10 13:22 . 2008-12-10 13:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-11 20:37 . 2008-11-11 20:37 0 --a------ c:\windows\graphedit.INI
2008-11-11 20:11 . 2008-11-11 20:11 <REP> d--h----- c:\windows\PIF
2008-11-11 19:32 . 2008-11-11 19:32 <REP> d-------- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 12:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-30 10:31 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-12-29 17:36 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\Incomplete
2008-12-29 12:56 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 17:07 --------- d-----w c:\program files\Google
2008-12-24 11:25 --------- d-----w c:\documents and settings\Administrateur\Application Data\HPAppData
2008-12-10 12:21 --------- d-----w c:\program files\Java
2008-10-30 16:55 --------- d-----w c:\program files\aideinfo
2008-02-02 18:47 126 ----a-w c:\documents and settings\Administrateur\patching.reg
2005-09-08 07:25 276 ----a-w c:\documents and settings\Administrateur\install.cmd
.
------- Sigcheck -------
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2005-01-03 19:16 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8437bb70509]
2008-12-25 21:29 135168 c:\windows\system32\ds32gt32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\explorer.exe"=
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-02-03 178913]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-qguqqqc - c:\documents and settings\administrateur\local settings\application data\qguqqqc.exe
HKU-Default-RunOnce-LSD_II - c:\windows\LSD\lsd.cmd
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 13:38:38
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\GroupPolicy000.dat 0 bytes
c:\windows\system32\GroupPolicyManifest
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\ds32gt32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Opera\opera.exe
.
**************************************************************************
.
Heure de fin: 2008-12-30 13:43:30 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-12-30 12:43:27
Avant-CF: 21,616,742,400 octets libres
Après-CF: 21,684,953,088 octets libres
174 --- E O F --- 2008-09-10 17:04:11
ComboFix 08-12-29.02 - Administrateur 2008-12-30 13:32:32.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.223.43 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\020000007f0256af509C.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509O.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509P.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509S.manifest
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc.exe
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc_nav.dat
c:\documents and settings\Administrateur\Local Settings\Application Data\qguqqqc_navps.dat
c:\documents and settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
.
2008-12-30 13:38 . 2008-12-30 13:39 <REP> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-12-30 13:38 . 2008-12-30 13:38 373,760 --ahs---- c:\windows\system32\1.tmp
2008-12-25 21:29 . 2008-12-25 21:29 373,760 --ahs---- c:\windows\system32\374.tmp
2008-12-25 21:29 . 2008-12-25 21:29 135,168 --a------ c:\windows\system32\ds32gt32.dll
2008-12-25 18:41 . 2008-12-25 18:41 <REP> dr-h----- c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-25 18:41 . 2008-12-25 18:41 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-25 18:17 . 2008-12-25 18:17 <REP> d-------- c:\program files\Atari
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Logitech
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Fichiers communs\Logitech
2008-12-25 18:10 . 2004-05-13 23:40 167,936 --a------ c:\windows\system32\WmJoyFrc.dll
2008-12-25 18:10 . 2004-05-13 23:54 44,384 --a------ c:\windows\system32\drivers\WmXlCore.sys
2008-12-25 18:10 . 2004-05-13 23:54 21,440 --a------ c:\windows\system32\drivers\WmFilter.sys
2008-12-25 18:10 . 2004-05-13 23:54 14,720 --a------ c:\windows\system32\drivers\WmHidLo.sys
2008-12-25 18:10 . 2004-05-13 23:54 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2008-12-25 18:10 . 2004-05-13 23:54 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2008-12-10 13:22 . 2008-12-10 13:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-11 20:37 . 2008-11-11 20:37 0 --a------ c:\windows\graphedit.INI
2008-11-11 20:11 . 2008-11-11 20:11 <REP> d--h----- c:\windows\PIF
2008-11-11 19:32 . 2008-11-11 19:32 <REP> d-------- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 12:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-30 10:31 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-12-29 17:36 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\Incomplete
2008-12-29 12:56 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 17:07 --------- d-----w c:\program files\Google
2008-12-24 11:25 --------- d-----w c:\documents and settings\Administrateur\Application Data\HPAppData
2008-12-10 12:21 --------- d-----w c:\program files\Java
2008-10-30 16:55 --------- d-----w c:\program files\aideinfo
2008-02-02 18:47 126 ----a-w c:\documents and settings\Administrateur\patching.reg
2005-09-08 07:25 276 ----a-w c:\documents and settings\Administrateur\install.cmd
.
------- Sigcheck -------
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2005-01-03 19:16 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8437bb70509]
2008-12-25 21:29 135168 c:\windows\system32\ds32gt32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\explorer.exe"=
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-02-03 178913]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-qguqqqc - c:\documents and settings\administrateur\local settings\application data\qguqqqc.exe
HKU-Default-RunOnce-LSD_II - c:\windows\LSD\lsd.cmd
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 13:38:38
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\GroupPolicy000.dat 0 bytes
c:\windows\system32\GroupPolicyManifest
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\ds32gt32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Opera\opera.exe
.
**************************************************************************
.
Heure de fin: 2008-12-30 13:43:30 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-12-30 12:43:27
Avant-CF: 21,616,742,400 octets libres
Après-CF: 21,684,953,088 octets libres
174 --- E O F --- 2008-09-10 17:04:11
Voici se que j'ai obtenu de l'analyse du fichier sur Virus Total:
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2008.12.27 Trojan-Downloader.Win32.Tracur!IK
AhnLab-V3 2008.12.25.0 2008.12.27 Win-Trojan/Agent.135168.DL
AntiVir 7.9.0.45 2008.12.27 TR/Spy.Gen
Authentium 5.1.0.4 2008.12.27 W32/Heuristic-KPP!Eldorado
Avast 4.8.1281.0 2008.12.27 Win32:Spyware-gen
AVG 8.0.0.199 2008.12.26 Agent.AMYP
BitDefender 7.2 2008.12.27 Trojan.Downloader.JLKD
CAT-QuickHeal 10.00 2008.12.27 TrojanDownloader.Agent.arsg
ClamAV 0.94.1 2008.12.27 Trojan.Downloader-62388
Comodo 826 2008.12.27 TrojWare.Win32.TrojanDownloader.Agent.arsg
DrWeb 4.44.0.09170 2008.12.27 Trojan.DownLoad.26530
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 Win32/SillyDl.GES
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.24 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14332.0 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
Fortinet 3.117.0.0 2008.12.27 PossibleThreat
GData 19 2008.12.27 Trojan.Downloader.JLKD
Ikarus T3.1.1.45.0 2008.12.27 Trojan-Downloader.Win32.Tracur
K7AntiVirus 7.10.568 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
Kaspersky 7.0.0.125 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
McAfee 5476 2008.12.27 Generic Downloader.x
McAfee+Artemis 5476 2008.12.27 Generic Downloader.x
Microsoft 1.4205 2008.12.27 TrojanDownloader:Win32/Tracur.A
NOD32 3719 2008.12.27 Win32/Agent.OAF
Norman 5.80.02 2008.12.26 W32/DLoader.LUXM
Panda 9.0.0.4 2008.12.27 Trj/Downloader.MDW
PCTools 4.4.2.0 2008.12.27 -
Prevx1 V2 2008.12.27 Cloaked Malware
Rising 21.09.52.00 2008.12.27 Trojan.DL.Win32.Mnless.buo
SecureWeb-Gateway 6.7.6 2008.12.27 Trojan.Spy.Gen
Sophos 4.37.0 2008.12.27 Troj/Agent-IKQ
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.27 Downloader.Trojan
TheHacker 6.3.1.4.200 2008.12.26 Trojan/Downloader.Agent.arsg
TrendMicro 8.700.0.1004 2008.12.26 TROJ_AGENT.AEMH
VBA32 3.12.8.10 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.27 -
Information additionnelle
File size: 135168 bytes
MD5...: de7c6c753ba2b54c3080fa1d7189b294
SHA1..: c6afd88f5b68a9b1802af6bf5850387d5536cc77
SHA256: f1a49c8599149af15e1af728f048b2a55800b300f94e8b23a9dbfb1e2128fade
SHA512: 90100627d1131b6c5a9b8dd554fe3cf243f4a58c27b941f6970130a1f5c3af61
0c422e56b6428a97baeba25ae245867d6d1e8f4eaed396077083fbf84d74cbf8
ssdeep: 3072:ynHzaargsDli/VFyWMdKGIQ/VMnBGN0TBfCItnhZjQ:sHWWliNFyj+B00TB
qwnhBQ
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10001ff0
timedatestamp.....: 0x49283491 (Sat Nov 22 16:34:25 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15224 0x16000 6.46 b2a51b0d0f77443ff0ad537de55e0b38
.rdata 0x17000 0x6319 0x7000 6.29 66b304a3b9c2fb6934a1a268ea54cf9a
.data 0x1e000 0x1498 0x1000 2.08 e41c1d65c451f95e029882aeeb464886
.reloc 0x20000 0x1abc 0x2000 5.87 1b7f473a37a669a94a8b022bb0e83730
( 11 imports )
> ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv
> msvcrt.dll: strtok
> WS2_32.dll: WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, -, -, WSARecv, WSACreateEvent, WSAGetOverlappedResult, -, -, -, -, -, -
> WININET.dll: HttpOpenRequestA, HttpSendRequestA, InternetOpenA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle, InternetOpenUrlA, InternetSetOptionA, InternetConnectA, HttpAddRequestHeadersA
> OLEAUT32.dll: -, -
> SHLWAPI.dll: PathFileExistsA
> KERNEL32.dll: WaitForMultipleObjects, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, FreeLibrary, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedExchange, CreateEventA, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetFileSize, lstrcpyA, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, lstrlenA, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, EnterCriticalSection, CreateFileA, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess
> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA
> ADVAPI32.dll: RegCreateKeyExA, OpenServiceA, ControlService, ChangeServiceConfigA, RegDeleteKeyA, OpenSCManagerA, RegQueryValueExA, CloseServiceHandle, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA
> SHELL32.dll: ShellExecuteA, SHGetFolderPathA
> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance
( 2 exports )
DllGetClassObject, EventStartup
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2008.12.27 Trojan-Downloader.Win32.Tracur!IK
AhnLab-V3 2008.12.25.0 2008.12.27 Win-Trojan/Agent.135168.DL
AntiVir 7.9.0.45 2008.12.27 TR/Spy.Gen
Authentium 5.1.0.4 2008.12.27 W32/Heuristic-KPP!Eldorado
Avast 4.8.1281.0 2008.12.27 Win32:Spyware-gen
AVG 8.0.0.199 2008.12.26 Agent.AMYP
BitDefender 7.2 2008.12.27 Trojan.Downloader.JLKD
CAT-QuickHeal 10.00 2008.12.27 TrojanDownloader.Agent.arsg
ClamAV 0.94.1 2008.12.27 Trojan.Downloader-62388
Comodo 826 2008.12.27 TrojWare.Win32.TrojanDownloader.Agent.arsg
DrWeb 4.44.0.09170 2008.12.27 Trojan.DownLoad.26530
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 Win32/SillyDl.GES
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.24 W32/Heuristic-KPP!Eldorado
F-Secure 8.0.14332.0 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
Fortinet 3.117.0.0 2008.12.27 PossibleThreat
GData 19 2008.12.27 Trojan.Downloader.JLKD
Ikarus T3.1.1.45.0 2008.12.27 Trojan-Downloader.Win32.Tracur
K7AntiVirus 7.10.568 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
Kaspersky 7.0.0.125 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
McAfee 5476 2008.12.27 Generic Downloader.x
McAfee+Artemis 5476 2008.12.27 Generic Downloader.x
Microsoft 1.4205 2008.12.27 TrojanDownloader:Win32/Tracur.A
NOD32 3719 2008.12.27 Win32/Agent.OAF
Norman 5.80.02 2008.12.26 W32/DLoader.LUXM
Panda 9.0.0.4 2008.12.27 Trj/Downloader.MDW
PCTools 4.4.2.0 2008.12.27 -
Prevx1 V2 2008.12.27 Cloaked Malware
Rising 21.09.52.00 2008.12.27 Trojan.DL.Win32.Mnless.buo
SecureWeb-Gateway 6.7.6 2008.12.27 Trojan.Spy.Gen
Sophos 4.37.0 2008.12.27 Troj/Agent-IKQ
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.27 Downloader.Trojan
TheHacker 6.3.1.4.200 2008.12.26 Trojan/Downloader.Agent.arsg
TrendMicro 8.700.0.1004 2008.12.26 TROJ_AGENT.AEMH
VBA32 3.12.8.10 2008.12.27 Trojan-Downloader.Win32.Agent.arsg
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.27 -
Information additionnelle
File size: 135168 bytes
MD5...: de7c6c753ba2b54c3080fa1d7189b294
SHA1..: c6afd88f5b68a9b1802af6bf5850387d5536cc77
SHA256: f1a49c8599149af15e1af728f048b2a55800b300f94e8b23a9dbfb1e2128fade
SHA512: 90100627d1131b6c5a9b8dd554fe3cf243f4a58c27b941f6970130a1f5c3af61
0c422e56b6428a97baeba25ae245867d6d1e8f4eaed396077083fbf84d74cbf8
ssdeep: 3072:ynHzaargsDli/VFyWMdKGIQ/VMnBGN0TBfCItnhZjQ:sHWWliNFyj+B00TB
qwnhBQ
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10001ff0
timedatestamp.....: 0x49283491 (Sat Nov 22 16:34:25 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x15224 0x16000 6.46 b2a51b0d0f77443ff0ad537de55e0b38
.rdata 0x17000 0x6319 0x7000 6.29 66b304a3b9c2fb6934a1a268ea54cf9a
.data 0x1e000 0x1498 0x1000 2.08 e41c1d65c451f95e029882aeeb464886
.reloc 0x20000 0x1abc 0x2000 5.87 1b7f473a37a669a94a8b022bb0e83730
( 11 imports )
> ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv
> msvcrt.dll: strtok
> WS2_32.dll: WSASocketW, -, WSASend, -, WSAWaitForMultipleEvents, WSAIoctl, -, -, -, WSARecv, WSACreateEvent, WSAGetOverlappedResult, -, -, -, -, -, -
> WININET.dll: HttpOpenRequestA, HttpSendRequestA, InternetOpenA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle, InternetOpenUrlA, InternetSetOptionA, InternetConnectA, HttpAddRequestHeadersA
> OLEAUT32.dll: -, -
> SHLWAPI.dll: PathFileExistsA
> KERNEL32.dll: WaitForMultipleObjects, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, FreeLibrary, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedExchange, CreateEventA, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, GetFileSize, lstrcpyA, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, lstrlenA, CreateMutexA, SetEvent, TerminateThread, Sleep, OutputDebugStringA, DuplicateHandle, GetExitCodeThread, FlushFileBuffers, ReleaseMutex, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetLastError, GetFileInformationByHandle, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, EnterCriticalSection, CreateFileA, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, VirtualProtect, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess
> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA
> ADVAPI32.dll: RegCreateKeyExA, OpenServiceA, ControlService, ChangeServiceConfigA, RegDeleteKeyA, OpenSCManagerA, RegQueryValueExA, CloseServiceHandle, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA
> SHELL32.dll: ShellExecuteA, SHGetFolderPathA
> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance
( 2 exports )
DllGetClassObject, EventStartup
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
![]()
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
Folder::
c:\windows\system32\GroupPolicyManifest
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8437bb70509]
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
Folder::
c:\windows\system32\GroupPolicyManifest
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8437bb70509]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
Voici le rapport de Combofix:
ComboFix 08-12-30.02 - Administrateur 2008-12-31 16:58:14.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.223.31 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\020000007f0256af509C.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509O.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509P.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
.
2008-12-25 18:41 . 2008-12-25 18:41 <REP> dr-h----- c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-25 18:41 . 2008-12-25 18:41 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-25 18:17 . 2008-12-25 18:17 <REP> d-------- c:\program files\Atari
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Logitech
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Fichiers communs\Logitech
2008-12-25 18:10 . 2004-05-13 23:40 167,936 --a------ c:\windows\system32\WmJoyFrc.dll
2008-12-25 18:10 . 2004-05-13 23:54 44,384 --a------ c:\windows\system32\drivers\WmXlCore.sys
2008-12-25 18:10 . 2004-05-13 23:54 21,440 --a------ c:\windows\system32\drivers\WmFilter.sys
2008-12-25 18:10 . 2004-05-13 23:54 14,720 --a------ c:\windows\system32\drivers\WmHidLo.sys
2008-12-25 18:10 . 2004-05-13 23:54 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2008-12-25 18:10 . 2004-05-13 23:54 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2008-12-10 13:22 . 2008-12-10 13:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-11 20:37 . 2008-11-11 20:37 0 --a------ c:\windows\graphedit.INI
2008-11-11 20:11 . 2008-11-11 20:11 <REP> d--h----- c:\windows\PIF
2008-11-11 19:32 . 2008-11-11 19:32 <REP> d-------- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 16:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-31 12:06 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-12-30 21:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\HPAppData
2008-12-29 17:36 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\Incomplete
2008-12-29 12:56 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 17:07 --------- d-----w c:\program files\Google
2008-12-10 12:21 --------- d-----w c:\program files\Java
2008-10-30 16:55 --------- d-----w c:\program files\aideinfo
2008-02-02 18:47 126 ----a-w c:\documents and settings\Administrateur\patching.reg
2005-09-08 07:25 276 ----a-w c:\documents and settings\Administrateur\install.cmd
.
------- Sigcheck -------
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2005-01-03 19:16 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-30_13.42.47.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 16:03:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_270.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-02-03 178913]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 17:05:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Administrator\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
@Security="Inherited"
"??"=hex:7b,00,59,e5,c8,29,95,73,e9,23,65,24,45,60,a7,f2,f0,1b,c5,20,9c,52,25,\
96,45,33,0e,70,2d,77,32,e9,5a,00,3a,99,0b,88,b9,36,29,c7,c0,ac,b2,90,4d,21,\
64,b7,d3,d3,ac,0a,58,ab,8c,f9,77,88,13,64,a1,0c,d2,56,e2,7c,86,63,d7,58,4a,\
ed,30,8f,43,da,ef,07,10,57,be,bc,c8,a4,5a,e2,59,27,7b,c0,3b,8b,4b,ae,a9,96,\
e7,f7,f2,bf,14,be,74,40,be,48,8e,fc,cb,16,43,45,a8,6f,60,80,3c,87,75,5b,0a,\
51,af,ec,9e,c4,ed,95,97,a7,54,85,0b,77,2e,9b,f1,7f,80,78,4c,dc,34,87,35,f6,\
aa,cc,dd,48,9e,88,a6,ab,66,3a,d4,72,63,28,cb,59,4b,d6,04,51,21,d5,58,cd,ce,\
4b,a4,b6,c1,91,49,12,7a,bd,c9,46,05,53,74,48,5c,77,65,c4,9a,65,30,f1,b1,c6,\
fb,08,ba,31,5c,d6,a3,d1,6e,2c,a1,18,52,bb,dc,04,8c,98,01,a6,db,46,f0,f5,65,\
22,ea,59,f5,8f,f1,0b,a3,79,24,c6,84,62,1b,b6,c5,34,e5,39,27,12,9a,67,9b,d2,\
e1,f1,ef,56,58,e3,8a,f4,1e,2a,87,48,62,da,3b,77,5d,58,5b,20,99,17,b2,02,1a,\
52,c6,df,b7,31,71,b6,53,83,4b,5b,c8,cd,93,e2,34,33,61,6f,95,9c,3d,40,0a,c9,\
16,88,85,bd,80,56,a5,49,c2,a5,32,44,a6,76,cb,41,5a,42,2a,cd,53,7c,fd,f5,ca,\
43,7d,a3,02,d7,e1,67,24,ca,12,94,e3,f2,59,18,ad,56,0a,e4,89,ef,58,c6,83,20,\
fd,37,5a,7c,52,f5,7e,6d,80,32,23,0b,46,3d,5c,21,f4,5b,ff,85,6a,e1,34,5f,cb,\
35,48,bb,9a,91,d2,ca,3e,43,c5,dc,2d,ce,62,9c,db,82,fa,54,94,db,29,ec,87,ee,\
58,6f,1a,23,a4,e1,c6,3c,29,a5,89,64,84,58,b0,09,9e,7c,91,07,1b,94,aa,fc,cf,\
02,0d,e6,8f,80,d0,b3,f7,bc,c3,07,35,56,b3,88,25,1b,5a,44,9a,49,ee,1b,a5,5a,\
84,a9,03,b4,ef,d0,bf,a9,c8,cc,49,aa,a8,8f,91,d9,d2,1a,e7,e8,b4,59,4e,3f,fa,\
7a,c3,78,49,22,ed,16,b7,37,ff,57,08,4a,2a,10,26,25,a1,2e,aa,51,09,54,7a,8e,\
1a,ee,46,f4,67,61,b2,b4,6b,bd,81,8d,8a,e7,cd,c8,4a,a5,39,4c,bb,ea,7b,8e,71,\
42,fa,c1,30,b3,70,18,fb,82,4c,85,fa,aa,ea,fd,77,a2,8a,2b,0c,87,8f,06,94,d7,\
bc,63,c7,25,89,c3,fe,ff,e1,b4,cd,69,f2,a5,64,17,1d,01,57,6e,95,3a,fe,0f,4c,\
6e,99,5c,a8,9c,bb,38,45,9d,4e,85,47,08,3d,0c,19,5e,61,93,aa,32,ec,15,df,ca,\
ff,9e,20,f6,04,76,43,e0,bd,33,5b,ff,58,8d,65,cd,ca,c4,f8,d4,1f,8b,08,4a,71,\
65,1f,87,e4,62,c5,c3,62,b8,1b,bf,90,2c,0e,71,1d,bf,f2,51,45,76,13,aa,a5,e8,\
cd,9f,22,54,68,67,e0,ea,8c,09,08,ab,0d,31,79,73,84,b8,6f,e5,45,d8,9d,e0,1f,\
48,db,ca,bb,0b,5d,81,2b,55,47,c6,d9,19,20,16,a5,f8,dd,a7,bf,d4,d8,5a,98,48,\
bd,3d,08,35,72,77,7b,b9,56,c3,39,53,f5,38,b4,dd,fe,d4,6b,31,78,3d,11,ea,43,\
b6,cb,dd,d1,f3,45,1f,44,e7,ba,8a,5e,d2,4b,17,47,1c,3d,3f,ca,84,28,aa,0c,c9,\
87,15,05,b4,30,69,44,f9,7b,92,93,d6,d0,30,f2,6e,37,5f,88,33,60,0e,55,3e,38,\
f6,68,e9,6b,b9,ec,0d,30,01,1f,12,88,b1,f5,f2,e5,1c,f1,08,22,42,8b,b5,f3,90,\
d6,32,bc,eb,1a,57,f1,58,94,41,86,e9,58,35,a2,b7,d0,a8,f3,ad,83,93,ca,0d,72,\
ba,b8,e4,49,f0,42,25,50,59,cb,eb,6b,6b,6c,e4,19,c9,e6,67,16,ac,e8,2b,fa,c2,\
85,bd,d2,8b,9d,b5,d2,8b,85
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
@Security="Inherited"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-12-31 17:09:50 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-12-31 16:09:46
ComboFix2.txt 2008-12-30 12:43:32
Avant-CF: 21 680 201 728 octets libres
Après-CF: 21,681,324,032 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
207 --- E O F --- 2008-09-10 17:04:11
ComboFix 08-12-30.02 - Administrateur 2008-12-31 16:58:14.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.223.31 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\020000007f0256af509C.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509O.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509P.manifest
c:\documents and settings\Administrateur\Application Data\020000007f0256af509S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\1.tmp
c:\windows\system32\374.tmp
c:\windows\system32\ds32gt32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-31 ))))))))))))))))))))))))))))))))))))
.
2008-12-25 18:41 . 2008-12-25 18:41 <REP> dr-h----- c:\documents and settings\Administrateur\Application Data\SecuROM
2008-12-25 18:41 . 2008-12-25 18:41 108,144 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-25 18:17 . 2008-12-25 18:17 <REP> d-------- c:\program files\Atari
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Logitech
2008-12-25 18:10 . 2008-12-25 18:10 <REP> d-------- c:\program files\Fichiers communs\Logitech
2008-12-25 18:10 . 2004-05-13 23:40 167,936 --a------ c:\windows\system32\WmJoyFrc.dll
2008-12-25 18:10 . 2004-05-13 23:54 44,384 --a------ c:\windows\system32\drivers\WmXlCore.sys
2008-12-25 18:10 . 2004-05-13 23:54 21,440 --a------ c:\windows\system32\drivers\WmFilter.sys
2008-12-25 18:10 . 2004-05-13 23:54 14,720 --a------ c:\windows\system32\drivers\WmHidLo.sys
2008-12-25 18:10 . 2004-05-13 23:54 10,144 --a------ c:\windows\system32\drivers\WmBEnum.sys
2008-12-25 18:10 . 2004-05-13 23:54 5,600 --a------ c:\windows\system32\drivers\WmVirHid.sys
2008-12-10 13:22 . 2008-12-10 13:21 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-11 20:37 . 2008-11-11 20:37 0 --a------ c:\windows\graphedit.INI
2008-11-11 20:11 . 2008-11-11 20:11 <REP> d--h----- c:\windows\PIF
2008-11-11 19:32 . 2008-11-11 19:32 <REP> d-------- c:\program files\K-Lite Codec Pack
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 16:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-12-31 12:06 --------- d-----w c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2008-12-30 21:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\HPAppData
2008-12-29 17:36 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\LimeWire
2008-12-29 13:42 --------- d-----w c:\program files\Incomplete
2008-12-29 12:56 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 17:07 --------- d-----w c:\program files\Google
2008-12-10 12:21 --------- d-----w c:\program files\Java
2008-10-30 16:55 --------- d-----w c:\program files\aideinfo
2008-02-02 18:47 126 ----a-w c:\documents and settings\Administrateur\patching.reg
2005-09-08 07:25 276 ----a-w c:\documents and settings\Administrateur\install.cmd
.
------- Sigcheck -------
2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll
2005-01-03 19:16 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-30_13.42.47.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 16:03:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_270.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-08 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"VTTimer"="VTTimer.exe" [2003-08-20 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2008-02-03 178913]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 17:05:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Administrator\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
@Security="Inherited"
"??"=hex:7b,00,59,e5,c8,29,95,73,e9,23,65,24,45,60,a7,f2,f0,1b,c5,20,9c,52,25,\
96,45,33,0e,70,2d,77,32,e9,5a,00,3a,99,0b,88,b9,36,29,c7,c0,ac,b2,90,4d,21,\
64,b7,d3,d3,ac,0a,58,ab,8c,f9,77,88,13,64,a1,0c,d2,56,e2,7c,86,63,d7,58,4a,\
ed,30,8f,43,da,ef,07,10,57,be,bc,c8,a4,5a,e2,59,27,7b,c0,3b,8b,4b,ae,a9,96,\
e7,f7,f2,bf,14,be,74,40,be,48,8e,fc,cb,16,43,45,a8,6f,60,80,3c,87,75,5b,0a,\
51,af,ec,9e,c4,ed,95,97,a7,54,85,0b,77,2e,9b,f1,7f,80,78,4c,dc,34,87,35,f6,\
aa,cc,dd,48,9e,88,a6,ab,66,3a,d4,72,63,28,cb,59,4b,d6,04,51,21,d5,58,cd,ce,\
4b,a4,b6,c1,91,49,12,7a,bd,c9,46,05,53,74,48,5c,77,65,c4,9a,65,30,f1,b1,c6,\
fb,08,ba,31,5c,d6,a3,d1,6e,2c,a1,18,52,bb,dc,04,8c,98,01,a6,db,46,f0,f5,65,\
22,ea,59,f5,8f,f1,0b,a3,79,24,c6,84,62,1b,b6,c5,34,e5,39,27,12,9a,67,9b,d2,\
e1,f1,ef,56,58,e3,8a,f4,1e,2a,87,48,62,da,3b,77,5d,58,5b,20,99,17,b2,02,1a,\
52,c6,df,b7,31,71,b6,53,83,4b,5b,c8,cd,93,e2,34,33,61,6f,95,9c,3d,40,0a,c9,\
16,88,85,bd,80,56,a5,49,c2,a5,32,44,a6,76,cb,41,5a,42,2a,cd,53,7c,fd,f5,ca,\
43,7d,a3,02,d7,e1,67,24,ca,12,94,e3,f2,59,18,ad,56,0a,e4,89,ef,58,c6,83,20,\
fd,37,5a,7c,52,f5,7e,6d,80,32,23,0b,46,3d,5c,21,f4,5b,ff,85,6a,e1,34,5f,cb,\
35,48,bb,9a,91,d2,ca,3e,43,c5,dc,2d,ce,62,9c,db,82,fa,54,94,db,29,ec,87,ee,\
58,6f,1a,23,a4,e1,c6,3c,29,a5,89,64,84,58,b0,09,9e,7c,91,07,1b,94,aa,fc,cf,\
02,0d,e6,8f,80,d0,b3,f7,bc,c3,07,35,56,b3,88,25,1b,5a,44,9a,49,ee,1b,a5,5a,\
84,a9,03,b4,ef,d0,bf,a9,c8,cc,49,aa,a8,8f,91,d9,d2,1a,e7,e8,b4,59,4e,3f,fa,\
7a,c3,78,49,22,ed,16,b7,37,ff,57,08,4a,2a,10,26,25,a1,2e,aa,51,09,54,7a,8e,\
1a,ee,46,f4,67,61,b2,b4,6b,bd,81,8d,8a,e7,cd,c8,4a,a5,39,4c,bb,ea,7b,8e,71,\
42,fa,c1,30,b3,70,18,fb,82,4c,85,fa,aa,ea,fd,77,a2,8a,2b,0c,87,8f,06,94,d7,\
bc,63,c7,25,89,c3,fe,ff,e1,b4,cd,69,f2,a5,64,17,1d,01,57,6e,95,3a,fe,0f,4c,\
6e,99,5c,a8,9c,bb,38,45,9d,4e,85,47,08,3d,0c,19,5e,61,93,aa,32,ec,15,df,ca,\
ff,9e,20,f6,04,76,43,e0,bd,33,5b,ff,58,8d,65,cd,ca,c4,f8,d4,1f,8b,08,4a,71,\
65,1f,87,e4,62,c5,c3,62,b8,1b,bf,90,2c,0e,71,1d,bf,f2,51,45,76,13,aa,a5,e8,\
cd,9f,22,54,68,67,e0,ea,8c,09,08,ab,0d,31,79,73,84,b8,6f,e5,45,d8,9d,e0,1f,\
48,db,ca,bb,0b,5d,81,2b,55,47,c6,d9,19,20,16,a5,f8,dd,a7,bf,d4,d8,5a,98,48,\
bd,3d,08,35,72,77,7b,b9,56,c3,39,53,f5,38,b4,dd,fe,d4,6b,31,78,3d,11,ea,43,\
b6,cb,dd,d1,f3,45,1f,44,e7,ba,8a,5e,d2,4b,17,47,1c,3d,3f,ca,84,28,aa,0c,c9,\
87,15,05,b4,30,69,44,f9,7b,92,93,d6,d0,30,f2,6e,37,5f,88,33,60,0e,55,3e,38,\
f6,68,e9,6b,b9,ec,0d,30,01,1f,12,88,b1,f5,f2,e5,1c,f1,08,22,42,8b,b5,f3,90,\
d6,32,bc,eb,1a,57,f1,58,94,41,86,e9,58,35,a2,b7,d0,a8,f3,ad,83,93,ca,0d,72,\
ba,b8,e4,49,f0,42,25,50,59,cb,eb,6b,6b,6c,e4,19,c9,e6,67,16,ac,e8,2b,fa,c2,\
85,bd,d2,8b,9d,b5,d2,8b,85
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*NULL*]
@Security="Inherited"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-12-31 17:09:50 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2008-12-31 16:09:46
ComboFix2.txt 2008-12-30 12:43:32
Avant-CF: 21 680 201 728 octets libres
Après-CF: 21,681,324,032 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
207 --- E O F --- 2008-09-10 17:04:11
Voici le Rapport de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14, on 31/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7506 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14, on 31/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID....
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 7506 bytes
Lassé par la pub ? Créez un compte
