pb avec 2 IEXPLORE
Tags :
-
Sécurité
Dernière réponse : dans Sécurité et virus
jessw
8 Mars 2008 13:24:19
Bonjour à tous?
Depuis 1 mois je me casse la tete sans réponse sur 2 "IEXPLORE.EXE" qui apparaissent sur mon processus ; conséquences: aprés le démarrage de mon pc il me faut 3 min pour voir les icones de mon bureau puis a la fermeture , aprés disparition des icones, il faut 10 minutes pour que le pc soit hors tension.
Suivant vos différents forum j'ai tout essayé (les antivirus, les machins et les trucs) sans aucune amélioration.
Mon pc: workstation hp xw6000 , exploitation windows 2000 service pack 4 NT
please, vraiment besoin d'un coup de main
Merci
Depuis 1 mois je me casse la tete sans réponse sur 2 "IEXPLORE.EXE" qui apparaissent sur mon processus ; conséquences: aprés le démarrage de mon pc il me faut 3 min pour voir les icones de mon bureau puis a la fermeture , aprés disparition des icones, il faut 10 minutes pour que le pc soit hors tension.
Suivant vos différents forum j'ai tout essayé (les antivirus, les machins et les trucs) sans aucune amélioration.
Mon pc: workstation hp xw6000 , exploitation windows 2000 service pack 4 NT
please, vraiment besoin d'un coup de main
Merci
Autres pages sur : iexplore
Bonjour,
On va voir si c'est lié à un virus.
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
On va voir si c'est lié à un virus.
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
jessw
8 Mars 2008 13:48:17
Merci pour ta réponse
Voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:32, on 08/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\MSTask.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Winnt\Logi_MwX.Exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Winnt\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Winnt\system32\rundll32.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 84.103.237.141 86.64.145.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Computer - Unknown owner - C:\Winnt\system\host.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MediaWortable (NumberBoerial) - remoteabc.com - C:\Winnt\system\mono.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
O23 - Service: Windows Menagement (Winmogemt) - Unknown owner - C:\Winnt\system32\winpctools
O23 - Service: WSP State Services (WSP Services) - Unknown owner - C:\Winnt\system\systemsys
--
End of file - 7994 bytes
Voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:32, on 08/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\MSTask.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Winnt\Logi_MwX.Exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Winnt\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Winnt\system32\rundll32.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 84.103.237.141 86.64.145.141
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Computer - Unknown owner - C:\Winnt\system\host.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MediaWortable (NumberBoerial) - remoteabc.com - C:\Winnt\system\mono.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
O23 - Service: Windows Menagement (Winmogemt) - Unknown owner - C:\Winnt\system32\winpctools
O23 - Service: WSP State Services (WSP Services) - Unknown owner - C:\Winnt\system\systemsys
--
End of file - 7994 bytes
Contenus similaires
- iexplore.exe pb - Forum
- 2 processus iexplore + redirection des recherches Internet [Résolu] - Forum
- Pb Pilote Contrôleur Vidéo + 2 autres - Forum
- Euro truck simulator 2 pb camions - Solutions
- Pb 2 messageri ac mozilla firox - Forum
- pb drivers hercules xps 2.010 - Forum
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
jessw
9 Mars 2008 12:01:04
re,
Aprés désinstallation de Avast et scan de Antivir, voici le rapport:
AntiVir PersonalEdition Classic
Report file date: dimanche 9 mars 2008 11:20
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Username: SYSTEM
Computer name: HP-ED20BDF3D078
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 9 mars 2008 11:20
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Starter.exe' - '1' Module(s) have been scanned
Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'BttnServ.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'EAUSBKBD.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'CPQEADM.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'AOLAgent.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LOGI_MWX.EXE' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'STARTEAK.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned
Scan process 'winmgmt.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'mstask.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'GEARSEC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\h.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/ADODB.Exploit.Gen
[INFO] The file was moved to '4849ba20.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Actify\Kernel\ActUL.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4847bdbf.qua'!
C:\WINNT\system\mono.exe
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINNT\system\systemsys
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINNT\system32\winpctools
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
End of the scan: dimanche 9 mars 2008 11:53
Used time: 32:52 min
The scan has been done completely.
4254 Scanning directories
280110 Files were scanned
2 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
280108 Files not concerned
7213 Archives were scanned
4 Warnings
0 Notes
Aprés désinstallation de Avast et scan de Antivir, voici le rapport:
AntiVir PersonalEdition Classic
Report file date: dimanche 9 mars 2008 11:20
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Username: SYSTEM
Computer name: HP-ED20BDF3D078
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 9 mars 2008 11:20
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Starter.exe' - '1' Module(s) have been scanned
Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'BttnServ.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'EAUSBKBD.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'CPQEADM.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'AOLAgent.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LOGI_MWX.EXE' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'STARTEAK.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned
Scan process 'winmgmt.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'mstask.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'GEARSEC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '27' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\h.vbs
[DETECTION] Contains detection pattern of the HTML script virus HTML/ADODB.Exploit.Gen
[INFO] The file was moved to '4849ba20.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Actify\Kernel\ActUL.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4847bdbf.qua'!
C:\WINNT\system\mono.exe
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINNT\system\systemsys
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINNT\system32\winpctools
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
End of the scan: dimanche 9 mars 2008 11:53
Used time: 32:52 min
The scan has been done completely.
4254 Scanning directories
280110 Files were scanned
2 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
280108 Files not concerned
7213 Archives were scanned
4 Warnings
0 Notes
jessw
9 Mars 2008 13:36:11
re
voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:03, on 09/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\MSTask.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Winnt\Logi_MwX.Exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Winnt\system32\ctfmon.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 86.64.145.146 84.103.237.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Computer - Unknown owner - C:\Winnt\system\host.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MediaWortable (NumberBoerial) - Unknown owner - C:\Winnt\system\mono.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
O23 - Service: Windows Menagement (Winmogemt) - Unknown owner - C:\Winnt\system32\winpctools
O23 - Service: WSP State Services (WSP Services) - Unknown owner - C:\Winnt\system\systemsys
--
End of file - 7870 bytes
voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:03, on 09/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\MSTask.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Winnt\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Winnt\Logi_MwX.Exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Winnt\system32\ctfmon.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 86.64.145.146 84.103.237.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Computer - Unknown owner - C:\Winnt\system\host.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MediaWortable (NumberBoerial) - Unknown owner - C:\Winnt\system\mono.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
O23 - Service: Windows Menagement (Winmogemt) - Unknown owner - C:\Winnt\system32\winpctools
O23 - Service: WSP State Services (WSP Services) - Unknown owner - C:\Winnt\system\systemsys
--
End of file - 7870 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
jessw
11 Mars 2008 21:33:06
Bonsoir,
Aprés avoir lancé Combofix les 2 IEXPLORE ont disparus du processus,c'est déjà un grand pas MERCI.
je te poste le rapport Combofix
ComboFix 08-03-08.2 - Administrateur 11/03/2008 21:10:43.4 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.864 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Winnt\system32\drivers\fad.sys
C:\Winnt\Web\default.htt
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 11:12 . 09/03/08 11:12 <DIR> d-------- C:\Program Files\Avira
2008-03-09 11:12 . 09/03/08 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-09 09:09 . 09/03/08 09:09 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_23c.dat
2008-03-08 13:04 . 08/03/08 13:04 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_238.dat
2008-03-08 12:58 . 08/03/08 12:58 <DIR> d-------- C:\WINNT\ERUNT
2008-03-08 11:48 . 08/03/08 13:09 <DIR> d-------- C:\SDFix
2008-03-08 09:20 . 08/03/08 09:20 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_380.dat
2008-03-08 08:58 . 08/03/08 08:58 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_240.dat
2008-03-07 21:21 . 23/12/07 15:09 538,624 --------- C:\WINNT\system32\trz226.tmp
2008-03-07 16:50 . 07/03/08 16:51 5,637 --a------ C:\WINNT\Fix IE Log.BAK
2008-03-07 16:25 . 07/03/08 16:25 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_254.dat
2008-03-07 15:33 . 07/03/08 15:33 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2008-03-07 14:56 . 07/03/08 14:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-05 15:16 . 05/03/08 15:16 0 --a------ C:\WINNT\Retz.4d
2008-03-04 21:35 . 04/03/08 21:35 106 --a------ C:\delete.bat
2008-03-04 21:00 . 07/03/08 15:37 1,942 --a------ C:\WINNT\imsins.BAK
2008-03-04 18:43 . 04/03/08 18:43 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_350.dat
2008-03-01 20:16 . 01/03/08 20:16 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_344.dat
2008-03-01 10:38 . 01/03/08 10:38 <DIR> d-------- C:\Program Files\Panda Security
2008-03-01 09:58 . 01/03/08 09:58 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-03-01 07:51 . 01/03/08 07:51 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_354.dat
2008-02-29 21:18 . 29/02/08 21:18 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_360.dat
2008-02-29 21:08 . 29/02/08 21:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-29 21:08 . 07/03/08 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-29 16:20 . 29/02/08 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 15:23 . 29/02/08 15:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_318.dat
2008-02-29 15:15 . 29/02/08 15:15 <DIR> d-------- C:\Program Files\CodeStuff
2008-02-29 14:18 . 29/02/08 14:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-29 14:18 . 29/02/08 14:19 <DIR> d-------- C:\Program Files\CCleaner
2008-02-26 20:27 . 26/02/08 20:27 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_330.dat
2008-02-25 17:01 . 11/03/08 21:10 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_184.dat
2008-02-24 08:45 . 24/02/08 08:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_334.dat
2008-02-22 08:39 . 22/02/08 08:39 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_180.dat
2008-02-22 06:44 . 22/02/08 06:44 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_328.dat
2008-02-21 17:54 . 21/02/08 17:54 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_320.dat
2008-02-20 06:45 . 20/02/08 06:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_32c.dat
2008-02-19 21:59 . 19/02/08 21:59 <DIR> d-------- C:\PerfLogs
2008-02-19 21:52 . 19/02/08 21:52 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4bc.dat
2008-02-16 16:14 . 16/02/08 16:14 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-02-16 11:02 . 16/02/08 11:02 <DIR> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-02-13 16:43 . 13/02/08 16:43 15,872 --a------ C:\WINNT\system32\EsA.nls
2008-02-11 20:50 . 12/12/02 01:34 208,896 --a------ C:\WINNT\system32\wmpns.dll
2008-02-11 20:47 . 12/12/02 01:34 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2008-02-11 20:47 . 14/12/02 17:41 200,192 --a------ C:\WINNT\system32\wmerror.dll
2008-02-11 20:47 . 12/12/02 01:34 106,496 --a------ C:\WINNT\system32\wmpasf.dll
2008-02-11 20:47 . 14/12/02 17:41 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2008-02-11 20:47 . 17/12/02 18:45 52,736 --a------ C:\WINNT\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 15:52 --------- d-----w C:\Program Files\Google
2008-02-16 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-15 18:45 --------- d-----w C:\Program Files\eMule
2008-02-15 18:45 --------- d-----w C:\Program Files\DivX
2008-02-10 19:30 --------- d-----w C:\Program Files\DaViDeo3professional
2008-02-09 17:45 --------- d-----w C:\Program Files\Gabest
2008-02-09 17:45 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-02-09 17:45 --------- d-----w C:\Program Files\Ahead
2008-02-09 17:27 737,280 ----a-w C:\Winnt\iun6002.exe
2008-02-09 16:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-02 20:32 43,698 ----a-w C:\Winnt\system32\xvid-uninstall.exe
2008-02-02 20:32 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-02 17:57 --------- d-----w C:\Program Files\WinASPI
2008-02-02 17:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-02-02 17:48 --------- d-----w C:\Program Files\ffdshow
2008-02-02 17:12 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-15 18:49 --------- d-----w C:\Program Files\SolidWorks
2008-01-05 15:47 3,760 ----a-w C:\ok.exe
2007-11-12 19:46 78,248 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 20:01 1,194 ----a-w C:\Program Files\Netlor Studiopreview.html
2007-06-17 18:59 0 ---ha-w C:\Documents and Settings\Administrateur\hpothb07.dat
2007-05-22 17:54 7,246 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2006-01-16 13:48 597 ----a-w C:\Program Files\swxJRNL.swj
2003-07-10 09:16 271 ---ha-w C:\Program Files\desktop.ini
2003-07-10 09:16 22,115 ---ha-w C:\Program Files\folder.htt
2003-06-23 01:00 32,528 ----a-w C:\Winnt\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [20/02/01 13:09 8192 C:\WINNT\system32\CTFMON.EXE]
"NVIEW"="nview.dll" [02/05/03 15:19 835654 C:\WINNT\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [23/06/03 02:00 111888 C:\WINNT\system32\mobsync.exe]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [14/12/01 22:01 32768]
"NvCplDaemon"="C:\Winnt\system32\NvCpl.dll" [02/05/03 15:19 4640768]
"nwiz"="nwiz.exe" [02/05/03 15:19 323584 C:\WINNT\system32\nwiz.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [17/12/02 12:28 684032]
"Logitech Utility"="Logi_MwX.Exe" [04/03/03 03:50 19968 C:\WINNT\LOGI_MWX.EXE]
"AdslTaskBar"="stmctrl.dll" [06/06/03 09:32 151552 C:\WINNT\system32\stmctrl.dll]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe" [14/11/06 14:55 50736]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [26/04/04 16:40 75776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/05/07 19:53 98304]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/02 09:42 69632]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [31/08/07 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23/06/03 02:00 20752 C:\WINNT\system32\internat.exe]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [23/06/03 07:00 189712]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CodeStuff Starter.lnk - C:\Program Files\CodeStuff\Starter\Starter.exe [2006-04-09 15:43:54 516608]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-05-23 19:52:37 156784]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2007-07-28 14:56:44 233472]
R0 avgntmgr;avgntmgr;C:\Winnt\system32\DRIVERS\avgntmgr.sys [18/07/07 14:21 ]
R1 avgntdd;avgntdd;C:\Winnt\system32\DRIVERS\avgntdd.sys [09/08/07 13:03 ]
R3 usbhub20;Prise en charge du concentrateur racine USB 2.0;C:\Winnt\system32\DRIVERS\usbhub20.sys [19/06/03 19:05 ]
S1 cdudf;cdudf;C:\Winnt\system32\drivers\cdudf.sys [30/12/03 09:39 ]
S2 Computer;Computer;C:\Winnt\system\host.exe []
S2 NumberBoerial;MediaWortable;C:\Winnt\system\mono.exe []
S2 Rpx_Com;Communication RPX;C:\Winnt\system32\DRIVERS\Rpx_drv.sys [31/05/00 12:49 ]
S2 Winmogemt;Windows Menagement;C:\Winnt\system32\winpctools []
S2 WSP Services;WSP State Services;C:\Winnt\system\systemsys []
S3 Stmatm;ATM/ADSL miniport;C:\Winnt\system32\DRIVERS\stmatm.sys [10/06/03 15:32 ]
S3 TaurusUsb;ADSL Modem USB Service;C:\Winnt\system32\DRIVERS\torususb.sys [20/06/03 15:19 ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
explorer
DCOMLodueher
WZCSV
†
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 16:15:00 C:\Winnt\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 21:12:19
Windows 5.0.2195 Service Pack 4 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\Winnt\system32\EsA.nls"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmogemt]
"ImagePath"="C:\Winnt\system32\winpctools"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSP Services]
"ImagePath"="C:\Winnt\system\systemsys"
.
Temps d'accomplissement: 11/03/2008 21:12:46
ComboFix-quarantined-files.txt 2008-03-11 20:12:39
Aprés avoir lancé Combofix les 2 IEXPLORE ont disparus du processus,c'est déjà un grand pas MERCI.
je te poste le rapport Combofix
ComboFix 08-03-08.2 - Administrateur 11/03/2008 21:10:43.4 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.864 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Winnt\system32\drivers\fad.sys
C:\Winnt\Web\default.htt
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 11:12 . 09/03/08 11:12 <DIR> d-------- C:\Program Files\Avira
2008-03-09 11:12 . 09/03/08 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-09 09:09 . 09/03/08 09:09 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_23c.dat
2008-03-08 13:04 . 08/03/08 13:04 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_238.dat
2008-03-08 12:58 . 08/03/08 12:58 <DIR> d-------- C:\WINNT\ERUNT
2008-03-08 11:48 . 08/03/08 13:09 <DIR> d-------- C:\SDFix
2008-03-08 09:20 . 08/03/08 09:20 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_380.dat
2008-03-08 08:58 . 08/03/08 08:58 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_240.dat
2008-03-07 21:21 . 23/12/07 15:09 538,624 --------- C:\WINNT\system32\trz226.tmp
2008-03-07 16:50 . 07/03/08 16:51 5,637 --a------ C:\WINNT\Fix IE Log.BAK
2008-03-07 16:25 . 07/03/08 16:25 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_254.dat
2008-03-07 15:33 . 07/03/08 15:33 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2008-03-07 14:56 . 07/03/08 14:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-05 15:16 . 05/03/08 15:16 0 --a------ C:\WINNT\Retz.4d
2008-03-04 21:35 . 04/03/08 21:35 106 --a------ C:\delete.bat
2008-03-04 21:00 . 07/03/08 15:37 1,942 --a------ C:\WINNT\imsins.BAK
2008-03-04 18:43 . 04/03/08 18:43 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_350.dat
2008-03-01 20:16 . 01/03/08 20:16 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_344.dat
2008-03-01 10:38 . 01/03/08 10:38 <DIR> d-------- C:\Program Files\Panda Security
2008-03-01 09:58 . 01/03/08 09:58 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_34c.dat
2008-03-01 07:51 . 01/03/08 07:51 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_354.dat
2008-02-29 21:18 . 29/02/08 21:18 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_360.dat
2008-02-29 21:08 . 29/02/08 21:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-29 21:08 . 07/03/08 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-29 16:20 . 29/02/08 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 15:23 . 29/02/08 15:23 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_318.dat
2008-02-29 15:15 . 29/02/08 15:15 <DIR> d-------- C:\Program Files\CodeStuff
2008-02-29 14:18 . 29/02/08 14:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-29 14:18 . 29/02/08 14:19 <DIR> d-------- C:\Program Files\CCleaner
2008-02-26 20:27 . 26/02/08 20:27 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_330.dat
2008-02-25 17:01 . 11/03/08 21:10 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_184.dat
2008-02-24 08:45 . 24/02/08 08:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_334.dat
2008-02-22 08:39 . 22/02/08 08:39 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_180.dat
2008-02-22 06:44 . 22/02/08 06:44 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_328.dat
2008-02-21 17:54 . 21/02/08 17:54 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_320.dat
2008-02-20 06:45 . 20/02/08 06:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_32c.dat
2008-02-19 21:59 . 19/02/08 21:59 <DIR> d-------- C:\PerfLogs
2008-02-19 21:52 . 19/02/08 21:52 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4bc.dat
2008-02-16 16:14 . 16/02/08 16:14 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-02-16 11:02 . 16/02/08 11:02 <DIR> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-02-13 16:43 . 13/02/08 16:43 15,872 --a------ C:\WINNT\system32\EsA.nls
2008-02-11 20:50 . 12/12/02 01:34 208,896 --a------ C:\WINNT\system32\wmpns.dll
2008-02-11 20:47 . 12/12/02 01:34 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2008-02-11 20:47 . 14/12/02 17:41 200,192 --a------ C:\WINNT\system32\wmerror.dll
2008-02-11 20:47 . 12/12/02 01:34 106,496 --a------ C:\WINNT\system32\wmpasf.dll
2008-02-11 20:47 . 14/12/02 17:41 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2008-02-11 20:47 . 17/12/02 18:45 52,736 --a------ C:\WINNT\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 15:52 --------- d-----w C:\Program Files\Google
2008-02-16 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-15 18:45 --------- d-----w C:\Program Files\eMule
2008-02-15 18:45 --------- d-----w C:\Program Files\DivX
2008-02-10 19:30 --------- d-----w C:\Program Files\DaViDeo3professional
2008-02-09 17:45 --------- d-----w C:\Program Files\Gabest
2008-02-09 17:45 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-02-09 17:45 --------- d-----w C:\Program Files\Ahead
2008-02-09 17:27 737,280 ----a-w C:\Winnt\iun6002.exe
2008-02-09 16:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-02 20:32 43,698 ----a-w C:\Winnt\system32\xvid-uninstall.exe
2008-02-02 20:32 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-02 17:57 --------- d-----w C:\Program Files\WinASPI
2008-02-02 17:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-02-02 17:48 --------- d-----w C:\Program Files\ffdshow
2008-02-02 17:12 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-15 18:49 --------- d-----w C:\Program Files\SolidWorks
2008-01-05 15:47 3,760 ----a-w C:\ok.exe
2007-11-12 19:46 78,248 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 20:01 1,194 ----a-w C:\Program Files\Netlor Studiopreview.html
2007-06-17 18:59 0 ---ha-w C:\Documents and Settings\Administrateur\hpothb07.dat
2007-05-22 17:54 7,246 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2006-01-16 13:48 597 ----a-w C:\Program Files\swxJRNL.swj
2003-07-10 09:16 271 ---ha-w C:\Program Files\desktop.ini
2003-07-10 09:16 22,115 ---ha-w C:\Program Files\folder.htt
2003-06-23 01:00 32,528 ----a-w C:\Winnt\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [20/02/01 13:09 8192 C:\WINNT\system32\CTFMON.EXE]
"NVIEW"="nview.dll" [02/05/03 15:19 835654 C:\WINNT\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [23/06/03 02:00 111888 C:\WINNT\system32\mobsync.exe]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [14/12/01 22:01 32768]
"NvCplDaemon"="C:\Winnt\system32\NvCpl.dll" [02/05/03 15:19 4640768]
"nwiz"="nwiz.exe" [02/05/03 15:19 323584 C:\WINNT\system32\nwiz.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [17/12/02 12:28 684032]
"Logitech Utility"="Logi_MwX.Exe" [04/03/03 03:50 19968 C:\WINNT\LOGI_MWX.EXE]
"AdslTaskBar"="stmctrl.dll" [06/06/03 09:32 151552 C:\WINNT\system32\stmctrl.dll]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe" [14/11/06 14:55 50736]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [26/04/04 16:40 75776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/05/07 19:53 98304]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [17/04/02 09:42 69632]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [31/08/07 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23/06/03 02:00 20752 C:\WINNT\system32\internat.exe]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [23/06/03 07:00 189712]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CodeStuff Starter.lnk - C:\Program Files\CodeStuff\Starter\Starter.exe [2006-04-09 15:43:54 516608]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-05-23 19:52:37 156784]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2007-07-28 14:56:44 233472]
R0 avgntmgr;avgntmgr;C:\Winnt\system32\DRIVERS\avgntmgr.sys [18/07/07 14:21 ]
R1 avgntdd;avgntdd;C:\Winnt\system32\DRIVERS\avgntdd.sys [09/08/07 13:03 ]
R3 usbhub20;Prise en charge du concentrateur racine USB 2.0;C:\Winnt\system32\DRIVERS\usbhub20.sys [19/06/03 19:05 ]
S1 cdudf;cdudf;C:\Winnt\system32\drivers\cdudf.sys [30/12/03 09:39 ]
S2 Computer;Computer;C:\Winnt\system\host.exe []
S2 NumberBoerial;MediaWortable;C:\Winnt\system\mono.exe []
S2 Rpx_Com;Communication RPX;C:\Winnt\system32\DRIVERS\Rpx_drv.sys [31/05/00 12:49 ]
S2 Winmogemt;Windows Menagement;C:\Winnt\system32\winpctools []
S2 WSP Services;WSP State Services;C:\Winnt\system\systemsys []
S3 Stmatm;ATM/ADSL miniport;C:\Winnt\system32\DRIVERS\stmatm.sys [10/06/03 15:32 ]
S3 TaurusUsb;ADSL Modem USB Service;C:\Winnt\system32\DRIVERS\torususb.sys [20/06/03 15:19 ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
explorer
DCOMLodueher
WZCSV
†
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 16:15:00 C:\Winnt\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 21:12:19
Windows 5.0.2195 Service Pack 4 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\Winnt\system32\EsA.nls"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmogemt]
"ImagePath"="C:\Winnt\system32\winpctools"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSP Services]
"ImagePath"="C:\Winnt\system\systemsys"
.
Temps d'accomplissement: 11/03/2008 21:12:46
ComboFix-quarantined-files.txt 2008-03-11 20:12:39
jessw
12 Mars 2008 18:07:05
Bonjour,
Le probleme d'apparition retardée des icones au démarrage est résolu mais la mise hors tension du pc est toujours aussi longue.
Voici le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:01, on 12/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\Explorer.EXE
C:\Winnt\system32\mobsync.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Winnt\Logi_MwX.Exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Winnt\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 86.64.145.145 84.103.237.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Computer - Unknown owner - C:\Winnt\system\host.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MediaWortable (NumberBoerial) - Unknown owner - C:\Winnt\system\mono.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
O23 - Service: Windows Menagement (Winmogemt) - Unknown owner - C:\Winnt\system32\winpctools (file missing)
O23 - Service: WSP State Services (WSP Services) - Unknown owner - C:\Winnt\system\systemsys (file missing)
--
End of file - 7960 bytes
Le probleme d'apparition retardée des icones au démarrage est résolu mais la mise hors tension du pc est toujours aussi longue.
Voici le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:01, on 12/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\SYSTEM32\GEARSEC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\Explorer.EXE
C:\Winnt\system32\mobsync.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Winnt\Logi_MwX.Exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Winnt\system32\ctfmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Winnt\system32\rundll32.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 86.64.145.145 84.103.237.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Computer - Unknown owner - C:\Winnt\system\host.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MediaWortable (NumberBoerial) - Unknown owner - C:\Winnt\system\mono.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
O23 - Service: Windows Menagement (Winmogemt) - Unknown owner - C:\Winnt\system32\winpctools (file missing)
O23 - Service: WSP State Services (WSP Services) - Unknown owner - C:\Winnt\system\systemsys (file missing)
--
End of file - 7960 bytes
jessw
12 Mars 2008 22:07:56
Ok,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
Computer
NumberBoerial
Winmogemt
WSP Services
WSP Services
File::
C:\Winnt\system\host.exe
C:\Winnt\system\mono.exe
Computer
NumberBoerial
Winmogemt
WSP Services
WSP Services
File::
C:\Winnt\system\host.exe
C:\Winnt\system\mono.exe
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
jessw
13 Mars 2008 21:12:24
Bonjour, voici le rapport de combofix et le rapport hijackthis
Merci
ComboFix 08-03-08.2 - Administrateur 13/03/2008 20:57:43.5 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.775 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Winnt\system\host.exe
C:\Winnt\system\mono.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 11:12 . 08-03-09 11:12 <DIR> d-------- C:\Program Files\Avira
2008-03-09 11:12 . 08-03-09 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-08 12:58 . 08-03-08 12:58 <DIR> d-------- C:\WINNT\ERUNT
2008-03-08 11:48 . 08-03-08 13:09 <DIR> d-------- C:\SDFix
2008-03-07 21:21 . 07-12-23 15:09 538,624 --------- C:\WINNT\system32\trz226.tmp
2008-03-07 16:50 . 08-03-07 16:51 5,637 --a------ C:\WINNT\Fix IE Log.BAK
2008-03-07 14:56 . 08-03-07 14:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-05 15:16 . 08-03-05 15:16 0 --a------ C:\WINNT\Retz.4d
2008-03-04 21:35 . 08-03-04 21:35 106 --a------ C:\delete.bat
2008-03-04 21:00 . 08-03-07 15:37 1,942 --a------ C:\WINNT\imsins.BAK
2008-03-01 10:38 . 08-03-01 10:38 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 21:08 . 08-02-29 21:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-29 21:08 . 08-03-07 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-29 16:20 . 08-02-29 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 15:15 . 08-02-29 15:15 <DIR> d-------- C:\Program Files\CodeStuff
2008-02-29 14:18 . 08-02-29 14:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-29 14:18 . 08-02-29 14:19 <DIR> d-------- C:\Program Files\CCleaner
2008-02-19 21:59 . 08-02-19 21:59 <DIR> d-------- C:\PerfLogs
2008-02-16 16:14 . 08-02-16 16:14 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-02-16 11:02 . 08-02-16 11:02 <DIR> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-02-13 16:43 . 08-02-13 16:43 15,872 --a------ C:\WINNT\system32\EsA.nls
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 15:52 --------- d-----w C:\Program Files\Google
2008-02-16 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-15 18:45 --------- d-----w C:\Program Files\eMule
2008-02-15 18:45 --------- d-----w C:\Program Files\DivX
2008-02-10 19:30 --------- d-----w C:\Program Files\DaViDeo3professional
2008-02-09 17:45 --------- d-----w C:\Program Files\Gabest
2008-02-09 17:45 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-02-09 17:45 --------- d-----w C:\Program Files\Ahead
2008-02-09 17:27 737,280 ----a-w C:\Winnt\iun6002.exe
2008-02-09 16:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-02 20:32 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-02 17:57 --------- d-----w C:\Program Files\WinASPI
2008-02-02 17:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-02-02 17:48 --------- d-----w C:\Program Files\ffdshow
2008-02-02 17:12 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-15 18:49 --------- d-----w C:\Program Files\SolidWorks
2008-01-05 15:47 3,760 ----a-w C:\ok.exe
2007-11-12 19:46 78,248 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 20:01 1,194 ----a-w C:\Program Files\Netlor Studiopreview.html
2007-06-17 18:59 0 ---ha-w C:\Documents and Settings\Administrateur\hpothb07.dat
2007-05-22 17:54 7,246 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2006-01-16 13:48 597 ----a-w C:\Program Files\swxJRNL.swj
2003-07-10 09:16 271 ---ha-w C:\Program Files\desktop.ini
2003-07-10 09:16 22,115 ---ha-w C:\Program Files\folder.htt
2003-06-23 01:00 32,528 ----a-w C:\Winnt\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((( snapshot@mar. 11-03-2008_21.12.30,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\Winnt\erdnt\subs\ERDNT.EXE
- 2007-09-07 11:05:19 62,016 ----a-w C:\Winnt\system32\drivers\avipbb.sys
+ 2008-03-12 16:56:46 61,632 ----a-w C:\Winnt\system32\drivers\avipbb.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 8192 C:\WINNT\system32\CTFMON.EXE]
"NVIEW"="nview.dll" [03-05-02 15:19 835654 C:\WINNT\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-23 02:00 111888 C:\WINNT\system32\mobsync.exe]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [01-12-14 22:01 32768]
"NvCplDaemon"="C:\Winnt\system32\NvCpl.dll" [03-05-02 15:19 4640768]
"nwiz"="nwiz.exe" [03-05-02 15:19 323584 C:\WINNT\system32\nwiz.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-12-17 12:28 684032]
"Logitech Utility"="Logi_MwX.Exe" [03-03-04 03:50 19968 C:\WINNT\LOGI_MWX.EXE]
"AdslTaskBar"="stmctrl.dll" [03-06-06 09:32 151552 C:\WINNT\system32\stmctrl.dll]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe" [06-11-14 14:55 50736]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [04-04-26 16:40 75776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-05-23 19:53 98304]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [02-04-17 09:42 69632]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-03-12 17:56 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [03-06-23 02:00 20752 C:\WINNT\system32\internat.exe]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-23 07:00 189712]
R0 avgntmgr;avgntmgr;C:\Winnt\system32\DRIVERS\avgntmgr.sys [07-07-18 14:21 ]
R1 avgntdd;avgntdd;C:\Winnt\system32\DRIVERS\avgntdd.sys [07-08-09 13:03 ]
R1 cdudf;cdudf;C:\Winnt\system32\drivers\cdudf.sys [03-12-30 09:39 ]
R2 Rpx_Com;Communication RPX;C:\Winnt\system32\DRIVERS\Rpx_drv.sys [00-05-31 12:49 ]
R3 Stmatm;ATM/ADSL miniport;C:\Winnt\system32\DRIVERS\stmatm.sys [03-06-10 15:32 ]
R3 TaurusUsb;ADSL Modem USB Service;C:\Winnt\system32\DRIVERS\torususb.sys [03-06-20 15:19 ]
R3 usbhub20;Prise en charge du concentrateur racine USB 2.0;C:\Winnt\system32\DRIVERS\usbhub20.sys [03-06-19 19:05 ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
explorer
DCOMLodueher
WZCSV
†
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 16:15:00 C:\Winnt\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 21:04:54
Windows 5.0.2195 Service Pack 4 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\Winnt\system32\EsA.nls"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-13 21:06:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 20:06:31
ComboFix2.txt 2008-03-11 20:12:47
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:14, on 13/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Winnt\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Winnt\system32\svchost.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Winnt\explorer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\aolsoftware.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
--
End of file - 6825 bytes
Merci
ComboFix 08-03-08.2 - Administrateur 13/03/2008 20:57:43.5 - NTFSx86
Microsoft Windows 2000 Professionnel 5.0.2195.4.1252.1.1036.18.775 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\Winnt\system\host.exe
C:\Winnt\system\mono.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))))))))
.
2008-03-09 11:12 . 08-03-09 11:12 <DIR> d-------- C:\Program Files\Avira
2008-03-09 11:12 . 08-03-09 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-08 12:58 . 08-03-08 12:58 <DIR> d-------- C:\WINNT\ERUNT
2008-03-08 11:48 . 08-03-08 13:09 <DIR> d-------- C:\SDFix
2008-03-07 21:21 . 07-12-23 15:09 538,624 --------- C:\WINNT\system32\trz226.tmp
2008-03-07 16:50 . 08-03-07 16:51 5,637 --a------ C:\WINNT\Fix IE Log.BAK
2008-03-07 14:56 . 08-03-07 14:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-05 15:16 . 08-03-05 15:16 0 --a------ C:\WINNT\Retz.4d
2008-03-04 21:35 . 08-03-04 21:35 106 --a------ C:\delete.bat
2008-03-04 21:00 . 08-03-07 15:37 1,942 --a------ C:\WINNT\imsins.BAK
2008-03-01 10:38 . 08-03-01 10:38 <DIR> d-------- C:\Program Files\Panda Security
2008-02-29 21:08 . 08-02-29 21:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-29 21:08 . 08-03-07 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-29 16:20 . 08-02-29 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 15:15 . 08-02-29 15:15 <DIR> d-------- C:\Program Files\CodeStuff
2008-02-29 14:18 . 08-02-29 14:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-29 14:18 . 08-02-29 14:19 <DIR> d-------- C:\Program Files\CCleaner
2008-02-19 21:59 . 08-02-19 21:59 <DIR> d-------- C:\PerfLogs
2008-02-16 16:14 . 08-02-16 16:14 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-02-16 11:02 . 08-02-16 11:02 <DIR> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-02-13 16:43 . 08-02-13 16:43 15,872 --a------ C:\WINNT\system32\EsA.nls
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 15:52 --------- d-----w C:\Program Files\Google
2008-02-16 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-15 18:45 --------- d-----w C:\Program Files\eMule
2008-02-15 18:45 --------- d-----w C:\Program Files\DivX
2008-02-10 19:30 --------- d-----w C:\Program Files\DaViDeo3professional
2008-02-09 17:45 --------- d-----w C:\Program Files\Gabest
2008-02-09 17:45 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-02-09 17:45 --------- d-----w C:\Program Files\Ahead
2008-02-09 17:27 737,280 ----a-w C:\Winnt\iun6002.exe
2008-02-09 16:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-02 20:32 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-02 17:57 --------- d-----w C:\Program Files\WinASPI
2008-02-02 17:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-02-02 17:48 --------- d-----w C:\Program Files\ffdshow
2008-02-02 17:12 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-15 18:49 --------- d-----w C:\Program Files\SolidWorks
2008-01-05 15:47 3,760 ----a-w C:\ok.exe
2007-11-12 19:46 78,248 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-08-28 20:01 1,194 ----a-w C:\Program Files\Netlor Studiopreview.html
2007-06-17 18:59 0 ---ha-w C:\Documents and Settings\Administrateur\hpothb07.dat
2007-05-22 17:54 7,246 ----a-w C:\Program Files\SolidWorksswxJRNL.BAK
2006-01-16 13:48 597 ----a-w C:\Program Files\swxJRNL.swj
2003-07-10 09:16 271 ---ha-w C:\Program Files\desktop.ini
2003-07-10 09:16 22,115 ---ha-w C:\Program Files\folder.htt
2003-06-23 01:00 32,528 ----a-w C:\Winnt\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((( snapshot@mar. 11-03-2008_21.12.30,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\Winnt\erdnt\subs\ERDNT.EXE
- 2007-09-07 11:05:19 62,016 ----a-w C:\Winnt\system32\drivers\avipbb.sys
+ 2008-03-12 16:56:46 61,632 ----a-w C:\Winnt\system32\drivers\avipbb.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 8192 C:\WINNT\system32\CTFMON.EXE]
"NVIEW"="nview.dll" [03-05-02 15:19 835654 C:\WINNT\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-23 02:00 111888 C:\WINNT\system32\mobsync.exe]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [01-12-14 22:01 32768]
"NvCplDaemon"="C:\Winnt\system32\NvCpl.dll" [03-05-02 15:19 4640768]
"nwiz"="nwiz.exe" [03-05-02 15:19 323584 C:\WINNT\system32\nwiz.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-12-17 12:28 684032]
"Logitech Utility"="Logi_MwX.Exe" [03-03-04 03:50 19968 C:\WINNT\LOGI_MWX.EXE]
"AdslTaskBar"="stmctrl.dll" [03-06-06 09:32 151552 C:\WINNT\system32\stmctrl.dll]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe" [06-11-14 14:55 50736]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [04-04-26 16:40 75776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-05-23 19:53 98304]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [02-04-17 09:42 69632]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-03-12 17:56 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [03-06-23 02:00 20752 C:\WINNT\system32\internat.exe]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-23 07:00 189712]
R0 avgntmgr;avgntmgr;C:\Winnt\system32\DRIVERS\avgntmgr.sys [07-07-18 14:21 ]
R1 avgntdd;avgntdd;C:\Winnt\system32\DRIVERS\avgntdd.sys [07-08-09 13:03 ]
R1 cdudf;cdudf;C:\Winnt\system32\drivers\cdudf.sys [03-12-30 09:39 ]
R2 Rpx_Com;Communication RPX;C:\Winnt\system32\DRIVERS\Rpx_drv.sys [00-05-31 12:49 ]
R3 Stmatm;ATM/ADSL miniport;C:\Winnt\system32\DRIVERS\stmatm.sys [03-06-10 15:32 ]
R3 TaurusUsb;ADSL Modem USB Service;C:\Winnt\system32\DRIVERS\torususb.sys [03-06-20 15:19 ]
R3 usbhub20;Prise en charge du concentrateur racine USB 2.0;C:\Winnt\system32\DRIVERS\usbhub20.sys [03-06-19 19:05 ]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
explorer
DCOMLodueher
WZCSV
†
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 16:15:00 C:\Winnt\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 21:04:54
Windows 5.0.2195 Service Pack 4 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="C:\Winnt\system32\EsA.nls"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-13 21:06:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 20:06:31
ComboFix2.txt 2008-03-11 20:12:47
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:14, on 13/03/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\Winnt\System32\smss.exe
C:\Winnt\system32\winlogon.exe
C:\Winnt\system32\services.exe
C:\Winnt\system32\lsass.exe
C:\Winnt\system32\svchost.exe
C:\Winnt\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Winnt\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Winnt\system32\nvsvc32.exe
C:\Winnt\system32\regsvc.exe
C:\Winnt\system32\stisvc.exe
C:\Winnt\wanmpsvc.exe
C:\Winnt\System32\WBEM\WinMgmt.exe
C:\Winnt\system32\mspmspsv.exe
C:\Winnt\system32\svchost.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Winnt\explorer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\1179857804\ee\aolsoftware.exe
C:\Documents and Settings\Administrateur\Mes documents\JESSY\pilote et logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1179857804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: CodeStuff Starter.lnk = C:\Program Files\CodeStuff\Starter\Starter.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Winnt\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Winnt\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5EA6B8-8DEC-44BB-9004-AB626A857529}: NameServer = 84.103.237.144 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB281DA0-20A0-411C-813E-2C62395D61D7}: NameServer = 205.188.146.145
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\Winnt\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\Winnt\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Winnt\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Winnt\wanmpsvc.exe
--
End of file - 6825 bytes
jessw
14 Mars 2008 20:49:33
jessw
15 Mars 2008 09:37:47
jessw
15 Mars 2008 14:29:43
Contenus similaires