Précédent
- 1
- 2
-
----------------- FindyKill V4.710 ------------------
* User : ADDX - ADRIEN
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 17:46:22 le 23.12.2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\9129837.EXE-391AE89C.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\ADDX\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\ADDX\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\ADDX\Local Settings\Temporary Internet Files\Content.IE5
Found ! [23.03.2007 18:01] - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Album inconnu\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Large.jpg
Found ! [23.03.2007 18:01] - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Album inconnu\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Small.jpg
Found ! [27.01.2008 19:41] - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Violator\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Large.jpg
Found ! [27.01.2008 19:41] - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Violator\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Small.jpg
Found ! [29.06.2008 15:33] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
JMB36X IDE Setup=C:\WINDOWS\RaidTool\xInsIDE.exe
36X Raid Configurer=C:\WINDOWS\system32\xRaidSetup.exe boot
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SoundMax="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
nwiz=nwiz.exe /install
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1417001333-1390067357-725345543-1004\Software\Ubisoft
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 3
Ip6Fw - Type de démarrage = 3
/!\ SharedAccess - Type de démarrage = 4
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur de CD-ROM
+- Contenu de l'autorun : D:\autorun.inf
[autorun]
open=AutoRunCD.exe
icon=AutoRunCD.exe, 0
+- presence des fichiers :
Found ! [19.07.2007 15:53][-r-------] - D:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! -------------------- -
Ok. branches tes disques amovible sur ton Pc ( cles Usb, Disques dur externe...) sans les ouvrir... Double clique ensuite sur FindyKill et au menu, choisis cette fois l'option2 ( desinfection) --->> ne touches a rien pendant la suppression, jusqu'a l'apparition du message >> nettoyage effectue <<<. Appuies ensuite sur une touche pour faire apparaitre le rapport, postes le....
-
----------------- FindyKill V4.710 ------------------
* User : ADDX - ADRIEN
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 18:22:28 the 23.12.2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\userinit.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\9129837.EXE-391AE89C.pf
»»»» Supression files in C:\WINDOWS\system32
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\ADDX\Application Data
»»»» Supression files in C:\DOCUME~1\ADDX\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\ADDX\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Album inconnu\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Large.jpg
Deleted ! - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Album inconnu\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Small.jpg
Deleted ! - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Violator\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Large.jpg
Deleted ! - C:\Documents and Settings\ADDX\Mes documents\Music\Depeche Mode\Violator\AlbumArt_{9863CB64-AE2A-4D74-BCF0-BF8C5FE241D2}_Small.jpg
Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-1417001333-1390067357-725345543-1004\Software\Ubisoft
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur de CD-ROM
E: - Lecteur amovible
+- deleting files :
Not deleted !! - D:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
C:\Documents and Settings\ADDX\Mes documents\no_cd\crack ok
C:\Documents and Settings\ADDX\Mes documents\no_cd\crack ok\FarCry2.exe
C:\Documents and Settings\ADDX\Mes documents\no_cd\crack ok\FC2.dll
---------------- ! End of report ! ------------------ -
Re, Far Cry 2, ca ne te dis rien ? >> le Jeu <<, il faut virer tous les cracks avant de passer a la suite...
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
-
Ok, il va falloir faire tres attention aux instructions donnees, ce Fix est puissant.. Telecharge Combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe >>> Deconnectes toi du Net et fermes toutes les applications en cours Antivirus, Antispyware compris <<< cela pourrais gener fortement le scan... Double-cliques ensuite sur ComboFix.exe >> un pop up apparait -->> clique sur oui.. Je te conseille d'installer la console de recuperation... Choisis ensuite la langue et tapes sur la touche '' 1 '' ( Yes) pour demarrer le scan. >>> ATTENTION, ne touches a rien pendant le scan ( ni clavier, ni souris ...) >> Cela pourrait figer l'ordi... il se peut que Combofix ait besoin de redemarrer le pc, laisses faire pour finir la desinfection... une fois fini, combofix affiche un rapport, postes le ! Reactives la protection de ton pc ( antivirus, antispyware avant de te reconnecter au net )...
-
ComboFix 08-12-23.01 - ADDX 2008-12-23 19:57:23.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1545 [GMT 1:00]
Lancé depuis: c:\documents and settings\ADDX\Mes documents\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADDX\LOCALS~1\Temp\tmp1.tmp
c:\documents and settings\ADDX\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\new_drv.sys
c:\windows\system32\fcieav.dll
c:\windows\system32\rxrvwknu.dll
c:\windows\system32\wvUoPffe.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NEW_DRV
-------\Service_new_drv
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-23 au 2008-12-23 ))))))))))))))))))))))))))))))))))))
.
2008-12-23 17:45 . 2008-12-23 18:24 <REP> d-------- c:\program files\FindyKill
2008-12-22 14:18 . 2008-12-22 14:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 14:18 . 2008-12-22 14:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 14:18 . 2008-12-22 14:18 <REP> d-------- c:\documents and settings\ADDX\Application Data\Malwarebytes
2008-12-22 14:18 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 14:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 13:33 . 2008-12-22 14:09 <REP> d-------- C:\ToolBar SD
2008-12-22 12:30 . 2008-12-22 13:29 <REP> d-------- C:\Lop SD
2008-12-22 12:06 . 2008-12-22 12:13 <REP> d-------- c:\program files\Navilog1
2008-12-22 11:39 . 2008-12-22 11:39 <REP> d-------- c:\program files\Trend Micro
2008-12-22 09:34 . 2008-12-22 09:42 3 --a------ c:\windows\sbacknt.bin
2008-12-22 09:31 . 2008-12-22 10:51 <REP> d-------- c:\program files\vghd
2008-12-22 09:31 . 2008-12-22 09:47 <REP> d-------- c:\documents and settings\ADDX\Application Data\vghd
2008-12-22 09:31 . 2008-12-22 09:31 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-21 15:26 . 2008-12-21 15:26 <REP> d-------- c:\program files\TryMedia
2008-12-20 23:09 . 2008-12-20 23:09 <REP> d-------- c:\program files\MSN Messenger
2008-12-06 14:23 . 2004-11-29 18:51 <REP> d-------- C:\SAVE
2008-12-06 14:23 . 2004-11-29 18:51 <REP> d-------- C:\DATA
2008-11-30 17:21 . 2008-11-30 17:21 808 --a------ c:\windows\ssaver.ini
2008-11-30 17:21 . 2008-11-30 17:21 0 --a------ c:\windows\toons.INI
2008-11-29 10:11 . 2008-11-29 10:17 <REP> d-------- c:\program files\Widelands
2008-11-28 21:07 . 2008-11-28 21:07 <REP> d-------- c:\program files\Microsoft Games
2008-11-28 20:34 . 2008-11-28 20:34 <REP> d-------- c:\program files\JoWooD
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 18:55 --------- d-----w c:\documents and settings\ADDX\Application Data\Skype
2008-12-23 18:53 --------- d-----w c:\documents and settings\ADDX\Application Data\skypePM
2008-12-22 18:18 --------- d-----w c:\documents and settings\ADDX\Application Data\Desktopicon
2008-11-30 15:47 --------- d-----w c:\program files\VS Revo Group
2008-11-22 14:43 --------- d-----w c:\program files\PurFlirt
2008-11-22 10:43 --------- d-----w c:\program files\iTunes
2008-11-22 10:43 --------- d-----w c:\program files\iPod
2008-11-22 10:43 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-22 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 10:42 --------- d-----w c:\program files\QuickTime
2008-11-22 10:34 --------- d-----w c:\program files\Safari
2008-11-16 07:55 136,720 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-15 15:32 --------- d-----w c:\program files\Neoact
2008-11-09 10:44 --------- d-----w c:\program files\Apple Software Update
2008-11-09 10:32 --------- d-----w c:\program files\Bonjour
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 07:34 22,328 ----a-w c:\documents and settings\ADDX\Application Data\PnkBstrK.sys
2008-10-24 07:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 07:30 --------- d-----w c:\program files\Ubisoft
2008-10-23 21:19 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-23 16:38 --------- d-----w c:\program files\free-downloads.net
2008-10-23 16:38 --------- d-----w c:\program files\Conduit
2008-10-05 14:37 98,304 ----a-w c:\windows\DUMP4ca4.tmp
2008-10-05 14:31 98,304 ----a-w c:\windows\DUMP8c71.tmp
2008-10-05 14:22 98,304 ----a-w c:\windows\DUMP8915.tmp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-25 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2008-01-19 987136]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-09 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-26 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fcieav.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"LiveUpdate"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SoundMAX"="c:\program files\Analog Devices\SoundMAX\Smax4.exe" /tray
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals - Heure H\\patchget.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals - Heure H\\game.dat"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age22_x1.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-28 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-28 20560]
R2 nxsIO32;NextSensor Kernel I/O Driver;\??\c:\windows\System32\DRIVERS\nxsIO32.sys [2008-09-07 2208]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-01-19 176128]
R3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys [2008-01-19 13532]
.
Contenu du dossier 'Tâches planifiées'
2008-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-23 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
2008-12-23 c:\windows\Tasks\peekbudz.job
- c:\windows\system32\rundll32.exe [2008-04-14 03:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{7bae34f1-0894-4454-bc1c-dbb4081aecff} - c:\windows\system32\fcieav.dll
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ch/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 19:59:51
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2008-12-23 20:02:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-23 19:01:57
Avant-CF: 372'638'814'208 octets libres
Après-CF: 372,618,850,304 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
233 --- E O F --- 2008-12-20 10:00:52
Précédent
- 1
- 2
