|
|
Auteur
|
Message
|
1
|
|
|
|
salut a tous,
je me suis choper un mechant virus ou trojean voir les 2 je ne serais dire, lorsque j'ouvre une page internet , la page est vierge il y a marquer "Insecure Internet activity. Threat of virus attack" sans parler que sur mon bureau le fond est bleu avec une fenetre jaune indiquant "WARNING!! SPYWARE DETECTED ON YOUR COMPUTER" et j'ai sans cesse une autre fenetre d'un soit disant anti-virus "ANTIVIRUS XP 2008" qui s'ouvre!
sans parler que mon pc tourne au ralentis.
donc si quelqu'un avait la solution ca m'arrangerait beaucoup.
d'avance merci
|
|
|
|
|
Salut rayan7
Télécharge Hijackthis V 2.02 sur le bureau :
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
- Double clique sur HJTInstall.exe sur le bureau
- Clique sur Install ensuite sur I Accept
- ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).
- lancer HJT et clic sur Do a system scan and save a logfile
Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.
Dans ta prochaine réponse, faire un clic droit et coller.
Aide : http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)
@++
|
|
|
|
|
salut dédétraqué,
merci d'avance pour le coup de main,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:56, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\xqjepapo\vytsrgps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Athan\Athan.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc9anj0evar.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\rhccanj0evar\rhccanj0evar.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ixsrotil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\WINDOWS\system32\pphc9anj0evar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphc9anj0evar] C:\WINDOWS\system32\lphc9anj0evar.exe
O4 - HKLM\..\Run: [SMrhccanj0evar] C:\Program Files\rhccanj0evar\rhccanj0evar.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [GenProcSys] C:\WINDOWS\system32\nohubczw.exe
O4 - HKCU\..\Run: [UiAppWeb] C:\WINDOWS\system32\ixsrotil.exe
O4 - HKCU\..\Run: [procchksrv] C:\WINDOWS\system32\sdkbmhuv.exe
O4 - HKLM\..\Policies\Explorer\Run: [wt2slV5qTR] C:\Documents and Settings\All Users\Application Data\xqjepapo\vytsrgps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE One6.0\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EE15FB7-D9D8-43F5-B7E7-ED7FA9EECB04}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8EEFAD6-DEA5-46AA-957D-DAC93AA707FF}: NameServer = 194.117.200.10,194.117.200.15
O21 - SSODL: EnApi - {0AF30382-B7E1-877E-3653-08995DEB0CF0} - C:\Program Files\ltipwke\EnApi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 11864 bytes
|
|
|
|
|
Salut rayan7
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe tape 1 valide par Entrée pour lancer le scan
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++
|
|
|
|
|
salut dédétraqué ,
désolé pour hier j'ai eu une urgence, voila le rapport de combofix,
ComboFix 08-07-20.A0 - RAY4N 2008-07-22 11:25:15.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1453 [GMT 2:00]
Endroit: C:\Documents and Settings\RAY4N\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\RAY4N\Application Data\rhccanj0evar
C:\Program Files\rhccanj0evar
C:\WINDOWS\system32\blphc9anj0evar.scr
C:\WINDOWS\system32\lphc9anj0evar.exe
C:\WINDOWS\system32\phc9anj0evar.bmp
C:\WINDOWS\system32\pphc9anj0evar.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
.
2008-07-22 11:28 . 2008-07-22 11:28 110,080 --a------ C:\WINDOWS\system32\lphc9anj0evar.exe
2008-07-22 11:28 . 2008-07-22 11:28 90,838 --a------ C:\WINDOWS\system32\phc9anj0evar.bmp
2008-07-22 11:28 . 2008-07-22 11:28 77,824 --a------ C:\WINDOWS\system32\bebqvaxy.exe
2008-07-22 11:28 . 2008-07-22 11:28 60,928 --a------ C:\WINDOWS\system32\blphc9anj0evar.scr
2008-07-21 23:47 . 2008-07-21 23:47 110,080 --a------ C:\WINDOWS\system32\lsjgtkve.exe
2008-07-21 23:47 . 2008-07-21 23:47 81,920 --a------ C:\WINDOWS\system32\johgzspq.exe
2008-07-21 23:19 . 2008-07-22 11:26 94,208 --a------ C:\WINDOWS\system32\1D.tmp
2008-07-21 23:19 . 2008-07-22 10:53 94,208 --a------ C:\WINDOWS\system32\1C.tmp
2008-07-21 23:17 . 2008-07-21 23:17 81,920 --a------ C:\WINDOWS\system32\hufqfupi.exe
2008-07-21 22:53 . 2008-07-21 22:53 <REP> d-------- C:\Program Files\Trend Micro
2008-07-21 09:42 . 2008-07-21 22:52 <REP> d-------- C:\Toolbar SD
2008-07-21 09:24 . 2008-07-21 10:25 4,178 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-21 09:24 . 2008-07-21 09:24 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-21 09:23 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-21 09:23 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-21 09:23 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-21 09:23 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-21 09:23 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-21 09:23 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-21 09:23 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-21 09:23 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-21 09:23 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-20 20:25 . 2008-07-20 20:25 110,080 --a------ C:\WINDOWS\system32\epwjexur.exe
2008-07-20 20:25 . 2008-07-20 20:25 81,920 --a------ C:\WINDOWS\system32\sdkbmhuv.exe
2008-07-20 14:22 . 2008-07-20 20:41 <REP> d-------- C:\Program Files\Lavasoft
2008-07-20 14:22 . 2008-07-20 20:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-20 14:15 . 2008-07-20 14:15 110,080 --a------ C:\WINDOWS\system32\qhizqrqx.exe
2008-07-20 14:15 . 2008-07-20 14:15 98,304 --a------ C:\WINDOWS\system32\ixsrotil.exe
2008-07-20 12:34 . 2008-07-20 12:34 <REP> d-------- C:\Program Files\ltipwke
2008-07-20 12:34 . 2008-07-20 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\xqjepapo
2008-07-20 12:34 . 2008-07-20 12:34 98,304 --a------ C:\WINDOWS\system32\nohubczw.exe
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\WINWGPX.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\winsystem.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\winlogonpc.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\vbsys2.MSNFix
2008-07-19 22:22 . 2008-07-19 22:22 <REP> d-------- C:\Program Files\iTunes
2008-07-19 22:22 . 2008-07-19 22:22 <REP> d-------- C:\Program Files\iPod
2008-07-19 22:21 . 2008-07-19 22:21 <REP> d-------- C:\Program Files\QuickTime
2008-07-15 13:10 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-15 13:10 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-15 13:10 . 2008-07-15 13:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-15 13:10 . 2008-07-15 13:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-15 13:08 . 2008-07-15 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-07-15 13:07 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-15 13:07 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-15 13:07 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-15 13:07 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-15 13:07 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-15 13:07 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-24 22:58 . 2008-06-24 23:00 <REP> d-------- C:\Program Files\EO Video
2008-06-24 00:13 . 2008-06-24 00:13 <REP> d-------- C:\WINDOWS\Ulead.dat
2008-06-24 00:13 . 2008-07-15 21:44 89 --a------ C:\WINDOWS\ULead32.ini
2008-06-24 00:12 . 2008-06-24 00:13 436 --a------ C:\WINDOWS\VFO.VST
2008-06-24 00:12 . 2008-06-24 00:12 41 --a------ C:\WINDOWS\system32\blue.SITENAME
2008-06-24 00:10 . 2000-05-02 10:17 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-24 00:00 . 2008-06-24 00:00 <REP> d-------- C:\WINDOWS\system32\Quicktime
2008-06-24 00:00 . 2008-07-15 21:45 1,346 --a------ C:\WINDOWS\VFO.INI
2008-06-23 23:58 . 2008-06-24 00:04 <REP> d-------- C:\Program Files\Liquid.6
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 08:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-21 08:02 --------- d-----w C:\Program Files\Yahoo!
2008-07-21 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 23:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-20 23:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-17 00:59 --------- d-----w C:\Program Files\eMule
2008-07-15 11:06 --------- d-----w C:\Program Files\Nokia
2008-07-15 11:06 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-07-15 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-14 23:01 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\HP
2008-07-14 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-06-23 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-06-23 22:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 22:10 --------- d-----w C:\Program Files\Pinnacle
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 14:16 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\TaoUSign
2008-06-15 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-15 22:32 --------- d-----w C:\Program Files\DivX
2008-06-15 22:31 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-06-15 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-14 18:30 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\Nokia Multimedia Player
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 23:01 --------- d-----w C:\Program Files\MoviePod
2008-06-06 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-06 14:19 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\Yahoo!
2008-06-04 23:09 --------- d-----w C:\Program Files\Digital Video Duplicator
2008-06-04 23:01 --------- d-----w C:\Program Files\WinASPI
2008-06-04 23:01 --------- d-----w C:\Program Files\Morgan
2008-06-04 23:01 --------- d-----w C:\Program Files\Gabest
2008-06-04 23:01 --------- d-----w C:\Program Files\AC3Filter
2008-06-01 16:48 --------- d-----w C:\Program Files\AVSTool
2008-06-01 16:31 --------- d-----w C:\Program Files\BlackSunSoft.net
2008-06-01 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-01 12:01 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-06-01 12:01 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-01 11:43 --------- d-----w C:\Program Files\Micro Application
2008-05-28 22:40 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-28 10:49 --------- d-----w C:\Program Files\Ripp-it_AM
2008-05-26 17:45 --------- d-----w C:\Program Files\XviD
.
((((((((((((((((((((((((((((( snapshot@2008-07-21_23.21.11.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-21 08:50:32 86,582 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-22 08:56:31 86,582 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-21 08:50:32 103,544 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-07-22 08:56:31 103,544 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-07-21 08:50:32 478,794 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-22 08:56:31 478,794 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-21 08:50:32 552,142 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-22 08:56:31 552,142 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-22 09:27:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 01:22 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
"GenProcSys"="C:\WINDOWS\system32\nohubczw.exe" [2008-07-20 12:34 98304]
"UiAppWeb"="C:\WINDOWS\system32\ixsrotil.exe" [2008-07-20 14:15 98304]
"procchksrv"="C:\WINDOWS\system32\sdkbmhuv.exe" [2008-07-20 20:25 81920]
"admcfgchk"="C:\WINDOWS\system32\hufqfupi.exe" [2008-07-21 23:17 81920]
"appcommsg"="C:\WINDOWS\system32\johgzspq.exe" [2008-07-21 23:47 81920]
"setmsgapl"="C:\WINDOWS\system32\bebqvaxy.exe" [2008-07-22 11:28 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 10:39 7323648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 17:31 80896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 02:51 172032]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-01 14:01 185896]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"lphc9anj0evar"="C:\WINDOWS\system32\lphc9anj0evar.exe" [2008-07-22 11:28 110080]
"SMrhccanj0evar"="C:\Program Files\rhccanj0evar\rhccanj0evar.exe" [2008-07-21 13:46 9457664]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"wt2slV5qTR"="C:\Documents and Settings\All Users\Application Data\xqjepapo\vytsrgps.exe" [2008-07-20 12:34 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EnApi"= {0AF30382-B7E1-877E-3653-08995DEB0CF0} - C:\Program Files\ltipwke\EnApi.dll [2008-07-20 12:34 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\RAY4N\\Mes documents\\Mes logiciels\\limewire\\StubInstaller.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"C:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 14:00]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 14:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-05 17:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0bbdb5-7af7-11dc-b0fe-001372198b7b}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c261004-dad6-11dc-b136-001372198b7b}]
\Shell\AutoRun\command - J:\RavMon.exe
\Shell\explore\Command - J:\RavMon.exe -e
\Shell\open\Command - J:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc654102-211b-11dd-b170-001372198b7b}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-19 20:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-22 09:27:41 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.club-internet.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-Internet Settings,ProxyServer = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{3EE15FB7-D9D8-43F5-B7E7-ED7FA9EECB04}: NameServer = 192.168.1.1
O17 -: HKLM\CCS\Interface\{C8EEFAD6-DEA5-46AA-957D-DAC93AA707FF}: NameServer = 194.117.200.10,194.117.200.15
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HPSWUpdate.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 11:28:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\blphc9anj0evar.scr 60928 bytes executable
C:\WINDOWS\system32\pphc9anj0evar.exe 94208 bytes executable
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-22 11:31:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 09:31:43
ComboFix2.txt 2008-07-21 21:21:31
Pre-Run: 98,922,852,352 octets libres
Post-Run: 98,904,309,760 octets libres
294 --- E O F --- 2008-07-10 07:30:11
-->Message édité par rayan7 le 22/07/2008 11:41:25<--
|
|
|
|
|
Salut rayan7
Télécharge Flash Disinfector (de sUBs) sur le bureau ici :
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
- Ferme toute les applications en cours, branche tous tes supports amovibles (clé USB, disque dur externe, etc..) et démarre-les.
- Double clique sur Flash_Disinfector.exe qui est sur le bureau
- Les icônes vont disparaître, c’est normal et attendue
- Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau
- Redémarre ton PC
Poste le rapport dans ton prochain poste et refais après un scan avec Combofix, poste aussi son rapport.
@++
|
|
|
|
|
salut dédétraqué,
pas de rapport de Flash Disinfector et voici le rapport de combifix
ComboFix 08-07-20.A0 - RAY4N 2008-07-22 16:57:56.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1389 [GMT 2:00]
Endroit: C:\Documents and Settings\RAY4N\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\RAY4N\Application Data\rhccanj0evar
C:\Program Files\rhccanj0evar
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\blphc9anj0evar.scr
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\lphc9anj0evar.exe
C:\WINDOWS\system32\phc9anj0evar.bmp
C:\WINDOWS\system32\pphc9anj0evar.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
.
2008-07-22 17:02 . 2008-07-22 17:02 110,080 --a------ C:\WINDOWS\system32\lphc9anj0evar.exe
2008-07-22 17:02 . 2008-07-22 17:02 90,838 --a------ C:\WINDOWS\system32\phc9anj0evar.bmp
2008-07-22 17:02 . 2008-07-22 17:02 86,016 --a------ C:\WINDOWS\system32\tcbavihg.exe
2008-07-22 17:02 . 2008-07-22 17:02 60,928 --a------ C:\WINDOWS\system32\blphc9anj0evar.scr
2008-07-22 11:58 . 2008-07-22 11:58 110,080 --a------ C:\WINDOWS\system32\baxulaza.exe
2008-07-22 11:58 . 2008-07-22 11:58 77,824 --a------ C:\WINDOWS\system32\harsjgdc.exe
2008-07-22 11:28 . 2008-07-22 11:28 77,824 --a------ C:\WINDOWS\system32\bebqvaxy.exe
2008-07-21 23:47 . 2008-07-21 23:47 110,080 --a------ C:\WINDOWS\system32\lsjgtkve.exe
2008-07-21 23:47 . 2008-07-21 23:47 81,920 --a------ C:\WINDOWS\system32\johgzspq.exe
2008-07-21 23:19 . 2008-07-22 11:26 94,208 --a------ C:\WINDOWS\system32\1D.tmp
2008-07-21 23:19 . 2008-07-22 10:53 94,208 --a------ C:\WINDOWS\system32\1C.tmp
2008-07-21 23:17 . 2008-07-21 23:17 81,920 --a------ C:\WINDOWS\system32\hufqfupi.exe
2008-07-21 22:53 . 2008-07-21 22:53 <REP> d-------- C:\Program Files\Trend Micro
2008-07-21 09:42 . 2008-07-21 22:52 <REP> d-------- C:\Toolbar SD
2008-07-21 09:24 . 2008-07-21 10:25 4,178 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-21 09:24 . 2008-07-21 09:24 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-21 09:23 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-21 09:23 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-21 09:23 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-21 09:23 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-21 09:23 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-21 09:23 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-21 09:23 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-21 09:23 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-21 09:23 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-20 20:25 . 2008-07-20 20:25 110,080 --a------ C:\WINDOWS\system32\epwjexur.exe
2008-07-20 20:25 . 2008-07-20 20:25 81,920 --a------ C:\WINDOWS\system32\sdkbmhuv.exe
2008-07-20 14:22 . 2008-07-20 20:41 <REP> d-------- C:\Program Files\Lavasoft
2008-07-20 14:22 . 2008-07-20 20:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-20 14:15 . 2008-07-20 14:15 110,080 --a------ C:\WINDOWS\system32\qhizqrqx.exe
2008-07-20 14:15 . 2008-07-20 14:15 98,304 --a------ C:\WINDOWS\system32\ixsrotil.exe
2008-07-20 12:34 . 2008-07-20 12:34 <REP> d-------- C:\Program Files\ltipwke
2008-07-20 12:34 . 2008-07-20 12:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\xqjepapo
2008-07-20 12:34 . 2008-07-20 12:34 98,304 --a------ C:\WINDOWS\system32\nohubczw.exe
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\WINWGPX.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\winsystem.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\winlogonpc.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\vbsys2.MSNFix
2008-07-19 22:22 . 2008-07-19 22:22 <REP> d-------- C:\Program Files\iTunes
2008-07-19 22:22 . 2008-07-19 22:22 <REP> d-------- C:\Program Files\iPod
2008-07-19 22:21 . 2008-07-19 22:21 <REP> d-------- C:\Program Files\QuickTime
2008-07-15 13:10 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-15 13:10 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-15 13:10 . 2008-07-15 13:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-15 13:10 . 2008-07-15 13:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-15 13:08 . 2008-07-15 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-07-15 13:07 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-15 13:07 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-15 13:07 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-15 13:07 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-15 13:07 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-15 13:07 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-24 22:58 . 2008-06-24 23:00 <REP> d-------- C:\Program Files\EO Video
2008-06-24 00:13 . 2008-06-24 00:13 <REP> d-------- C:\WINDOWS\Ulead.dat
2008-06-24 00:13 . 2008-07-15 21:44 89 --a------ C:\WINDOWS\ULead32.ini
2008-06-24 00:12 . 2008-06-24 00:13 436 --a------ C:\WINDOWS\VFO.VST
2008-06-24 00:12 . 2008-06-24 00:12 41 --a------ C:\WINDOWS\system32\blue.SITENAME
2008-06-24 00:10 . 2000-05-02 10:17 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-24 00:00 . 2008-06-24 00:00 <REP> d-------- C:\WINDOWS\system32\Quicktime
2008-06-24 00:00 . 2008-07-15 21:45 1,346 --a------ C:\WINDOWS\VFO.INI
2008-06-23 23:58 . 2008-06-24 00:04 <REP> d-------- C:\Program Files\Liquid.6
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 14:59 --------- d-----w C:\Program Files\eMule
2008-07-21 08:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-21 08:02 --------- d-----w C:\Program Files\Yahoo!
2008-07-21 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 23:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-20 23:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-15 11:06 --------- d-----w C:\Program Files\Nokia
2008-07-15 11:06 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-07-15 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-14 23:01 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\HP
2008-07-14 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-06-23 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-06-23 22:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 22:10 --------- d-----w C:\Program Files\Pinnacle
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 14:16 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\TaoUSign
2008-06-15 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-15 22:32 --------- d-----w C:\Program Files\DivX
2008-06-15 22:31 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-06-15 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-14 18:30 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\Nokia Multimedia Player
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 23:01 --------- d-----w C:\Program Files\MoviePod
2008-06-06 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-06 14:19 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\Yahoo!
2008-06-04 23:09 --------- d-----w C:\Program Files\Digital Video Duplicator
2008-06-04 23:01 --------- d-----w C:\Program Files\WinASPI
2008-06-04 23:01 --------- d-----w C:\Program Files\Morgan
2008-06-04 23:01 --------- d-----w C:\Program Files\Gabest
2008-06-04 23:01 --------- d-----w C:\Program Files\AC3Filter
2008-06-01 16:48 --------- d-----w C:\Program Files\AVSTool
2008-06-01 16:31 --------- d-----w C:\Program Files\BlackSunSoft.net
2008-06-01 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-01 12:01 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-06-01 12:01 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-01 11:43 --------- d-----w C:\Program Files\Micro Application
2008-05-28 22:40 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-28 10:49 --------- d-----w C:\Program Files\Ripp-it_AM
2008-05-26 17:45 --------- d-----w C:\Program Files\XviD
.
((((((((((((((((((((((((((((( snapshot@2008-07-21_23.21.11.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-21 08:50:32 86,582 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-22 15:00:15 86,582 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-21 08:50:32 103,544 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-07-22 15:00:15 103,544 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-07-21 08:50:32 478,794 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-22 15:00:15 478,794 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-21 08:50:32 552,142 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-22 15:00:15 552,142 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-22 15:01:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 01:22 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
"GenProcSys"="C:\WINDOWS\system32\nohubczw.exe" [2008-07-20 12:34 98304]
"UiAppWeb"="C:\WINDOWS\system32\ixsrotil.exe" [2008-07-20 14:15 98304]
"procchksrv"="C:\WINDOWS\system32\sdkbmhuv.exe" [2008-07-20 20:25 81920]
"admcfgchk"="C:\WINDOWS\system32\hufqfupi.exe" [2008-07-21 23:17 81920]
"appcommsg"="C:\WINDOWS\system32\johgzspq.exe" [2008-07-21 23:47 81920]
"setmsgapl"="C:\WINDOWS\system32\bebqvaxy.exe" [2008-07-22 11:28 77824]
"endscsys"="C:\WINDOWS\system32\harsjgdc.exe" [2008-07-22 11:58 77824]
"webmnt"="C:\WINDOWS\system32\tcbavihg.exe" [2008-07-22 17:02 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 10:39 7323648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 17:31 80896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 02:51 172032]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-01 14:01 185896]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"lphc9anj0evar"="C:\WINDOWS\system32\lphc9anj0evar.exe" [2008-07-22 17:02 110080]
"SMrhccanj0evar"="C:\Program Files\rhccanj0evar\rhccanj0evar.exe" [2008-07-21 13:46 9457664]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"wt2slV5qTR"="C:\Documents and Settings\All Users\Application Data\xqjepapo\vytsrgps.exe" [2008-07-20 12:34 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EnApi"= {0AF30382-B7E1-877E-3653-08995DEB0CF0} - C:\Program Files\ltipwke\EnApi.dll [2008-07-20 12:34 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\RAY4N\\Mes documents\\Mes logiciels\\limewire\\StubInstaller.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"C:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 14:00]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 14:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-05 17:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0bbdb5-7af7-11dc-b0fe-001372198b7b}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c261004-dad6-11dc-b136-001372198b7b}]
\Shell\AutoRun\command - J:\RavMon.exe
\Shell\explore\Command - J:\RavMon.exe -e
\Shell\open\Command - J:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc654102-211b-11dd-b170-001372198b7b}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-19 20:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-22 15:01:45 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.club-internet.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-Internet Settings,ProxyServer = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{3EE15FB7-D9D8-43F5-B7E7-ED7FA9EECB04}: NameServer = 192.168.1.1
O17 -: HKLM\CCS\Interface\{C8EEFAD6-DEA5-46AA-957D-DAC93AA707FF}: NameServer = 194.117.200.10,194.117.200.15
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HPSWUpdate.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 17:02:12
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\pphc9anj0evar.exe 94208 bytes executable
C:\WINDOWS\system32\277.tmp 94208 bytes executable
C:\WINDOWS\system32\2DB.tmp 94208 bytes executable
C:\WINDOWS\system32\2DD.tmp 94208 bytes executable
C:\WINDOWS\system32\blphc9anj0evar.scr 60928 bytes executable
Scan termin‚ avec succŠs
Les fichiers cach‚s: 5
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-22 17:06:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 15:06:42
ComboFix2.txt 2008-07-22 09:31:49
ComboFix3.txt 2008-07-21 21:21:31
Pre-Run: 99,919,147,008 octets libres
Post-Run: 99,923,722,240 octets libres
303 --- E O F --- 2008-07-10 07:30:11
|
|
|
|
|
Salut rayan7
- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.
- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenProcSys"=-
"UiAppWeb"=-
"procchksrv"=-
"admcfgchk"=-
"appcommsg"=-
"setmsgapl"=-
"endscsys"=-
"webmnt"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphc9anj0evar"=-
"SMrhccanj0evar"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"wt2slV5qTR"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EnApi"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0bbdb5-7af7-11dc-b0fe-001372198b7b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c261004-dad6-11dc-b136-001372198b7b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc654102-211b-11dd-b170-001372198b7b}]
Folder::
C:\Program Files\rhccanj0evar\
C:\Documents and Settings\All Users\Application Data\xqjepapo\
File::
C:\WINDOWS\system32\pphc9anj0evar.exe
C:\WINDOWS\system32\277.tmp
C:\WINDOWS\system32\2DB.tmp
C:\WINDOWS\system32\2DD.tmp
C:\WINDOWS\system32\blphc9anj0evar.scr
C:\WINDOWS\system32\nohubczw.exe
C:\WINDOWS\system32\ixsrotil.exe
C:\WINDOWS\system32\sdkbmhuv.exe
C:\WINDOWS\system32\hufqfupi.exe
C:\WINDOWS\system32\johgzspq.exe
C:\WINDOWS\system32\bebqvaxy.exe
C:\WINDOWS\system32\harsjgdc.exe
C:\WINDOWS\system32\tcbavihg.exe
C:\WINDOWS\system32\lphc9anj0evar.exe
C:\Program Files\rhccanj0evar\rhccanj0evar.exe
C:\Documents and Settings\All Users\Application Data\xqjepapo\vytsrgps.exe
C:\Program Files\ltipwke\EnApi.dll
- Enregistre ce fichier sur le bureau (Impératif)
-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers
- Clique sur Enregistrer et quitte le Bloc Notes
- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture :
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Avec ce rapport, poste moi un nouveau rapport HijackThis
@++
|
|
|
|
|
hello dédétraqué,
avant toute chose j'ai fait comme la capture d'ecran mais je n'est pas eu bessoin d'appuyer sur la touche 1 cela c'est fait automatiquement combofix a demarrer et a fait un scan dont voici le rapport.
ComboFix 08-07-20.A0 - RAY4N 2008-07-22 22:22:48.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1429 [GMT 2:00]
Endroit: C:\Documents and Settings\RAY4N\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\RAY4N\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Documents and Settings\All Users\Application Data\xqjepapo\vytsrgps.exe
C:\Program Files\ltipwke\EnApi.dll
C:\Program Files\rhccanj0evar\rhccanj0evar.exe
C:\WINDOWS\system32\277.tmp
C:\WINDOWS\system32\2DB.tmp
C:\WINDOWS\system32\2DD.tmp
C:\WINDOWS\system32\bebqvaxy.exe
C:\WINDOWS\system32\blphc9anj0evar.scr
C:\WINDOWS\system32\harsjgdc.exe
C:\WINDOWS\system32\hufqfupi.exe
C:\WINDOWS\system32\ixsrotil.exe
C:\WINDOWS\system32\johgzspq.exe
C:\WINDOWS\system32\lphc9anj0evar.exe
C:\WINDOWS\system32\nohubczw.exe
C:\WINDOWS\system32\pphc9anj0evar.exe
C:\WINDOWS\system32\sdkbmhuv.exe
C:\WINDOWS\system32\tcbavihg.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\xqjepapo\
C:\Documents and Settings\All Users\Application Data\xqjepapo\\vytsrgps.exe
C:\Documents and Settings\All Users\Application Data\xqjepapo\vytsrgps.exe
C:\Documents and Settings\RAY4N\Application Data\rhccanj0evar
C:\Program Files\ltipwke\EnApi.dll
C:\Program Files\rhccanj0evar\
C:\Program Files\rhccanj0evar\\database.dat
C:\Program Files\rhccanj0evar\\license.txt
C:\Program Files\rhccanj0evar\\MFC71.dll
C:\Program Files\rhccanj0evar\\MFC71ENU.DLL
C:\Program Files\rhccanj0evar\\msvcp71.dll
C:\Program Files\rhccanj0evar\\msvcr71.dll
C:\Program Files\rhccanj0evar\\rhccanj0evar.exe
C:\Program Files\rhccanj0evar\\rhccanj0evar.exe.local
C:\Program Files\rhccanj0evar\\Uninstall.exe
C:\Program Files\rhccanj0evar\rhccanj0evar.exe
C:\WINDOWS\system32\277.tmp
C:\WINDOWS\system32\2DB.tmp
C:\WINDOWS\system32\2DD.tmp
C:\WINDOWS\system32\bebqvaxy.exe
C:\WINDOWS\system32\blphc9anj0evar.scr
C:\WINDOWS\system32\harsjgdc.exe
C:\WINDOWS\system32\hufqfupi.exe
C:\WINDOWS\system32\ixsrotil.exe
C:\WINDOWS\system32\johgzspq.exe
C:\WINDOWS\system32\lphc9anj0evar.exe
C:\WINDOWS\system32\nohubczw.exe
C:\WINDOWS\system32\phc9anj0evar.bmp
C:\WINDOWS\system32\pphc9anj0evar.exe
C:\WINDOWS\system32\sdkbmhuv.exe
C:\WINDOWS\system32\tcbavihg.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
.
2008-07-22 17:32 . 2008-07-22 17:32 110,080 --a------ C:\WINDOWS\system32\jutwhqlu.exe
2008-07-22 17:32 . 2008-07-22 17:32 90,112 --a------ C:\WINDOWS\system32\jyruhevg.exe
2008-07-22 11:58 . 2008-07-22 11:58 110,080 --a------ C:\WINDOWS\system32\baxulaza.exe
2008-07-21 23:47 . 2008-07-21 23:47 110,080 --a------ C:\WINDOWS\system32\lsjgtkve.exe
2008-07-21 23:19 . 2008-07-22 11:26 94,208 --a------ C:\WINDOWS\system32\1D.tmp
2008-07-21 23:19 . 2008-07-22 10:53 94,208 --a------ C:\WINDOWS\system32\1C.tmp
2008-07-21 22:53 . 2008-07-21 22:53 <REP> d-------- C:\Program Files\Trend Micro
2008-07-21 09:42 . 2008-07-21 22:52 <REP> d-------- C:\Toolbar SD
2008-07-21 09:24 . 2008-07-21 10:25 4,178 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-21 09:24 . 2008-07-21 09:24 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-21 09:23 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-21 09:23 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-21 09:23 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-21 09:23 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-21 09:23 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-21 09:23 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-21 09:23 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-21 09:23 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-21 09:23 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-20 20:25 . 2008-07-20 20:25 110,080 --a------ C:\WINDOWS\system32\epwjexur.exe
2008-07-20 14:22 . 2008-07-20 20:41 <REP> d-------- C:\Program Files\Lavasoft
2008-07-20 14:22 . 2008-07-20 20:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-20 14:15 . 2008-07-20 14:15 110,080 --a------ C:\WINDOWS\system32\qhizqrqx.exe
2008-07-20 12:34 . 2008-07-22 22:23 <REP> d-------- C:\Program Files\ltipwke
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\WINWGPX.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\winsystem.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\winlogonpc.MSNFix
2008-07-20 12:34 . 2008-07-20 12:34 4,096 --a------ C:\WINDOWS\system32\vbsys2.MSNFix
2008-07-19 22:22 . 2008-07-19 22:22 <REP> d-------- C:\Program Files\iTunes
2008-07-19 22:22 . 2008-07-19 22:22 <REP> d-------- C:\Program Files\iPod
2008-07-19 22:21 . 2008-07-19 22:21 <REP> d-------- C:\Program Files\QuickTime
2008-07-15 13:10 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-15 13:10 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-07-15 13:10 . 2008-07-15 13:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-15 13:10 . 2008-07-15 13:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-15 13:08 . 2008-07-15 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-07-15 13:07 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-15 13:07 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-15 13:07 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-15 13:07 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-15 13:07 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-15 13:07 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-24 22:58 . 2008-06-24 23:00 <REP> d-------- C:\Program Files\EO Video
2008-06-24 00:13 . 2008-06-24 00:13 <REP> d-------- C:\WINDOWS\Ulead.dat
2008-06-24 00:13 . 2008-07-15 21:44 89 --a------ C:\WINDOWS\ULead32.ini
2008-06-24 00:12 . 2008-06-24 00:13 436 --a------ C:\WINDOWS\VFO.VST
2008-06-24 00:12 . 2008-06-24 00:12 41 --a------ C:\WINDOWS\system32\blue.SITENAME
2008-06-24 00:10 . 2000-05-02 10:17 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-06-24 00:00 . 2008-06-24 00:00 <REP> d-------- C:\WINDOWS\system32\Quicktime
2008-06-24 00:00 . 2008-07-15 21:45 1,346 --a------ C:\WINDOWS\VFO.INI
2008-06-23 23:58 . 2008-06-24 00:04 <REP> d-------- C:\Program Files\Liquid.6
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 14:59 --------- d-----w C:\Program Files\eMule
2008-07-21 08:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-21 08:02 --------- d-----w C:\Program Files\Yahoo!
2008-07-21 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-20 23:29 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-20 23:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-15 11:06 --------- d-----w C:\Program Files\Nokia
2008-07-15 11:06 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-07-15 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-07-14 23:01 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\HP
2008-07-14 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-06-23 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-06-23 22:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 22:10 --------- d-----w C:\Program Files\Pinnacle
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 14:16 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\TaoUSign
2008-06-15 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-15 22:32 --------- d-----w C:\Program Files\DivX
2008-06-15 22:31 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-06-15 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-14 18:30 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\Nokia Multimedia Player
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 23:01 --------- d-----w C:\Program Files\MoviePod
2008-06-06 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-06 14:19 --------- d-----w C:\Documents and Settings\RAY4N\Application Data\Yahoo!
2008-06-04 23:09 --------- d-----w C:\Program Files\Digital Video Duplicator
2008-06-04 23:01 --------- d-----w C:\Program Files\WinASPI
2008-06-04 23:01 --------- d-----w C:\Program Files\Morgan
2008-06-04 23:01 --------- d-----w C:\Program Files\Gabest
2008-06-04 23:01 --------- d-----w C:\Program Files\AC3Filter
2008-06-01 16:48 --------- d-----w C:\Program Files\AVSTool
2008-06-01 16:31 --------- d-----w C:\Program Files\BlackSunSoft.net
2008-06-01 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-01 12:01 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-06-01 12:01 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-06-01 11:43 --------- d-----w C:\Program Files\Micro Application
2008-05-28 22:40 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-28 10:49 --------- d-----w C:\Program Files\Ripp-it_AM
2008-05-26 17:45 --------- d-----w C:\Program Files\XviD
.
((((((((((((((((((((((((((((( snapshot@2008-07-21_23.21.11.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-21 08:50:32 86,582 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-22 15:05:43 86,582 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-21 08:50:32 103,544 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-07-22 15:05:43 103,544 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-07-21 08:50:32 478,794 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-22 15:05:43 478,794 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-21 08:50:32 552,142 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-22 15:05:43 552,142 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-22 20:25:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 01:22 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
"UiInfoMon"="C:\WINDOWS\system32\jyruhevg.exe" [2008-07-22 17:32 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 10:39 7323648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 20:25 1003520]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 17:31 80896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 02:51 172032]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-01 14:01 185896]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\RAY4N\\Mes documents\\Mes logiciels\\limewire\\StubInstaller.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"C:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 14:00]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 10:50]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 14:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-05 17:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-19 20:17:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-22 20:25:25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 22:25:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-22 22:29:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 20:29:34
ComboFix2.txt 2008-07-22 15:06:49
ComboFix3.txt 2008-07-22 09:31:49
ComboFix4.txt 2008-07-21 21:21:31
Pre-Run: 99,528,515,584 octets libres
Post-Run: 99,590,045,696 octets libres
288 --- E O F --- 2008-07-10 07:30:11
|
|
|
|
|
désolé j'ai oublier de te poster avant le rapport de hijackthis le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:30, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\jyruhevg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.0\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32. | | |
