Win32 Virtumonde-bw
Dernière réponse : dans Le monde de Windows
Bonjour,
J'ai récemment recu plusieurs messages d'avast pour des adware, j'ai utilisé vundofix, qui a trouvé un fichier, l'a supprimé mais au redémarrage mon ordi faisait un bruit infernale et il ne démarrait pas, je l'ai redémarré avec le bouton d'alimentation. Voici le rapport:
Beginning removal...
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 17:22:04 2007-08-11
Listing files found while scanning....
C:\windows\system32\nnnliff.dll
Beginning removal...
Attempting to delete C:\windows\system32\nnnliff.dll
C:\windows\system32\nnnliff.dll Has been deleted!
Performing Repairs to the registry.
Done!
Ensuite j'ai utilisé vitumondefix qui n'a rien trouvé, puis conbofix, voici le rapport:
ComboFix 07-08-09.3 - "Thibaut" 2007-08-11 20:42:55.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.1136 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Thibaut\APPLIC~1\..\new.txt
C:\WINDOWS\system32\khfgdbb.dll
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-09 12:09 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-08-09 12:09 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-08-08 14:16 <REP> d-------- C:\Program Files\PowerISO
2007-08-08 11:31 <REP> d-------- C:\DOCUME~1\Thibaut\.DownloadManager
2007-08-07 19:21 <REP> d-------- C:\Program Files\MagicISO
2007-08-06 12:06 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-07-31 22:57 <REP> d-------- C:\WINDOWS\system32\Rawflow
2007-07-31 20:15 <REP> d-------- C:\Program Files\RADVideo
2007-07-31 11:12 <REP> d-------- C:\Program Files\Easy TM
2007-07-30 14:09 201,728 --a------ C:\WINDOWS\system32\Les Simpson - Le film.scr
2007-07-30 14:09 <REP> d-------- C:\WINDOWS\system32\Les Simpson - Le film dir
2007-07-29 22:08 <REP> d-------- C:\DOCUME~1\Thibaut\APPLIC~1\DeepBurner
2007-07-29 22:07 <REP> d-------- C:\Program Files\Astonsoft
2007-07-27 20:16 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-07-27 20:16 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2007-07-27 18:42 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-07-27 18:42 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-07-27 18:17 <REP> d-------- C:\Program Files\Monte Cristo
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-11 20:00 21993 --a------ C:\Program Files\update.zip
2007-08-11 19:21 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-11 17:17 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\ConvertTemp
2007-08-10 20:56 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-08-09 12:05 --------- d-------- C:\Program Files\eMule
2007-08-08 13:23 114912 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-08-07 20:04 94080 --a------ C:\DOCUME~1\Thibaut\APPLIC~1\ezplay.sys
2007-08-07 20:04 87608 --a------ C:\DOCUME~1\Thibaut\APPLIC~1\ezpinst.exe
2007-08-07 20:04 47360 --a------ C:\DOCUME~1\Thibaut\APPLIC~1\pcouffin.sys
2007-08-07 20:04 --------- d-------- C:\Program Files\VSO
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Vso
2007-08-01 20:45 11468 --a--c--- C:\WINDOWS\mozver.dat
2007-07-29 22:22 --------- d-------- C:\Program Files\CDBurnerXP Pro 3
2007-07-28 11:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 11:31 --------- d-------- C:\Program Files\Microsoft Games
2007-07-28 10:55 --------- d-------- C:\Program Files\Cyanide
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-27 20:13 --------- d-------- C:\Program Files\Atari
2007-07-11 10:39 77254 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-07-11 10:39 472796 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-10 18:23 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Pro Cycling Manager 2007
2007-07-10 17:17 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-08 19:53 --------- d-------- C:\Program Files\Bonjour
2007-07-08 17:57 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\teamspeak2
2007-07-08 17:36 --------- d-------- C:\Program Files\1&1
2007-07-08 17:14 --------- d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-07-08 16:41 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Opera
2007-07-08 10:51 167936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-08 10:51 --------- d-------- C:\Program Files\Illustrate
2007-07-08 10:48 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Skype
2007-07-06 12:19 --------- d-------- C:\Program Files\DivX
2007-07-02 21:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 21:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-06-21 10:27 --------- d-------- C:\Program Files\Empire Interactive
2007-06-21 10:08 94080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2007-06-21 10:08 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-06-20 22:08 --------- d-------- C:\Program Files\DAEMON Tools
2007-06-20 22:04 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-20 10:42 --------- d-------- C:\Program Files\Notepad++
2007-06-20 10:42 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Notepad++
2007-06-20 09:25 --------- d-------- C:\Program Files\Codemasters
2007-06-19 08:25 --------- d-------- C:\Program Files\IVCsoft
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 17:09 --------- d-------- C:\Program Files\MSN Messenger
2007-06-16 17:08 --------- d-------- C:\Program Files\Windows Live
2007-06-13 17:17 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\1&1
2007-06-13 15:42 --------- d-------- C:\Program Files\FLV Player
2007-06-01 08:20 51568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-16 17:13 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:13 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2007-02-09 19:43 386630 -rahs---- C:\Program Files\wunauclt.zip
2007-02-09 19:43 386630 -rahs---- C:\Program Files\wunauclt.tbe
2006-08-27 16:38 1015973 -rahs---- C:\Program Files\serial.tde
2006-05-20 18:34 1 --a--c--- C:\WINDOWS\Fonts.\SI.bin
2006-03-23 19:08 130 --a--c--- C:\DOCUME~1\Thibaut\APPLIC~1\wklnhst.dat
2005-09-24 00:49 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
2004-07-02 13:19 40960 --a--c--- C:\WINDOWS\inf\WG311v2\imdinst.exe
2004-06-18 00:41 386688 --a--c--- C:\WINDOWS\inf\WG311v2\netwg311_XP.sys
2004-04-04 14:07 84912 --a--c--- C:\WINDOWS\inf\WG311v2\FwRad17.bin
2004-04-04 14:07 83320 --a--c--- C:\WINDOWS\inf\WG311v2\FwRad16.bin
2004-02-04 13:53 62865 --a--c--- C:\WINDOWS\inf\WG311v2\odysseyIM3.sys
2004-02-04 13:53 12739 --a--c--- C:\WINDOWS\inf\WG311v2\odNetInstall.dll
2005-07-14 19:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2006-03-18 20:14:23 56 -csh--r C:\WINDOWS\system32\F5066376DA.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00]
C:\Documents and Settings\Thibaut\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 00:57:01]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 13:32:18]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Thibaut^Menu Démarrer^Programmes^Démarrage^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=C:\Documents and Settings\Thibaut\Menu Démarrer\Programmes\Démarrage\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R2 ACEDRV07;ACEDRV07;\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter;C:\WINDOWS\system32\DRIVERS\netwg311.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys
S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\archbus.sys
S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;C:\WINDOWS\system32\DRIVERS\archmdfl.sys
S3 archmdm;NEC WMC USB_BJ1 Modem Drivers;C:\WINDOWS\system32\DRIVERS\archmdm.sys
S3 archobex;NEC WMC USB_BJ1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\archobex.sys
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 ezplay;VSO Software ezplay;C:\WINDOWS\system32\Drivers\ezplay.sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\Thibaut\LOCALS~1\Temp\Fadpu16E.sys
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 HidBth;Miniport HID Microsoft Bluetooth;C:\WINDOWS\system32\DRIVERS\hidbth.sys
S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Contents of the 'Scheduled Tasks' folder
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\patcher.exe
2007-08-11 15:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\dr.exe
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\widupdate.exe
2007-08-11 12:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\dr.exe
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\wunauclt.exe
2007-08-11 12:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\wunauclt.exe
2007-03-11 09:59:11 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\wunauclt.exe
2007-05-01 17:43:21 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job - C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe
2007-07-04 00:19:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-08-11 09:22:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF22C5D5-5C4E-498B-8086-5E841601C47B}.job - C:\WINDOWS\system32\msfeedssync.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 20:50:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="A62949558471113CAC891C28B5B81A320D4562A0C5809407099413EFDC342FEC4B37A61832CC715E302FD72401A0659D5112B6E73535163CE7679150F8A65A360094A7CB0E1EF09CF15FABB574D6EED03A781DDE63B8FCCD169EE5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B5559DB7CE019D40AA5CE2188C951422AB49757A4263E298935E5C4B81652F90951034B4370F70330F4AB5A74BF19550B18AB2563A7750032383AA7836EF6E1F2992EBE6E0F045756C84C881937CAB5E42AA576E308183A00EBD46978E28589C2E133C8C6DED8252FB214EA87B8F6AADD9D50008ECC8CB2650B555D3A56112B3BFD7F5596685C80C9A2461739F770BB4B76AAEC03F861860AC48622F9760E8A4C2DACA52DBACD975EC437C0C2075E97A5FFDC8877468002BA7065B7D8762C9405AC85450DECA2077D96801F2213E091F9AD698A0E391BEF9893413681A9547F0F3838C81883B258D0C34B17848FB8CD1757149A2E3172F53DFC9C06B791D1AAFBB9F53E770501BC873F639C543CBBDD8BEFA6D7BD3035651FB737DD753109C0DA3E86BD9B6CBD34C43B72353403C090D0CD97B6892D35822F312475459F8CCAB63DBFC807EE5C852F1315F72F3D47EDB35A4CA7F847B7E879FBA03D6C0D7CE42F3289259ED4C15253AD2C2C3150ED4C554251B2793DF38581DB5F4AC439D681E93369C36AF9D78261CBD053F60D46561CC5D8B9A2C5B177ECDFE47781FB4849C451DED3DF2ED5749DA4AC3AF1588AA58C08023EBBD3AD0F855C60A2D15F43331CEABBDE8E845B9977D817FB37602C66699734BFC3EC13FD91D73AE146B2F2664B8E3A70649A04BACCEA19ABD4C067E5C02D450852525DFC5531D0B4A6BA535CFD37A2CB5CEEEDBB7DE9DDE9462D43BA16BF2E392F08FD47AE80E5AC0638F5BA430D9ACEE38955F7EFE9C79D2889D0AAD88D11C83211F64C292493B3CA49836A4A51D72FA476B6D594878796812851A0F5328710BB9E57882C902AFD384DE0AA7CC982778C33C43341540D317D627C26786E142B1C3E81E2F4BA11E775D75BC988450DB587748BE0F843660F5338DFA69A21ECE53CC2389D419C2D1E40CE45AF7EEFE82E0B144E4FD79D0DC6F05BAE061ECB1BD20E4838D8FF73877B2722610D6F190732B45D75EA91CBAE843312435AA6CA2979B20692513F086A1C77629B25F38A76A25871F754ED55109032032DA386DACCA9D982DEFA5CFE4C7E38151384A2F1A0611D32A1BBCD7A92496BAC1DD0D7FC0A7D06A98AE212840451502F4BBE78A70C9848A7C62D8930888B774A36944F70163363568C5F3CDB8D541685F7B9BBE681D688A8E051A41E866753E1ECE896E4619211ECF419F5A241EA1AB4F5B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007c
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 20:53:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 20:52
C:\ComboFix2.txt ... 2007-06-01 21:24
--- E O F ---
J'ai utilisé AVG anti spyware qui n'a rien trouvé dans system32 et localsettings. J'aimerai savoir si le virus est encore présent, voici le rapport hijackthis. Merci:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:23:54, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thibaut\Bureau\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinsta...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thib38.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fadppro - VSO Software - (no file)
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13182 bytes
J'ai récemment recu plusieurs messages d'avast pour des adware, j'ai utilisé vundofix, qui a trouvé un fichier, l'a supprimé mais au redémarrage mon ordi faisait un bruit infernale et il ne démarrait pas, je l'ai redémarré avec le bouton d'alimentation. Voici le rapport:
Beginning removal...
VundoFix V6.5.0
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 17:22:04 2007-08-11
Listing files found while scanning....
C:\windows\system32\nnnliff.dll
Beginning removal...
Attempting to delete C:\windows\system32\nnnliff.dll
C:\windows\system32\nnnliff.dll Has been deleted!
Performing Repairs to the registry.
Done!
Ensuite j'ai utilisé vitumondefix qui n'a rien trouvé, puis conbofix, voici le rapport:
ComboFix 07-08-09.3 - "Thibaut" 2007-08-11 20:42:55.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.1136 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Thibaut\APPLIC~1\..\new.txt
C:\WINDOWS\system32\khfgdbb.dll
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-09 12:09 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-08-09 12:09 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-08-08 14:16 <REP> d-------- C:\Program Files\PowerISO
2007-08-08 11:31 <REP> d-------- C:\DOCUME~1\Thibaut\.DownloadManager
2007-08-07 19:21 <REP> d-------- C:\Program Files\MagicISO
2007-08-06 12:06 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-07-31 22:57 <REP> d-------- C:\WINDOWS\system32\Rawflow
2007-07-31 20:15 <REP> d-------- C:\Program Files\RADVideo
2007-07-31 11:12 <REP> d-------- C:\Program Files\Easy TM
2007-07-30 14:09 201,728 --a------ C:\WINDOWS\system32\Les Simpson - Le film.scr
2007-07-30 14:09 <REP> d-------- C:\WINDOWS\system32\Les Simpson - Le film dir
2007-07-29 22:08 <REP> d-------- C:\DOCUME~1\Thibaut\APPLIC~1\DeepBurner
2007-07-29 22:07 <REP> d-------- C:\Program Files\Astonsoft
2007-07-27 20:16 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-07-27 20:16 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2007-07-27 18:42 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-07-27 18:42 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-07-27 18:17 <REP> d-------- C:\Program Files\Monte Cristo
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-11 20:00 21993 --a------ C:\Program Files\update.zip
2007-08-11 19:21 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-11 17:17 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\ConvertTemp
2007-08-10 20:56 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-08-09 12:05 --------- d-------- C:\Program Files\eMule
2007-08-08 13:23 114912 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-08-07 20:04 94080 --a------ C:\DOCUME~1\Thibaut\APPLIC~1\ezplay.sys
2007-08-07 20:04 87608 --a------ C:\DOCUME~1\Thibaut\APPLIC~1\ezpinst.exe
2007-08-07 20:04 47360 --a------ C:\DOCUME~1\Thibaut\APPLIC~1\pcouffin.sys
2007-08-07 20:04 --------- d-------- C:\Program Files\VSO
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Vso
2007-08-01 20:45 11468 --a--c--- C:\WINDOWS\mozver.dat
2007-07-29 22:22 --------- d-------- C:\Program Files\CDBurnerXP Pro 3
2007-07-28 11:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 11:31 --------- d-------- C:\Program Files\Microsoft Games
2007-07-28 10:55 --------- d-------- C:\Program Files\Cyanide
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-27 20:13 --------- d-------- C:\Program Files\Atari
2007-07-11 10:39 77254 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-07-11 10:39 472796 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-10 18:23 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Pro Cycling Manager 2007
2007-07-10 17:17 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-07-08 19:53 --------- d-------- C:\Program Files\Bonjour
2007-07-08 17:57 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\teamspeak2
2007-07-08 17:36 --------- d-------- C:\Program Files\1&1
2007-07-08 17:14 --------- d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-07-08 16:41 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Opera
2007-07-08 10:51 167936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-08 10:51 --------- d-------- C:\Program Files\Illustrate
2007-07-08 10:48 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Skype
2007-07-06 12:19 --------- d-------- C:\Program Files\DivX
2007-07-02 21:41 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 21:41 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-06-21 10:27 --------- d-------- C:\Program Files\Empire Interactive
2007-06-21 10:08 94080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys
2007-06-21 10:08 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-06-20 22:08 --------- d-------- C:\Program Files\DAEMON Tools
2007-06-20 22:04 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-20 10:42 --------- d-------- C:\Program Files\Notepad++
2007-06-20 10:42 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\Notepad++
2007-06-20 09:25 --------- d-------- C:\Program Files\Codemasters
2007-06-19 08:25 --------- d-------- C:\Program Files\IVCsoft
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 17:09 --------- d-------- C:\Program Files\MSN Messenger
2007-06-16 17:08 --------- d-------- C:\Program Files\Windows Live
2007-06-13 17:17 --------- d-------- C:\DOCUME~1\Thibaut\APPLIC~1\1&1
2007-06-13 15:42 --------- d-------- C:\Program Files\FLV Player
2007-06-01 08:20 51568 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-05-31 08:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-16 17:13 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:13 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2007-02-09 19:43 386630 -rahs---- C:\Program Files\wunauclt.zip
2007-02-09 19:43 386630 -rahs---- C:\Program Files\wunauclt.tbe
2006-08-27 16:38 1015973 -rahs---- C:\Program Files\serial.tde
2006-05-20 18:34 1 --a--c--- C:\WINDOWS\Fonts.\SI.bin
2006-03-23 19:08 130 --a--c--- C:\DOCUME~1\Thibaut\APPLIC~1\wklnhst.dat
2005-09-24 00:49 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
2004-07-02 13:19 40960 --a--c--- C:\WINDOWS\inf\WG311v2\imdinst.exe
2004-06-18 00:41 386688 --a--c--- C:\WINDOWS\inf\WG311v2\netwg311_XP.sys
2004-04-04 14:07 84912 --a--c--- C:\WINDOWS\inf\WG311v2\FwRad17.bin
2004-04-04 14:07 83320 --a--c--- C:\WINDOWS\inf\WG311v2\FwRad16.bin
2004-02-04 13:53 62865 --a--c--- C:\WINDOWS\inf\WG311v2\odysseyIM3.sys
2004-02-04 13:53 12739 --a--c--- C:\WINDOWS\inf\WG311v2\odNetInstall.dll
2005-07-14 19:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2006-03-18 20:14:23 56 -csh--r C:\WINDOWS\system32\F5066376DA.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00]
C:\Documents and Settings\Thibaut\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 00:57:01]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 13:32:18]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Thibaut^Menu Démarrer^Programmes^Démarrage^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=C:\Documents and Settings\Thibaut\Menu Démarrer\Programmes\Démarrage\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\system32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\system32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\system32\drivers\sfhlp01.sys
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\system32\drivers\prodrv06.sys
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R2 ACEDRV07;ACEDRV07;\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter;C:\WINDOWS\system32\DRIVERS\netwg311.sys
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys
S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\archbus.sys
S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;C:\WINDOWS\system32\DRIVERS\archmdfl.sys
S3 archmdm;NEC WMC USB_BJ1 Modem Drivers;C:\WINDOWS\system32\DRIVERS\archmdm.sys
S3 archobex;NEC WMC USB_BJ1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\archobex.sys
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 ezplay;VSO Software ezplay;C:\WINDOWS\system32\Drivers\ezplay.sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\Thibaut\LOCALS~1\Temp\Fadpu16E.sys
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 HidBth;Miniport HID Microsoft Bluetooth;C:\WINDOWS\system32\DRIVERS\hidbth.sys
S3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 VHidMinidrv;Bluetooth HID Device Service;C:\WINDOWS\system32\drivers\VHIDMini.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Contents of the 'Scheduled Tasks' folder
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\patcher.exe
2007-08-11 15:00:00 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\dr.exe
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\widupdate.exe
2007-08-11 12:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\dr.exe
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\wunauclt.exe
2007-08-11 12:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\wunauclt.exe
2007-03-11 09:59:11 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\wunauclt.exe
2007-05-01 17:43:21 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job - C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe
2007-07-04 00:19:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-08-11 09:22:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF22C5D5-5C4E-498B-8086-5E841601C47B}.job - C:\WINDOWS\system32\msfeedssync.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 20:50:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="A62949558471113CAC891C28B5B81A320D4562A0C5809407099413EFDC342FEC4B37A61832CC715E302FD72401A0659D5112B6E73535163CE7679150F8A65A360094A7CB0E1EF09CF15FABB574D6EED03A781DDE63B8FCCD169EE5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B5559DB7CE019D40AA5CE2188C951422AB49757A4263E298935E5C4B81652F90951034B4370F70330F4AB5A74BF19550B18AB2563A7750032383AA7836EF6E1F2992EBE6E0F045756C84C881937CAB5E42AA576E308183A00EBD46978E28589C2E133C8C6DED8252FB214EA87B8F6AADD9D50008ECC8CB2650B555D3A56112B3BFD7F5596685C80C9A2461739F770BB4B76AAEC03F861860AC48622F9760E8A4C2DACA52DBACD975EC437C0C2075E97A5FFDC8877468002BA7065B7D8762C9405AC85450DECA2077D96801F2213E091F9AD698A0E391BEF9893413681A9547F0F3838C81883B258D0C34B17848FB8CD1757149A2E3172F53DFC9C06B791D1AAFBB9F53E770501BC873F639C543CBBDD8BEFA6D7BD3035651FB737DD753109C0DA3E86BD9B6CBD34C43B72353403C090D0CD97B6892D35822F312475459F8CCAB63DBFC807EE5C852F1315F72F3D47EDB35A4CA7F847B7E879FBA03D6C0D7CE42F3289259ED4C15253AD2C2C3150ED4C554251B2793DF38581DB5F4AC439D681E93369C36AF9D78261CBD053F60D46561CC5D8B9A2C5B177ECDFE47781FB4849C451DED3DF2ED5749DA4AC3AF1588AA58C08023EBBD3AD0F855C60A2D15F43331CEABBDE8E845B9977D817FB37602C66699734BFC3EC13FD91D73AE146B2F2664B8E3A70649A04BACCEA19ABD4C067E5C02D450852525DFC5531D0B4A6BA535CFD37A2CB5CEEEDBB7DE9DDE9462D43BA16BF2E392F08FD47AE80E5AC0638F5BA430D9ACEE38955F7EFE9C79D2889D0AAD88D11C83211F64C292493B3CA49836A4A51D72FA476B6D594878796812851A0F5328710BB9E57882C902AFD384DE0AA7CC982778C33C43341540D317D627C26786E142B1C3E81E2F4BA11E775D75BC988450DB587748BE0F843660F5338DFA69A21ECE53CC2389D419C2D1E40CE45AF7EEFE82E0B144E4FD79D0DC6F05BAE061ECB1BD20E4838D8FF73877B2722610D6F190732B45D75EA91CBAE843312435AA6CA2979B20692513F086A1C77629B25F38A76A25871F754ED55109032032DA386DACCA9D982DEFA5CFE4C7E38151384A2F1A0611D32A1BBCD7A92496BAC1DD0D7FC0A7D06A98AE212840451502F4BBE78A70C9848A7C62D8930888B774A36944F70163363568C5F3CDB8D541685F7B9BBE681D688A8E051A41E866753E1ECE896E4619211ECF419F5A241EA1AB4F5B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007c
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 20:53:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 20:52
C:\ComboFix2.txt ... 2007-06-01 21:24
--- E O F ---
J'ai utilisé AVG anti spyware qui n'a rien trouvé dans system32 et localsettings. J'aimerai savoir si le virus est encore présent, voici le rapport hijackthis. Merci:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:23:54, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thibaut\Bureau\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinsta...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thib38.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fadppro - VSO Software - (no file)
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 13182 bytes
Autres pages sur : win32 virtumonde
Lassé par la pub ? Créez un compte
Lassé par la pub ? Créez un compte
