Problem avec Root kit
Forum Sécurité - Virus : Problem avec Root kit
voila mon rapport :
Logfile of HijackThis v1.99.1
Scan saved at 11:28:58, on 25/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dgrpencx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PostgreSQL\8.1\bin\postmaster.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\Symantec\DelFax\WFXMOD32.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\Program Files\PostgreSQL\8.1\bin\postgres.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\utilman.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Java Class - {28B1A67D-28B1-4598-8E5E-BE6499B2086C} - C:\WINDOWS\java\classes\java.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Fenêtre d'état de Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kernel32.sys
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Digi RealPort Network Service (DgRpEncx) - Digi International Inc. - C:\WINDOWS\system32\dgrpencx.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - Unknown owner - C:\Program Files\PostgreSQL\8.0\bin\pg_ctl.exe" runservice -N "pgsql-8.0" -D "C:\Program Files\PostgreSQL\8.0\data\ (file missing)
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - Unknown owner - C:\Program Files\PostgreSQL\8.1\bin\pg_ctl.exe" runservice -N "pgsql-8.1" -D "C:\Program Files\PostgreSQL\8.1\data\ (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Player\\" -s ufad-p2v.xml (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Un bonjour ?
Télécharge ComboFix (de sUBs) sur ton Bureau.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
- Double clique sur ComboFix.exe.
- Accepte la licence en cliquant sur Oui.
- Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
- Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Répondre à Angeldark
Bonjour, merci pour votre aide ... ci apres le rapport de combofix :
ComboFix 09-02-24.02 - Siraj DHRAIEF 2009-02-26 12:01:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1022.490 [GMT 1:00]
Lancé depuis: c:\documents and settings\Siraj DHRAIEF\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)
FW: Norton Internet Security 2006 *enabled*
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\install.exe
C:\jeorels.cmd
C:\qxty9be.cmd
c:\windows\IE4 Error Log.txt
c:\windows\java\classes\java.dll.
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-26 au 2009-02-26 ))))))))))))))))))))))))))))))))))))
.
2009-02-26 08:16 . 2009-02-26 08:16 103,663 -r-hs---- C:\wx8o0bt1.com
2009-02-25 17:42 . 2009-02-25 18:16 <REP> d-------- C:\excel
2009-02-25 11:27 . 2009-02-25 11:29 <REP> d-------- C:\hijackthis
2009-02-25 11:27 . 2009-02-25 11:27 212,849 --a------ C:\hijackthis.zip
2009-02-25 10:12 . 2009-02-26 12:09 <REP> d-------- c:\program files\SuperCopier2
2009-02-12 09:58 . 2009-02-18 21:26 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-12 09:58 . 2009-02-12 09:58 1,409 --a------ c:\windows\QTFont.for
2009-02-03 17:35 . 2009-02-03 17:36 19,553 --a------ C:\carte-invitation-anniversaire.JPG
2009-02-03 17:32 . 2009-02-03 17:32 24,880 --a------ C:\carte-invitation-anniversaire.3
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 11:11 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-02-26 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-02-26 07:26 --------- d-----w c:\documents and settings\Siraj DHRAIEF\Application Data\Skype
2009-02-24 07:34 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-01-23 07:16 --------- d-----w c:\documents and settings\Siraj DHRAIEF\Application Data\FileZilla
2007-08-01 12:37 92,064 ----a-w c:\documents and settings\Siraj DHRAIEF\mqdmmdm.sys
2007-08-01 12:37 9,232 ----a-w c:\documents and settings\Siraj DHRAIEF\mqdmmdfl.sys
2007-08-01 12:37 79,328 ----a-w c:\documents and settings\Siraj DHRAIEF\mqdmserd.sys
2007-08-01 12:37 66,656 ----a-w c:\documents and settings\Siraj DHRAIEF\mqdmbus.sys
2007-08-01 12:37 6,208 ----a-w c:\documents and settings\Siraj DHRAIEF\mqdmcmnt.sys
2007-08-01 12:37 5,936 ----a-w c:\documents and settings\Siraj DHRAIEF\mqdmwhnt.sys
2007-08-01 12:37 4,048 ----a-w c:\documents and settings\Siraj DHRAIEF\mqdmcr.sys
2007-08-01 12:37 25,600 ----a-w c:\documents and settings\Siraj DHRAIEF\usbsermptxp.sys
2007-08-01 12:37 22,768 ----a-w c:\documents and settings\Siraj DHRAIEF\usbsermpt.sys
2008-11-19 21:05 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-19 21:05 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-19 21:05 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-19 21:05 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-19 21:05 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-05 25370152]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2005-09-29 120464]
"SSC_UserPrompt"="c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-10 218240]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-05-04 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-04-12 83608]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-29 22528]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 937984]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-09-18 64048]
"nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 c:\windows\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-05-03 c:\windows\system32\WFXSNT40.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\Siraj DHRAIEF\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 59080]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Fenˆtre d'‚tat de Canon LASER SHOT LBP-1120.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-02-08 30720]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PGPtray.lnk - c:\program files\PGP Corporation\PGP for Windows XP\PGPtray.exe [2007-02-07 339968]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-10-27 69632]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\DelFax\WfxSeh32.Dll" [1998-07-27 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dgrpencx.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1099:TCP"= 1099:TCP:rmi
R2 DgRpEncx;Digi RealPort Network Service;c:\windows\system32\dgrpencx.exe [2008-04-17 753787]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2007-02-07 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2007-02-07 26624]
R2 pgsql-8.1;PostgreSQL Database Server 8.1;c:\program files\PostgreSQL\8.1\bin\pg_ctl.exe [2007-09-17 75207]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-09-18 54960]
R3 DIGIRPS;Digi RealPort Driver;c:\windows\system32\drivers\digirlpt.sys [2008-04-17 132971]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2006-09-22 99176]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-22 7040]
S3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [2007-05-29 72192]
S3 ACR88BUS;ACR88 USB BUS Driver;c:\windows\system32\drivers\acr88bus.sys [2007-06-21 22400]
S3 ACR88FNC;ACR88 Onboard Peripherals;c:\windows\system32\drivers\acr88fnc.sys [2007-06-21 17152]
S3 ACR88SAM;ACR88 Card Viewer SAM Reader;c:\windows\system32\drivers\acr88sam.sys [2007-06-21 21504]
S3 ACR88SLT;ACR88 Card Viewer Reader;c:\windows\system32\drivers\acr88slt.sys [2007-06-21 22784]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]
S3 BIOTKEY;BioTRUSTKey;c:\windows\system32\drivers\biotkwxp.sys [2007-02-09 23296]
S3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [2006-09-12 53248]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - COMHOST
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c34005a-127d-11dc-be10-00a0d163eb10}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23ef8ac0-f4d1-11dc-bfab-00a0d163eb10}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23ef8ac1-f4d1-11dc-bfab-00a0d163eb10}]
\Shell\AutoRun\command - F:\c9hehpa.bat
\Shell\explore\Command - F:\c9hehpa.bat
\Shell\open\Command - F:\c9hehpa.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25169864-61f5-11dd-80b0-00a0d163eb10}]
\Shell\AutoRun\command - ybj8df.exe
\Shell\explore\Command - ybj8df.exe
\Shell\open\Command - ybj8df.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3862a540-a312-11dc-bf11-00a0d163eb10}]
\Shell\AutoRun\command - E:\SCVHOST.exe
\Shell\Open\command - E:\SCVHOST.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3afa7c97-893d-11dd-8104-00a0d163eb10}]
\Shell\AutoRun\command - F:\qxty9be.cmd
\Shell\open\Command - F:\qxty9be.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{471eb1a0-9da9-11dc-bf00-00a0d163eb10}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\explore\Command - E:\c9hehpa.bat
\Shell\open\Command - E:\c9hehpa.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5759a86c-031b-11de-8286-0019d20ddd2b}]
\Shell\AutoRun\command - E:\qxty9be.cmd
\Shell\open\Command - E:\qxty9be.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6166067f-e607-11dd-8232-0019d20ddd2b}]
\Shell\AutoRun\command - E:\c9hehpa.bat
\Shell\explore\Command - E:\c9hehpa.bat
\Shell\open\Command - E:\c9hehpa.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5de5df5-c024-11dc-bf49-00a0d163eb10}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d872a810-c2b7-11dc-bf4f-00a0d163eb10}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e625a7e1-b517-11dc-bf36-00a0d163eb10}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eecbfbdc-df78-11dc-bf77-00a0d163eb10}]
\Shell\AutoRun\command - E:\0hct8ybw.bat
\Shell\explore\Command - E:\0hct8ybw.bat
\Shell\open\Command - E:\0hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f53e50ae-cd25-11dd-81e8-0019d20ddd2b}]
\Shell\AutoRun\command - uvsqfgwd.cmd
\Shell\open\Command - uvsqfgwd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa62d9e-8395-11dc-beb4-00a0d163eb10}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
.
Contenu du dossier 'Tâches planifiées'
2009-02-26 c:\windows\Tasks\Check Updates for MSN Search Toolbar.job
- c:\program files\MSN Toolbar Suite\MSNTBUP.EXE [2005-11-09 17:52]
2006-09-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-22 17:21]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{28B1A67D-28B1-4598-8E5E-BE6499B2086C} - c:\windows\java\classes\java.dll
HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &MSN Search - c:\program files\MSN Toolbar Suite\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Siraj DHRAIEF\Application Data\Mozilla\Firefox\Profiles\79hh65tf.default\
FF - prefs.js: browser.startup.homepage - hxxp://localhost:8080/AdminApp/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 12:12:50
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\SIRAJD~1\LOCALS~1\Temp\mc28.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\CAP3RSK.EXE
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TPSBattM.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PGPServ.exe
c:\program files\PostgreSQL\8.1\bin\postmaster.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\WFXSVC.EXE
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\progra~1\Symantec\DelFax\WFXMOD32.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\PostgreSQL\8.1\bin\postgres.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\PostgreSQL\8.1\bin\postgres.exe
c:\program files\PostgreSQL\8.1\bin\postgres.exe
c:\program files\PostgreSQL\8.1\bin\postgres.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\program files\MSN Toolbar Suite\msn_sl.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Heure de fin: 2009-02-26 12:17:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-26 11:17:39
Avant-CF: 41 899 945 984 octets libres
Après-CF: 42,509,885,440 octets libres
307
Cordialement
Re,
Sélectionne l'intégralité du cadre ci-dessous :
Registry::
|
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix.
- Tu devras accepter la licence.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Répondre à Angeldark
Il y a 380 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
