Votre question

infection par le trojan Win32:Purityscan-AD

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Décembre 2006 17:27:05

Bonjour,

J'ai suis infecté par un trojan depuis hier soir. Le trojan est le Win32:p urityScan-AD. J'ai déjà essayé plusieurs méthodes pour le supprimer. Malheureusement je n'ai toujorus pas réussi à avoir un résultat.
Que puis-je faire?
Voici le rapport par HijackThis :


Logfile of HijackThis v1.99.1
Scan saved at 16:56:28, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Acer\eManager\anbmServ.exe
D:\Programmes\Avast\aswUpdSv.exe
D:\Programmes\Avast\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Programmes\Avast\ashMaiSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
D:\Programmes\Avast\ashWebSv.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Utils\Logitech\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
D:\PROGRA~1\Avast\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Utils\Logitech\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Utils\FolderShare\FolderShare.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wscntfy.exe
D:\Programmes\Palm\HOTSYNC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\{0A2A1AD4-0709-1036-0726-050406110020}\Update.exe
C:\Documents and Settings\Antoine Godin\Bureau\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwproxy.fh-kiel.de/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3A2A1~2\888Bar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "D:\Utils\Logitech\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Utils\Logitech\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Easy PDF Creator] "C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\utils\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FolderShare] "D:\Utils\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = D:\Programmes\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programmes\Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: BlueSoleil VoIP Plugin.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmes\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmes\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmes\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmes\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Easy PDF Creator Printing (Service1) - Unknown owner - C:\Program Files\Easy PDF Creator\EasyPrinting.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Autres pages sur : infection trojan win32 purityscan

a b 8 Sécurité
6 Décembre 2006 17:28:30

Bonjour,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    6 Décembre 2006 17:32:31

    voici le rapport :

    ComboFix 06.11.27W - Running from: "C:\Program Files\Mozilla Firefox"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Fichiers communs\{0A2A1AD4-0708-1036-0726-050406110020}
    C:\Program Files\Fichiers communs\{3A2A1AD4-0708-1036-0726-050406110020}
    C:\Program Files\Fichiers communs\{0A2A1AD4-0709-1036-0726-050406110020}
    C:\Program Files\Fichiers communs\{3A2A1AD4-0709-1036-0726-050406110020}
    C:\Program Files\Fichiers communs\{0A2A1AD4-0709-1036-0726-050406110001}
    C:\Program Files\Fichiers communs\{3A2A1AD4-0709-1036-0726-050406110001}


    ((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


    2006-12-06 17:19 122,880 C:\Documents and Settings\Antoine Godin\winstall.exe
    2006-12-06 14:05 <REP> dr-h----- C:\Documents and Settings\Antoine Godin\Recent
    2006-12-06 14:01 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-12-06 14:01 <REP> d-------- C:\Program Files\Grisoft
    2006-12-05 17:28 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
    2006-12-05 17:28 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
    2006-12-05 17:28 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
    2006-12-05 17:28 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
    2006-12-05 17:28 <REP> d-------- C:\Program Files\Webroot
    2006-12-05 17:28 <REP> d-------- C:\Documents and Settings\Antoine Godin\Application Data\Webroot
    2006-12-05 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
    2006-12-05 17:01 8,759 --a------ C:\Documents and Settings\Antoine Godin\tel.exe
    2006-12-05 17:01 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
    2006-12-05 16:10 138,565 --a------ C:\Documents and Settings\Antoine Godin\mcc.exe
    2006-11-29 09:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
    2006-11-29 09:27 <REP> d-------- C:\Program Files\IVT Corporation
    2006-11-27 18:19 <REP> d-------- C:\Program Files\iTunes
    2006-11-27 18:19 <REP> d-------- C:\Program Files\iPod
    2006-11-27 18:16 <REP> d-------- C:\Program Files\Apple Software Update
    2006-11-22 08:47 57,344 --a------ C:\WINDOWS\system32\pdfmont.dll
    2006-11-22 08:47 <REP> d-------- C:\Program Files\Easy PDF Creator
    2006-11-20 09:35 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2006-11-09 08:04 <REP> d-------- C:\Program Files\hp deskjet 3820 series
    2006-11-09 08:03 270,336 --a------ C:\WINDOWS\system32\hpzcon07.dll
    2006-11-09 08:03 208,896 --a------ C:\WINDOWS\system32\hpzcoi07.dll
    2006-11-09 08:03 147,512 --a------ C:\WINDOWS\system32\hpzlnt07.dll
    2006-11-09 08:00 <REP> d-------- C:\Documents and Settings\Antoine Godin\win2k_xp
    2006-11-09 08:00 <REP> d-------- C:\Documents and Settings\Antoine Godin\images
    2006-11-09 08:00 <REP> d-------- C:\Documents and Settings\Antoine Godin\animation
    2006-11-07 18:43 <REP> d-------- C:\WINDOWS\WBEM
    2006-11-07 18:43 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2006-11-07 18:41 <REP> d--h----- C:\WINDOWS\ie7
    2006-11-07 18:39 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2006-11-07 18:37 <REP> d-------- C:\WINDOWS\network diagnostic
    2006-11-07 18:36 <REP> d-------- C:\Program Files\Mozilla Firefox


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    Rootkit driver pe386 is present. A rootkit scan is required

    2006-11-07 18:05 40 ---hs---- C:\Documents and Settings\Antoine Godin\Application Data\.zreglib
    2006-11-04 14:17 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-11 17:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
    2006-10-11 17:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
    2006-10-11 17:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
    2006-10-11 17:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
    2006-10-11 17:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
    2006-10-11 17:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
    2006-10-06 20:05 1011892 --a------ C:\Super_KBNoTeam_441_FTA.exe
    2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
    2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-12 18:01 96256 --a------ C:\WINDOWS\system32\msxml4r.dll
    2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "FolderShare"="\"D:\\Utils\\FolderShare\\FolderShare.exe\" /background"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "preload"="C:\\Windows\\RUNXMLPL.exe"
    "SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
    "SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
    "LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
    "PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
    "LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
    "CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
    "LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
    "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
    "NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "AGRSMMSG"="AGRSMMSG.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="\"D:\\Utils\\Logitech\\ISStart.exe\" "
    "LogitechVideoTray"="D:\\Utils\\Logitech\\LogiTray.exe"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
    "VTTrayp"="VTtrayp.exe"
    "VTTimer"="VTTimer.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "kmw_run.exe"="kmw_run.exe"
    "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "avast!"="D:\\PROGRA~1\\Avast\\ashDisp.exe"
    "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
    "Easy PDF Creator"="\"C:\\Program Files\\Easy PDF Creator\\EasyPDFCreator.exe\""
    "QuickTime Task"="\"D:\\utils\\Quick Time\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,20,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,00,00,00,00,00,00,00,01,04,00,00,20,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,ff,00,00,00,00,00,00,00,01,04,00,00,20,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

    Completion time: 06-12-06 17:31:48.95
    C:\ComboFix.txt ... 06-12-06 17:31
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS