Problème de redirection, crashs, etc...
Fermé
Appolyon13
-
26 janv. 2009 à 17:48
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 17 févr. 2009 à 14:57
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 17 févr. 2009 à 14:57
A voir également:
- Problème de redirection, crashs, etc...
- Redirection de mail - Guide
- Rapport de crash windows - Guide
- Virus de redirection bing windows ✓ - Forum Virus
- L'url suivante, censée aboutir à un article, donne lieu à une redirection indiquant que la page n'a pas été trouvée. retrouvez la page recherchée. reportez le titre de l’article et son auteur. ✓ - Forum Réseaux sociaux
- Redirection mail free ✓ - Forum Windows
72 réponses
J'ai essayé de l'éxecuter en tant qu'admin, et il me répond "un périphérique attaché au système ne fonctionne pas correctement".
J'ai honte pour le flood mais comment faire autrement...
J'ai honte pour le flood mais comment faire autrement...
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
27 janv. 2009 à 19:54
27 janv. 2009 à 19:54
il faut faire combofix AVANT malwarebyte suit bien les instruction donné et previent en cas de probleme et fait bien 1 analyse à la fois et surtout pendant combofix ne touche a rien
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
je ne peux pas installer combofix, tous les sites que j'essaye pour le télécharger refuse de se charger. Je pense que le virus intervient là dedans parce que cinq serveurs down en même temps c'est un peu zarb.
Est-ce que tu pourrais l'uploader sur Rs ou Mu pour que je le dl à partir de là ?
Merci
Est-ce que tu pourrais l'uploader sur Rs ou Mu pour que je le dl à partir de là ?
Merci
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
28 janv. 2009 à 18:42
28 janv. 2009 à 18:42
ok vundo ou autre doit bloque tous sa :
donc si tu as telecharger malwarebyte, met le ajour si tu peux, puis renomme le .exe "MB" par exemple
puis redemarre ton PC au bip tapote F8 et choisit mode sans echec et fait un scan complet avec malwarebyte (meme si les mise a jour sont impossible)
à la fin clic sur AFFICHER resultat et clic sur suppression et poste le rapport qui s'ouvre
donc si tu as telecharger malwarebyte, met le ajour si tu peux, puis renomme le .exe "MB" par exemple
puis redemarre ton PC au bip tapote F8 et choisit mode sans echec et fait un scan complet avec malwarebyte (meme si les mise a jour sont impossible)
à la fin clic sur AFFICHER resultat et clic sur suppression et poste le rapport qui s'ouvre
Voilà le rapport :
Je me doutais bien que svchost était un rootkit, il se multipliait sans cesse quand je le killai.
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
2009-01-28 20:22:00
mbam-log-2009-01-28 (20-21-55).txt
Type de recherche: Examen complet (C:\|E:\|I:\|)
Eléments examinés: 262433
Temps écoulé: 1 hour(s), 16 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfcuvmj (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svschost.exe (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.free2article.info) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
E:\WINDOWS\system32\khfCuVmJ.dll (Trojan.Vundo.H) -> No action taken.
E:\Program Files\WebShow\WebShow.dll (Trojan.BHO) -> No action taken.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lusrsh.exe (Trojan.Agent) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSScfum.dll.vir (Trojan.TDSS) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSSnrsr.dll.vir (Trojan.TDSS) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSSofxh.dll.vir (Trojan.TDSS) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0198517.exe (Trojan.Agent) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0198518.exe (Adware.Agent) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0199593.exe (Trojan.Vundo) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200733.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200729.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200731.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200732.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200742.sys (Rootkit.Agent) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0201742.sys (Rootkit.Agent) -> No action taken.
E:\WINDOWS\system32\drivers\ati2doxx.sys (Rootkit.Agent) -> No action taken.
E:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
E:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> No action taken.
E:\WINDOWS\system32\svñshost.exe (Trojan.FakeAlert) -> No action taken.
E:\WINDOWS\temp\BN2.tmp (Trojan.Agent) -> No action taken.
Je me doutais bien que svchost était un rootkit, il se multipliait sans cesse quand je le killai.
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
2009-01-28 20:22:00
mbam-log-2009-01-28 (20-21-55).txt
Type de recherche: Examen complet (C:\|E:\|I:\|)
Eléments examinés: 262433
Temps écoulé: 1 hour(s), 16 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfcuvmj (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati2doxx (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\fci (Rootkit.ADS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe (Security.Hijack) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svschost.exe (Trojan.FakeAlert) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.free2article.info) Good: (https://www.google.com/?gws_rd=ssl -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
E:\WINDOWS\system32\khfCuVmJ.dll (Trojan.Vundo.H) -> No action taken.
E:\Program Files\WebShow\WebShow.dll (Trojan.BHO) -> No action taken.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lusrsh.exe (Trojan.Agent) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSScfum.dll.vir (Trojan.TDSS) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSSnrsr.dll.vir (Trojan.TDSS) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSSofxh.dll.vir (Trojan.TDSS) -> No action taken.
E:\Qoobox\Quarantine\E\WINDOWS\system32\TDSSriqp.dll.vir (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0198517.exe (Trojan.Agent) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0198518.exe (Adware.Agent) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0199593.exe (Trojan.Vundo) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200733.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200729.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200731.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200732.dll (Trojan.TDSS) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0200742.sys (Rootkit.Agent) -> No action taken.
E:\System Volume Information\_restore{F3E4DC79-02B1-4A4B-9FC0-35D995BBAF88}\RP729\A0201742.sys (Rootkit.Agent) -> No action taken.
E:\WINDOWS\system32\drivers\ati2doxx.sys (Rootkit.Agent) -> No action taken.
E:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> No action taken.
E:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> No action taken.
E:\WINDOWS\system32\svñshost.exe (Trojan.FakeAlert) -> No action taken.
E:\WINDOWS\temp\BN2.tmp (Trojan.Agent) -> No action taken.
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
28 janv. 2009 à 20:25
28 janv. 2009 à 20:25
re
le processus dont tu parle n'est pas forcement infectieux sa depends de sa localisation dans le PC.
par contre "No action taken." tu as bien supprimé la selection ? va dans la quarantaine de malwarebte et vide la
le processus dont tu parle n'est pas forcement infectieux sa depends de sa localisation dans le PC.
par contre "No action taken." tu as bien supprimé la selection ? va dans la quarantaine de malwarebte et vide la
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
28 janv. 2009 à 20:27
28 janv. 2009 à 20:27
et reposte un hijackthis
p.s : si tu es pas sur d'avoir tout supprime refait un scan rapide avec malwarebyte c'est 10min
puis après reposte un hijackthis
p.s : si tu es pas sur d'avoir tout supprime refait un scan rapide avec malwarebyte c'est 10min
puis après reposte un hijackthis
Et voilà ! En tout cas explorer s'est relancé, le plus gros doit être parti !
Logfile of HijackThis v1.99.1
Scan saved at 21:36, on 2009-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Malwarebytes' Anti-Malware\mb.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.BIN
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Windows Media Player\wmplayer.exe
C:\OdoPlus.exe
C:\Téléchargements\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {872A39C0-8E01-44DA-ADBA-B6BA008713F1} - E:\WINDOWS\system32\iifdeecC.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EasyTuneVPro] E:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe
O4 - HKLM\..\Run: [Windows Logon Application] E:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [combofix] E:\WINDOWS\system32\CF1176.exe /c E:\lechat\Combobatch.bat
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [combofix] E:\WINDOWS\system32\CF1176.exe /c E:\lechat\Combobatch.bat
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mb.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - Startup: StarOffice 8.lnk = E:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: biqwomv - E:\WINDOWS\SYSTEM32\biqwomv.dll
O20 - Winlogon Notify: klogon - E:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Merci infiniment pour tout le temps que tu m'as consacré et l'aide que tu m'as apporté ! Bien des services après-vente devraient prendre exemple sur toi !
Logfile of HijackThis v1.99.1
Scan saved at 21:36, on 2009-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Malwarebytes' Anti-Malware\mb.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.BIN
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Windows Media Player\wmplayer.exe
C:\OdoPlus.exe
C:\Téléchargements\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {872A39C0-8E01-44DA-ADBA-B6BA008713F1} - E:\WINDOWS\system32\iifdeecC.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EasyTuneVPro] E:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe
O4 - HKLM\..\Run: [Windows Logon Application] E:\WINDOWS\system32\winIogon.exe
O4 - HKLM\..\Run: [combofix] E:\WINDOWS\system32\CF1176.exe /c E:\lechat\Combobatch.bat
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [combofix] E:\WINDOWS\system32\CF1176.exe /c E:\lechat\Combobatch.bat
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mb.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - Startup: StarOffice 8.lnk = E:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: biqwomv - E:\WINDOWS\SYSTEM32\biqwomv.dll
O20 - Winlogon Notify: klogon - E:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Merci infiniment pour tout le temps que tu m'as consacré et l'aide que tu m'as apporté ! Bien des services après-vente devraient prendre exemple sur toi !
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
28 janv. 2009 à 21:56
28 janv. 2009 à 21:56
ok
fait le poste 16 avec combofix et suit bien les indications ne fait rien et deconnecte toi d'internet et desactive ton antivirus
fait le poste 16 avec combofix et suit bien les indications ne fait rien et deconnecte toi d'internet et desactive ton antivirus
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
28 janv. 2009 à 22:00
28 janv. 2009 à 22:00
trés important
ton rapport montre
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mb.exe" /runcleanupscript
c'est a dire qu'il faut que tu redemarre ton PC pour finir la suppression avec malwarebyte donc fait le et fait la suite après
ton rapport montre
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "E:\Program Files\Malwarebytes' Anti-Malware\mb.exe" /runcleanupscript
c'est a dire qu'il faut que tu redemarre ton PC pour finir la suppression avec malwarebyte donc fait le et fait la suite après
Voilà après redémarage :
Logfile of HijackThis v1.99.1
Scan saved at 08:13, on 2009-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\TEMP\zjt4.tmp
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\Gigabyte\ET5Pro\GUI.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.BIN
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
C:\Téléchargements\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {872A39C0-8E01-44DA-ADBA-B6BA008713F1} - E:\WINDOWS\system32\iifdeecC.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EasyTuneVPro] E:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - Startup: StarOffice 8.lnk = E:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: biqwomv - E:\WINDOWS\SYSTEM32\biqwomv.dll
O20 - Winlogon Notify: klogon - E:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - E:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Logfile of HijackThis v1.99.1
Scan saved at 08:13, on 2009-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\TEMP\zjt4.tmp
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\Gigabyte\ET5Pro\GUI.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.BIN
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
C:\Téléchargements\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {872A39C0-8E01-44DA-ADBA-B6BA008713F1} - E:\WINDOWS\system32\iifdeecC.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EasyTuneVPro] E:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - Startup: StarOffice 8.lnk = E:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: biqwomv - E:\WINDOWS\SYSTEM32\biqwomv.dll
O20 - Winlogon Notify: klogon - E:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - E:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
29 janv. 2009 à 08:49
29 janv. 2009 à 08:49
re
telecharge combofix sur ton bureau http://download.bleepingcomputer.com/sUBs/ComboFix.exe
lance le laisse le scan ce faire et poste le rapport, ne touche pas au PC meme pas à la souris pendant le scan
et tu as encore ton ancienne version d'ijackthis...supprime et telecharge la derniere et poste un nouveau rapport après combofix et poste les 2 rapports
telecharge combofix sur ton bureau http://download.bleepingcomputer.com/sUBs/ComboFix.exe
lance le laisse le scan ce faire et poste le rapport, ne touche pas au PC meme pas à la souris pendant le scan
et tu as encore ton ancienne version d'ijackthis...supprime et telecharge la derniere et poste un nouveau rapport après combofix et poste les 2 rapports
Ben, en fait j'ai réussi à obtenir combofix hier par l'intermédiaire d'un ami qui me l'as hosté renommé... j'ai donc laissé le pc tourner tout seul pendant le scan pour être sur de ne toucher à rien, mais quand je suis revenu ma session s'était fermée et je n'ai pas pu la rouvrir car le pc a fait un crash système. D'où pas de rapport?
Est-ce que je dois relancer combofix ou ça risque de provoquer des bugs ?
Est-ce que je dois relancer combofix ou ça risque de provoquer des bugs ?
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
29 janv. 2009 à 09:46
29 janv. 2009 à 09:46
tu n'aurais pas du prendre combofix comme sa car :
il se peut qu'entre le combofix que tu as recuperer et le combofix que tu DOIS telecharger sur le site OFFICIEL, il y est des mise a jour en plus, des bugs en moins, combofix est trés puissant, il vaut mieux rester devant son PC durant le scan surtout que sa prend pas + de 20 min pour des cas trés infecté
donc
telecharge CCleaner logiciel a garder et nettoie le registre et les fichier temporaire plusieurs fois jusqu'a trouver 0erreur :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
- lance CCleaner
- va dans option
- puis avancé
- puis decoche "effacer les fichier plus vieux de..." et nettoie tous (ne fait pas de sauvegarde des elements)
puis telecharge combofix et fait ce qui est dit au poste 35 et reste devant ton PC et poste le rapport ensuite stp
il se peut qu'entre le combofix que tu as recuperer et le combofix que tu DOIS telecharger sur le site OFFICIEL, il y est des mise a jour en plus, des bugs en moins, combofix est trés puissant, il vaut mieux rester devant son PC durant le scan surtout que sa prend pas + de 20 min pour des cas trés infecté
donc
telecharge CCleaner logiciel a garder et nettoie le registre et les fichier temporaire plusieurs fois jusqu'a trouver 0erreur :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
- lance CCleaner
- va dans option
- puis avancé
- puis decoche "effacer les fichier plus vieux de..." et nettoie tous (ne fait pas de sauvegarde des elements)
puis telecharge combofix et fait ce qui est dit au poste 35 et reste devant ton PC et poste le rapport ensuite stp
ComboFix 09-01-21.04 - Abaddon 2009-01-29 10:37:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1582 [GMT 1:00]
Lancé depuis: c:\téléchargements\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
[i] ADS - svchost.exe: deleted 32256 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\windows\system32\biqwomv.dll
e:\windows\system32\biqwomv32.dll
e:\windows\system32\heeafdsr.ini
e:\windows\system32\icf.exe.exe
e:\windows\system32\jbxygykc.ini
e:\windows\system32\mxpbctrg.ini
e:\windows\system32\oeyayagp.ini
e:\windows\system32\vrcmphoe.ini
e:\windows\system32\yideblsx.ini
e:\windows\system32\yjprmkdk.ini
.
---- Exécution préalable -------
.
e:\documents and settings\Wes\Application Data\GetModule
e:\documents and settings\Wes\Application Data\GetModule\dicik.gz
e:\documents and settings\Wes\Application Data\GetModule\kwdik.gz
e:\documents and settings\Wes\Application Data\GetModule\ofadik.gz
e:\documents and settings\Wes\Application Data\twain\Twain.exe
e:\documents and settings\Wes\Local Settings\Temporary Internet Files\bestwiner.stt
e:\documents and settings\Wes\Local Settings\Temporary Internet Files\CPV.stt
e:\documents and settings\Wes\Local Settings\Temporary Internet Files\fbk.sts
e:\program files\GetModule
e:\program files\GetModule\GetModule35.exe
e:\program files\iCheck
e:\program files\iCheck\Uninstall.exe
e:\program files\Microsoft Common
e:\program files\Microsoft Common\svchost.exe
e:\program files\Mjcore
e:\program files\Mjcore\Mjcore.dll
e:\program files\VnrPack
e:\program files\VnrPack\dicts.gz
e:\program files\VnrPack\trgts.gz
e:\program files\VnrPack\VnrPack22.exe
e:\windows\system32\awtQKaAR.dll
e:\windows\system32\awtsSjGy.dll
e:\windows\system32\biqwomv.dll
e:\windows\system32\biqwomv32.dll
e:\windows\system32\byXPFvwU.dll
e:\windows\system32\cbXOGwTN.dll
e:\windows\system32\Cceedfii.ini
e:\windows\system32\Cceedfii.ini2
e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
e:\windows\system32\efcYRHYS.dll
e:\windows\system32\egMmnUtv.ini
e:\windows\system32\egMmnUtv.ini2
e:\windows\system32\ehPAbccf.ini
e:\windows\system32\ehPAbccf.ini2
e:\windows\system32\eohpmcrv.dll
e:\windows\system32\fccbAPhe.dll
e:\windows\system32\grtcbpxm.dll
e:\windows\system32\iehelper.dll
e:\windows\system32\iifdeecC.dll
e:\windows\system32\kazaabackupfiles
e:\windows\system32\kazaabackupfiles\shServ.exe
e:\windows\system32\kdkmrpjy.dll
e:\windows\system32\khfCuVmJ.dll
e:\windows\system32\khfEUmjj.dll
e:\windows\system32\pgayayeo.dll
e:\windows\system32\rs32net.exe
e:\windows\system32\rsdfaeeh.dll
e:\windows\system32\ssqnOfET.dll
e:\windows\system32\svschost.exe
e:\windows\system32\SYHRYcfe.ini
e:\windows\system32\SYHRYcfe.ini2
e:\windows\system32\TDSScfum.dll
e:\windows\system32\TDSSfxwp.dll
e:\windows\system32\TDSSnrsr.dll
e:\windows\system32\TDSSofxh.dll
e:\windows\system32\TDSSosvd.dat
e:\windows\system32\TDSSriqp.dll
e:\windows\system32\TDSStkdv.log
e:\windows\system32\vtUmNHBt.dll
e:\windows\system32\vtUnmMge.dll
e:\windows\system32\winiogon.exe
e:\windows\system32\xslbediy.dll
e:\windows\system32\xxyywvus.dll
e:\windows\Tasks\sbfixqbi.job
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_TDSSSERV.SYS
-------\Legacy_XPROTECTOR
-------\Service_Boonty Games
-------\Service_FCI
-------\Service_ICF
-------\Service_TDSSserv.sys
-------\Service_XPROTECTOR
-------\Legacy_FCI
-------\Legacy_ICF
-------\Service_FCI
-------\Service_ICF
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-29 ))))))))))))))))))))))))))))))))))))
.
2009-01-29 10:22 . 2009-01-29 10:24 <REP> d-------- e:\program files\Free Video Converter
2009-01-28 20:50 . 2009-01-28 20:50 <REP> d-------- e:\documents and settings\All Users\Application Data\MSN6
2009-01-28 20:50 . 2009-01-28 20:50 <REP> d-------- e:\documents and settings\Abaddon\Application Data\MSN6
2009-01-28 18:48 . 2009-01-28 18:48 <REP> d-------- e:\documents and settings\Abaddon\Application Data\Malwarebytes
2009-01-28 18:18 . 2009-01-28 21:39 <REP> d-------- E:\lechat
2009-01-28 17:30 . 2009-01-28 17:31 <REP> d-------- e:\windows\system32\config\systemprofile\Application Data\Search Settings
2009-01-28 17:01 . 2009-01-29 10:42 32,768 --a------ e:\windows\system32\drivers\ati2doxx.sys
2009-01-28 16:23 . 2009-01-28 16:23 1,409 --a------ e:\windows\system32\tmp08F0A.FOT
2009-01-28 16:23 . 2009-01-28 16:23 1,409 --a------ e:\windows\system32\tmp07F0A.FOT
2009-01-28 16:07 . 2009-01-28 16:07 4,666 --a------ e:\windows\system32\vypsmesb.dll
2009-01-27 18:45 . 2009-01-28 18:48 <REP> d-------- e:\program files\Malwarebytes' Anti-Malware
2009-01-27 18:45 . 2009-01-27 18:45 <REP> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 18:45 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 18:45 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2009-01-27 16:08 . 2009-01-27 18:41 <REP> d-------- e:\program files\Navilog1
2009-01-26 21:18 . 2009-01-28 15:04 <REP> d-------- e:\documents and settings\Abaddon\Application Data\Search Settings
2009-01-26 20:41 . 2009-01-26 20:41 <REP> d-------- e:\program files\CCleaner
2009-01-26 18:14 . 2009-01-26 21:16 <REP> d-------- E:\ToolBar SD
2009-01-24 14:49 . 2009-01-24 14:49 <REP> d-------- e:\program files\GIF Recuperateur
2009-01-23 09:13 . 2009-01-28 18:21 <REP> d-------- e:\documents and settings\Wes\Application Data\Twain
2009-01-23 09:08 . 2009-01-28 21:35 <REP> d-------- e:\program files\WebShow
2009-01-22 11:26 . 2009-01-22 11:26 <REP> d-------- e:\documents and settings\Wes\Application Data\DivX
2009-01-22 09:10 . 2009-01-23 10:12 244 --ah----- E:\sqmnoopt19.sqm
2009-01-22 09:10 . 2009-01-23 10:12 232 --ah----- E:\sqmdata19.sqm
2009-01-22 09:04 . 2009-01-23 10:04 244 --ah----- E:\sqmnoopt18.sqm
2009-01-22 09:04 . 2009-01-23 10:04 232 --ah----- E:\sqmdata18.sqm
2009-01-22 09:02 . 2009-01-23 09:56 244 --ah----- E:\sqmnoopt17.sqm
2009-01-22 09:02 . 2009-01-23 09:56 232 --ah----- E:\sqmdata17.sqm
2009-01-22 08:57 . 2009-01-23 09:51 268 --ah----- E:\sqmdata16.sqm
2009-01-22 08:57 . 2009-01-23 09:50 268 --ah----- E:\sqmdata15.sqm
2009-01-22 08:57 . 2009-01-23 09:51 244 --ah----- E:\sqmnoopt16.sqm
2009-01-22 08:57 . 2009-01-23 09:50 244 --ah----- E:\sqmnoopt15.sqm
2009-01-21 23:27 . 2009-01-22 21:53 244 --ah----- E:\sqmnoopt14.sqm
2009-01-21 23:27 . 2009-01-22 21:53 232 --ah----- E:\sqmdata14.sqm
2009-01-21 22:02 . 2009-01-25 13:12 <REP> d-------- e:\documents and settings\Wes\Application Data\cogad
2009-01-21 21:44 . 2009-01-22 21:47 244 --ah----- E:\sqmnoopt13.sqm
2009-01-21 21:44 . 2009-01-22 21:47 232 --ah----- E:\sqmdata13.sqm
2009-01-21 16:31 . 2009-01-22 21:40 244 --ah----- E:\sqmnoopt12.sqm
2009-01-21 16:31 . 2009-01-22 21:40 232 --ah----- E:\sqmdata12.sqm
2009-01-21 16:28 . 2009-01-22 21:38 244 --ah----- E:\sqmnoopt11.sqm
2009-01-21 16:28 . 2009-01-22 21:38 232 --ah----- E:\sqmdata11.sqm
2009-01-21 16:24 . 2009-01-22 21:33 244 --ah----- E:\sqmnoopt10.sqm
2009-01-21 16:24 . 2009-01-22 21:33 232 --ah----- E:\sqmdata10.sqm
2009-01-21 16:18 . 2009-01-22 21:27 244 --ah----- E:\sqmnoopt09.sqm
2009-01-21 16:18 . 2009-01-22 21:27 232 --ah----- E:\sqmdata09.sqm
2009-01-21 16:11 . 2009-01-22 21:26 268 --ah----- E:\sqmdata08.sqm
2009-01-21 16:11 . 2009-01-22 21:26 244 --ah----- E:\sqmnoopt08.sqm
2009-01-21 16:04 . 2009-01-22 12:37 268 --ah----- E:\sqmdata07.sqm
2009-01-21 16:04 . 2009-01-22 12:37 244 --ah----- E:\sqmnoopt07.sqm
2009-01-21 15:58 . 2009-01-22 11:39 268 --ah----- E:\sqmdata06.sqm
2009-01-21 15:58 . 2009-01-22 11:39 244 --ah----- E:\sqmnoopt06.sqm
2009-01-21 15:50 . 2009-01-22 10:59 244 --ah----- E:\sqmnoopt05.sqm
2009-01-21 15:50 . 2009-01-22 10:59 232 --ah----- E:\sqmdata05.sqm
2009-01-21 15:43 . 2009-01-26 12:12 268 --ah----- E:\sqmdata04.sqm
2009-01-21 15:43 . 2009-01-26 12:12 244 --ah----- E:\sqmnoopt04.sqm
2009-01-21 15:42 . 2009-01-26 09:51 268 --ah----- E:\sqmdata03.sqm
2009-01-21 15:42 . 2009-01-26 09:51 244 --ah----- E:\sqmnoopt03.sqm
2009-01-21 15:37 . 2009-01-25 16:07 268 --ah----- E:\sqmdata02.sqm
2009-01-21 15:37 . 2009-01-25 16:07 244 --ah----- E:\sqmnoopt02.sqm
2009-01-21 15:31 . 2009-01-25 11:05 172 --ah----- E:\sqmnoopt01.sqm
2009-01-21 15:31 . 2009-01-25 11:05 172 --ah----- E:\sqmdata01.sqm
2009-01-20 21:26 . 2008-06-19 17:24 28,544 --a------ e:\windows\system32\drivers\pavboot.sys
2009-01-19 09:45 . 2009-01-19 09:45 410,984 --a------ e:\windows\system32\deploytk.dll
2009-01-18 11:50 . 2009-01-18 11:50 <REP> d-------- e:\documents and settings\Wes\Application Data\InstallShield
2009-01-17 19:50 . 2009-01-18 12:26 <REP> d-------- e:\program files\SEGA
2009-01-16 10:21 . 2009-01-16 10:21 754 --a------ e:\windows\WORDPAD.INI
2009-01-14 15:20 . 2009-01-16 20:26 <REP> d-------- e:\documents and settings\Abaddon\Application Data\Canon
2009-01-14 15:17 . 2009-01-14 15:17 <REP> d-------- e:\documents and settings\Abaddon\Application Data\ArcSoft
2009-01-14 15:15 . 2004-08-03 22:58 15,104 --a------ e:\windows\system32\drivers\usbscan.sys
2009-01-14 15:15 . 2004-08-03 22:58 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys
2009-01-14 14:55 . 2009-01-14 14:55 <REP> d-------- e:\windows\system32\Color
2009-01-14 14:55 . 2009-01-14 14:55 <REP> d-------- e:\program files\NewSoft
2009-01-14 14:55 . 2009-01-14 14:56 <REP> d-------- e:\program files\Fichiers communs\PDFView
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\program files\Fichiers communs\ScanSoft Shared
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\documents and settings\All Users\Application Data\ScanSoft
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\documents and settings\Abaddon\Application Data\ScanSoft
2009-01-14 14:52 . 2009-01-14 14:52 416 --a------ e:\windows\MAXLINK.INI
2009-01-14 14:51 . 2009-01-14 14:51 <REP> d-------- e:\program files\ScanSoft
2009-01-14 14:49 . 2009-01-14 14:49 <REP> d-------- e:\program files\ArcSoft
2009-01-14 14:49 . 1995-07-31 13:44 212,480 --a------ e:\windows\PCDLIB32.DLL
2009-01-14 14:35 . 2009-01-14 14:35 <REP> d--h----- e:\windows\system32\CanonIJ Uninstaller Information
2009-01-14 14:35 . 2009-01-14 14:35 <REP> d-------- e:\program files\Fichiers communs\CANON
2009-01-14 14:35 . 2009-01-14 14:35 <REP> d--h----- e:\program files\CanonBJ
2009-01-14 14:35 . 2006-07-20 16:51 1,298,432 --a------ e:\windows\system32\CNQC4803.DLL
2009-01-14 14:35 . 2007-08-09 12:17 229,376 --a------ e:\windows\system32\CNQL4803.DLL
2009-01-14 14:35 . 2006-06-29 15:29 106,496 --a------ e:\windows\system32\cnqo4803.dll
2009-01-14 14:35 . 2006-07-20 16:51 57,344 --a------ e:\windows\system32\CNQI4803.DLL
2009-01-14 14:33 . 2009-01-14 14:35 <REP> d-------- e:\program files\Canon
2009-01-11 19:37 . 2009-01-11 19:37 <REP> d-------- e:\program files\FileZilla FTP Client
2009-01-11 19:37 . 2009-01-13 08:49 <REP> d-------- e:\documents and settings\Abaddon\Application Data\FileZilla
2009-01-07 11:10 . 2009-01-07 11:10 11 --a------ e:\windows\system\MSFc400.dll
2009-01-07 11:10 . 2009-01-07 11:10 11 --a------ e:\windows\system\MSFc310.dll
2009-01-02 13:10 . 2009-01-02 13:10 <REP> d-------- e:\windows\San Andreas Mod Installer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 09:43 24,944 ----a-w e:\windows\system32\drivers\GVTDrv.sys
2009-01-29 09:43 --------- d-----w e:\program files\DNA
2009-01-29 09:43 --------- d-----w e:\documents and settings\Abaddon\Application Data\StarOffice8
2009-01-29 09:43 --------- d-----w e:\documents and settings\Abaddon\Application Data\DNA
2009-01-29 08:30 --------- d-----w e:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-29 07:57 --------- d-----w e:\documents and settings\Dekytsomo\Application Data\StarOffice8
2009-01-28 18:36 --------- d-----w e:\documents and settings\All Users\Application Data\Google Updater
2009-01-28 15:29 6,656 ----a-w e:\windows\system32\drivers\aec.sys
2009-01-26 20:19 --------- d-----w e:\documents and settings\Abaddon\Application Data\BitTorrent
2009-01-26 19:28 --------- d-----w e:\documents and settings\All Users\Application Data\GameTap
2009-01-26 10:52 --------- d-----w e:\documents and settings\Wes\Application Data\StarOffice8
2009-01-19 08:45 --------- d-----w e:\program files\Java
2009-01-18 12:52 --------- d-----w e:\program files\Google
2009-01-18 12:04 --------- d--h--w e:\program files\InstallShield Installation Information
2009-01-17 20:30 --------- d-----w e:\program files\DAEMON Tools Lite
2009-01-17 19:30 --------- d-----w e:\program files\Ubisoft
2009-01-14 13:52 --------- d-----w e:\program files\Fichiers communs\InstallShield
2009-01-08 17:03 --------- d-----w e:\documents and settings\Abaddon\Application Data\dvdcss
2008-12-24 12:44 --------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2008-12-23 18:44 --------- d-----w e:\program files\Fichiers communs\Adobe
2008-12-23 18:38 --------- d-----w e:\program files\Fichiers communs\Macrovision Shared
2008-12-19 13:13 --------- d-----w e:\program files\MSXML 6.0
2008-12-14 11:26 --------- d-----w e:\program files\Reference Assemblies
2008-12-11 11:57 333,184 ----a-w e:\windows\system32\drivers\srv.sys
2008-12-06 20:02 --------- d-----w e:\program files\ScummVM
2008-12-06 20:02 --------- d-----w e:\documents and settings\Abaddon\Application Data\ScummVM
2008-12-06 18:28 --------- d-----w e:\program files\WinHTTrack
2008-12-04 17:13 --------- d-----w e:\program files\GameTap
2008-03-01 17:24 96 ----a-w e:\program files\Default7BBC
2008-03-01 17:24 768 ----a-w e:\program files\MySetup.DK
2008-03-01 17:24 49,706 ----a-w e:\program files\intrface.bbw
2008-03-01 17:24 3,200 ----a-w e:\program files\DEFAULT.ALI
2008-03-01 17:24 192 ----a-w e:\program files\BBWERROR.LOG
2008-03-01 17:24 11,173 ----a-w e:\program files\BBToolBar6.INI
2008-03-01 16:57 107,512 ---ha-w e:\program files\BBWF.GID
2008-03-01 16:45 2,354,456 ----a-w e:\program files\BBW7K.LSW
2008-03-01 16:44 35,866 ----a-w e:\program files\unins000.dat
2008-03-01 16:43 685,532 ----a-w e:\program files\unins000.exe
2008-02-07 19:46 1 ----a-w e:\documents and settings\Abaddon\SI.bin
2007-09-27 09:27 1,679,360 ----a-w e:\program files\bbbwf.dll
2007-02-15 12:21 8,319,488 ----a-w e:\program files\bbwdemo.exe
2006-12-28 14:37 3,763 ----a-w e:\program files\licensef.txt
2006-08-17 11:36 63,488 ----a-w e:\program files\DEFAULTf.MEL
2006-08-17 09:38 64,256 ----a-w e:\program files\DEFAULTf.HAR
2006-05-01 07:13 7,290,659 ----a-w e:\program files\BB2006manualFR.pdf
2006-04-27 13:40 173,688 ----a-w e:\program files\tscc.exe
2006-03-17 20:13 4,676,191 ----a-w e:\program files\BBWF.HLP
2006-03-17 18:55 27,515 ----a-w e:\program files\bbwf.cnt
2006-03-13 07:43 2,301,279 ----a-w e:\program files\BB2006UG_manual.pdf
2006-03-13 07:43 2,301,279 ----a-w e:\program files\Band-in-a-Box 2006 Manual.pdf
2006-03-02 13:57 253,952 ----a-w e:\program files\DEFAULTf.SOL
2006-03-01 11:56 1,001,733 ----a-w e:\program files\BB2006UG_manualFR.pdf
2006-02-15 11:03 173,568 ----a-w e:\program files\bbwdll14.dll
2006-01-19 15:04 1,248,768 ----a-w e:\program files\gp5.dll
2006-01-18 12:12 1,703,872 ----a-w e:\program files\bb2006_dx_plug_1_3_4_f.exe
2006-01-16 12:34 99,840 ----a-w e:\program files\Ptw2^f.dll
2005-12-15 14:29 4,153,421 ----a-w e:\program files\bbw.hlp
2005-12-15 14:27 26,582 ----a-w e:\program files\bbw.cnt
2005-11-23 16:19 620,544 ----a-w e:\program files\$midimon^.exe
2005-11-08 19:50 29,184 ----a-w e:\program files\bbwres.dll
2005-11-07 11:45 590,336 ----a-w e:\program files\STOMBBx.exe
2004-06-09 07:09 9,817,208 ----a-w e:\program files\bbdemo.wmv
2004-04-20 14:26 64,256 ----a-w e:\program files\DEFAULT.HAR
2004-04-20 14:26 63,488 ----a-w e:\program files\default.MEL
2004-04-20 14:26 253,952 ----a-w e:\program files\DEFAULT.SOL
2004-04-20 13:31 65,024 ----a-w e:\program files\DEFAULTf.GIT
2004-04-08 10:27 74,240 ----a-w e:\program files\BBWf.TPB
2004-04-08 10:26 53,352 ----a-w e:\program files\bbwf.tip
2004-03-23 12:01 17 ----a-w e:\program files\language.ini
2003-12-15 17:56 510,665 ----a-w e:\program files\BBW.LST
2003-11-30 17:00 3,898 ----a-w e:\program files\LICENSE.TXT
2003-11-28 03:11 73,216 ----a-w e:\program files\BBW.TPB
2003-11-28 03:11 53,636 ----a-w e:\program files\bbw.tip
2003-11-27 22:46 146,432 ----a-w e:\program files\bbwdll9.dll
2003-11-25 12:41 6,789 ----a-w e:\program files\korg_ix300.txt
2003-11-24 11:35 25,262 ----a-w e:\program files\JAZZROK2.STY
2003-11-24 11:33 36,341 ----a-w e:\program files\JAZZBAL2.STY
2003-11-22 16:38 28,668 ----a-w e:\program files\BOSANEW.STY
2003-11-19 23:52 23,760 ----a-w e:\program files\mccoy2.sty
2003-11-14 19:08 35,171 ----a-w e:\program files\fusngrv1.sty
2003-10-31 13:52 15,056 ----a-w e:\program files\J_EVANLH.STY
2003-10-29 05:48 27,813 ----a-w e:\program files\xv-3080n.pat
2003-10-02 15:17 24,314 ----a-w e:\program files\78JAZFNK.STY
2003-09-10 16:23 39,835 ----a-w e:\program files\2416VISH.STY
2003-09-10 05:21 19,552 ----a-w e:\program files\ymu90r2.pat
2003-08-08 18:34 31,090 ----a-w e:\program files\54_SWING.STY
2003-08-08 16:40 36,225 ----a-w e:\program files\11_8_POP.STY
2003-03-19 16:05 2,442 ----a-w e:\program files\Pst^preq.ini
2003-03-19 16:05 1,518 ----a-w e:\program files\Pst^gain.ini
2003-03-19 16:04 1,914 ----a-w e:\program files\Pst^greq.ini
2003-03-19 16:04 1,518 ----a-w e:\program files\Pst^tone.ini
2003-03-19 16:03 1,287 ----a-w e:\program files\PST^TREM.INI
2003-03-19 16:02 1,551 ----a-w e:\program files\Pst^flng.ini
2003-03-19 16:02 1,353 ----a-w e:\program files\Pst^ring.ini
2003-03-19 16:01 1,518 ----a-w e:\program files\Pst^cho.ini
2003-03-19 16:00 2,244 ----a-w e:\program files\Pst^echo.ini
2003-03-19 15:58 1,518 ----a-w e:\program files\Pst^rvb.ini
2003-03-19 15:57 1,287 ----a-w e:\program files\Pst^dist.ini
2003-03-19 15:56 1,782 ----a-w e:\program files\Pst^dyn.ini
2002-12-19 13:05 35,709 ----a-w e:\program files\new_jv2080.pat
2006-05-03 09:06 163,328 --sh--r e:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r e:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w e:\windows\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856]
"BitTorrent DNA"="e:\program files\DNA\btdna.exe" [2008-12-19 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="e:\windows\system32\dumprep 0 -u" [X]
"EasyTuneVPro"="e:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="e:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"PWRISOVM.EXE"="e:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"SSBkgdUpdate"="e:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="e:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="e:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"win system"="c:\windows\winav.exe" [2009-01-20 48690]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 e:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2doxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\TmNationsForever\\TmForever.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"i:\\Jeux\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"i:\\Jeux\\Crysis\\Bin32\\Crysis.exe"=
"i:\\Jeux\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"i:\\Jeux\\Call of Duty - World at War\\CoDWaW.exe"=
"i:\\Jeux\\Call of Duty - World at War\\CoDWaWmp.exe"=
"i:\\Jeux\\Call of Duty 4 Modern Warfare Full-Rip Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"i:\\Jeux\\Flight Simulator X\\fsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 ati2doxx;ati2doxx;e:\windows\system32\drivers\ati2doxx.sys [2009-01-28 32768]
R0 KLBG;Kaspersky Lab Boot Guard Driver;e:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 pavboot;pavboot;e:\windows\system32\drivers\pavboot.sys [2009-01-20 28544]
R3 GVTDrv;GVTDrv;e:\windows\system32\drivers\GVTDrv.sys [2007-12-27 24944]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;e:\windows\system32\drivers\klfltdev.sys [2008-02-05 26640]
R3 MarkFun_NT;MarkFun_NT;e:\program files\Gigabyte\ET5Pro\MARKFUN.W32 [2007-12-27 17912]
R4 atidgllk;atidgllk;e:\program files\Gigabyte\ET5Pro\atidgllk.sys [2007-12-27 12048]
S3 cusbohcn;cusbohcn;\??\e:\docume~1\Abaddon\LOCALS~1\Temp\cusbohcn.sys --> e:\docume~1\Abaddon\LOCALS~1\Temp\cusbohcn.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MARKFUN_NT
.
Contenu du dossier 'Tâches planifiées'
2009-01-29 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{872A39C0-8E01-44DA-ADBA-B6BA008713F1} - e:\windows\system32\iifdeecC.dll
HKCU-Run-Steam - e:\program files\steam\steam.exe
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - e:\documents and settings\Abaddon\Application Data\Mozilla\Firefox\Profiles\wwgq912q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - plugin: e:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: e:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: e:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 10:42:42
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
e:\windows\system32\GVTunner.ref 4 bytes
e:\windows\system32\svchost.exe:ext.exe 32256 bytes executable
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MarkFun_NT]
"ImagePath"="\??\e:\program files\Gigabyte\ET5Pro\markfun.w32"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-117609710-854245398-839522115-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,93,17,cf,63,c3,57,d8,2e,b9,b7,a9,13,43,3a,ea,b5,07,91,a4,e6,62,d1,
ae,70,b5,1f,d1,ad,84,56,47,d8,0c,24,5c,01,c9,36,3f,38,05,b2,35,cf,61,5d,32,\
"??"=hex:1a,f5,11,24,6a,09,04,ff,fc,2c,55,18,c9,bb,02,48
[HKEY_USERS\S-1-5-21-117609710-854245398-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:02,34,12,49,88,da,e2,c7,56,8c,0f,41,35,6a,d9,9a,3e,3e,e7,76,87,
07,80,23,5f,e4,b2,fd,eb,55,5f,6e,f6,b7,7f,c4,50,60,8e,0a,f9,89,a6,4b,c7,62,\
"rkeysecu"=hex:cf,ec,65,fa,f1,db,dd,05,b9,06,0e,9b,b5,1a,02,74
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(800)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
e:\windows\system32\ati2evxx.exe
e:\windows\system32\ati2evxx.exe
e:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\windows\temp\ayp4.tmp
e:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
e:\program files\Internet Explorer\iexplore.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\wscntfy.exe
e:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
e:\program files\Gigabyte\ET5Pro\GUI.exe
e:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
e:\windows\system32\dumprep.exe
e:\windows\system32\rundll32.exe
e:\program files\Sun\StarOffice 8\program\soffice.exe
e:\program files\Sun\StarOffice 8\program\soffice.bin
.
**************************************************************************
.
Heure de fin: 2009-01-29 10:46:25 - La machine a redémarré [Abaddon]
ComboFix-quarantined-files.txt 2009-01-29 09:46:22
Avant-CF: 27,733,532,672 octets libres
Après-CF: 27,707,633,664 octets libres
458 --- E O F --- 2009-01-15 02:02:33
et
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:38, on 29/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\TEMP\ayp4.tmp
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Gigabyte\ET5Pro\GUI.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
E:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winav.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.BIN
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Téléchargements\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EasyTuneVPro] E:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = E:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - file:///C:/TITOUNE/IMAG1993.JPG
O24 - Desktop Component 1: (no name) - file:///C:/oh33wo7.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Tribal-black.gif
O24 - Desktop Component 3: (no name) - file:///C:/7589.jpg
O24 - Desktop Component 4: (no name) - file:///C:/ImpalaAttack.jpg
O24 - Desktop Component 5: (no name) - file:///C:/preview43.jpg
O24 - Desktop Component 6: (no name) - file:///C:/mini.phpd.jpg
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1582 [GMT 1:00]
Lancé depuis: c:\téléchargements\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
[i] ADS - svchost.exe: deleted 32256 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\windows\system32\biqwomv.dll
e:\windows\system32\biqwomv32.dll
e:\windows\system32\heeafdsr.ini
e:\windows\system32\icf.exe.exe
e:\windows\system32\jbxygykc.ini
e:\windows\system32\mxpbctrg.ini
e:\windows\system32\oeyayagp.ini
e:\windows\system32\vrcmphoe.ini
e:\windows\system32\yideblsx.ini
e:\windows\system32\yjprmkdk.ini
.
---- Exécution préalable -------
.
e:\documents and settings\Wes\Application Data\GetModule
e:\documents and settings\Wes\Application Data\GetModule\dicik.gz
e:\documents and settings\Wes\Application Data\GetModule\kwdik.gz
e:\documents and settings\Wes\Application Data\GetModule\ofadik.gz
e:\documents and settings\Wes\Application Data\twain\Twain.exe
e:\documents and settings\Wes\Local Settings\Temporary Internet Files\bestwiner.stt
e:\documents and settings\Wes\Local Settings\Temporary Internet Files\CPV.stt
e:\documents and settings\Wes\Local Settings\Temporary Internet Files\fbk.sts
e:\program files\GetModule
e:\program files\GetModule\GetModule35.exe
e:\program files\iCheck
e:\program files\iCheck\Uninstall.exe
e:\program files\Microsoft Common
e:\program files\Microsoft Common\svchost.exe
e:\program files\Mjcore
e:\program files\Mjcore\Mjcore.dll
e:\program files\VnrPack
e:\program files\VnrPack\dicts.gz
e:\program files\VnrPack\trgts.gz
e:\program files\VnrPack\VnrPack22.exe
e:\windows\system32\awtQKaAR.dll
e:\windows\system32\awtsSjGy.dll
e:\windows\system32\biqwomv.dll
e:\windows\system32\biqwomv32.dll
e:\windows\system32\byXPFvwU.dll
e:\windows\system32\cbXOGwTN.dll
e:\windows\system32\Cceedfii.ini
e:\windows\system32\Cceedfii.ini2
e:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
e:\windows\system32\efcYRHYS.dll
e:\windows\system32\egMmnUtv.ini
e:\windows\system32\egMmnUtv.ini2
e:\windows\system32\ehPAbccf.ini
e:\windows\system32\ehPAbccf.ini2
e:\windows\system32\eohpmcrv.dll
e:\windows\system32\fccbAPhe.dll
e:\windows\system32\grtcbpxm.dll
e:\windows\system32\iehelper.dll
e:\windows\system32\iifdeecC.dll
e:\windows\system32\kazaabackupfiles
e:\windows\system32\kazaabackupfiles\shServ.exe
e:\windows\system32\kdkmrpjy.dll
e:\windows\system32\khfCuVmJ.dll
e:\windows\system32\khfEUmjj.dll
e:\windows\system32\pgayayeo.dll
e:\windows\system32\rs32net.exe
e:\windows\system32\rsdfaeeh.dll
e:\windows\system32\ssqnOfET.dll
e:\windows\system32\svschost.exe
e:\windows\system32\SYHRYcfe.ini
e:\windows\system32\SYHRYcfe.ini2
e:\windows\system32\TDSScfum.dll
e:\windows\system32\TDSSfxwp.dll
e:\windows\system32\TDSSnrsr.dll
e:\windows\system32\TDSSofxh.dll
e:\windows\system32\TDSSosvd.dat
e:\windows\system32\TDSSriqp.dll
e:\windows\system32\TDSStkdv.log
e:\windows\system32\vtUmNHBt.dll
e:\windows\system32\vtUnmMge.dll
e:\windows\system32\winiogon.exe
e:\windows\system32\xslbediy.dll
e:\windows\system32\xxyywvus.dll
e:\windows\Tasks\sbfixqbi.job
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_TDSSSERV.SYS
-------\Legacy_XPROTECTOR
-------\Service_Boonty Games
-------\Service_FCI
-------\Service_ICF
-------\Service_TDSSserv.sys
-------\Service_XPROTECTOR
-------\Legacy_FCI
-------\Legacy_ICF
-------\Service_FCI
-------\Service_ICF
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-29 ))))))))))))))))))))))))))))))))))))
.
2009-01-29 10:22 . 2009-01-29 10:24 <REP> d-------- e:\program files\Free Video Converter
2009-01-28 20:50 . 2009-01-28 20:50 <REP> d-------- e:\documents and settings\All Users\Application Data\MSN6
2009-01-28 20:50 . 2009-01-28 20:50 <REP> d-------- e:\documents and settings\Abaddon\Application Data\MSN6
2009-01-28 18:48 . 2009-01-28 18:48 <REP> d-------- e:\documents and settings\Abaddon\Application Data\Malwarebytes
2009-01-28 18:18 . 2009-01-28 21:39 <REP> d-------- E:\lechat
2009-01-28 17:30 . 2009-01-28 17:31 <REP> d-------- e:\windows\system32\config\systemprofile\Application Data\Search Settings
2009-01-28 17:01 . 2009-01-29 10:42 32,768 --a------ e:\windows\system32\drivers\ati2doxx.sys
2009-01-28 16:23 . 2009-01-28 16:23 1,409 --a------ e:\windows\system32\tmp08F0A.FOT
2009-01-28 16:23 . 2009-01-28 16:23 1,409 --a------ e:\windows\system32\tmp07F0A.FOT
2009-01-28 16:07 . 2009-01-28 16:07 4,666 --a------ e:\windows\system32\vypsmesb.dll
2009-01-27 18:45 . 2009-01-28 18:48 <REP> d-------- e:\program files\Malwarebytes' Anti-Malware
2009-01-27 18:45 . 2009-01-27 18:45 <REP> d-------- e:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 18:45 . 2009-01-14 16:11 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 18:45 . 2009-01-14 16:11 15,504 --a------ e:\windows\system32\drivers\mbam.sys
2009-01-27 16:08 . 2009-01-27 18:41 <REP> d-------- e:\program files\Navilog1
2009-01-26 21:18 . 2009-01-28 15:04 <REP> d-------- e:\documents and settings\Abaddon\Application Data\Search Settings
2009-01-26 20:41 . 2009-01-26 20:41 <REP> d-------- e:\program files\CCleaner
2009-01-26 18:14 . 2009-01-26 21:16 <REP> d-------- E:\ToolBar SD
2009-01-24 14:49 . 2009-01-24 14:49 <REP> d-------- e:\program files\GIF Recuperateur
2009-01-23 09:13 . 2009-01-28 18:21 <REP> d-------- e:\documents and settings\Wes\Application Data\Twain
2009-01-23 09:08 . 2009-01-28 21:35 <REP> d-------- e:\program files\WebShow
2009-01-22 11:26 . 2009-01-22 11:26 <REP> d-------- e:\documents and settings\Wes\Application Data\DivX
2009-01-22 09:10 . 2009-01-23 10:12 244 --ah----- E:\sqmnoopt19.sqm
2009-01-22 09:10 . 2009-01-23 10:12 232 --ah----- E:\sqmdata19.sqm
2009-01-22 09:04 . 2009-01-23 10:04 244 --ah----- E:\sqmnoopt18.sqm
2009-01-22 09:04 . 2009-01-23 10:04 232 --ah----- E:\sqmdata18.sqm
2009-01-22 09:02 . 2009-01-23 09:56 244 --ah----- E:\sqmnoopt17.sqm
2009-01-22 09:02 . 2009-01-23 09:56 232 --ah----- E:\sqmdata17.sqm
2009-01-22 08:57 . 2009-01-23 09:51 268 --ah----- E:\sqmdata16.sqm
2009-01-22 08:57 . 2009-01-23 09:50 268 --ah----- E:\sqmdata15.sqm
2009-01-22 08:57 . 2009-01-23 09:51 244 --ah----- E:\sqmnoopt16.sqm
2009-01-22 08:57 . 2009-01-23 09:50 244 --ah----- E:\sqmnoopt15.sqm
2009-01-21 23:27 . 2009-01-22 21:53 244 --ah----- E:\sqmnoopt14.sqm
2009-01-21 23:27 . 2009-01-22 21:53 232 --ah----- E:\sqmdata14.sqm
2009-01-21 22:02 . 2009-01-25 13:12 <REP> d-------- e:\documents and settings\Wes\Application Data\cogad
2009-01-21 21:44 . 2009-01-22 21:47 244 --ah----- E:\sqmnoopt13.sqm
2009-01-21 21:44 . 2009-01-22 21:47 232 --ah----- E:\sqmdata13.sqm
2009-01-21 16:31 . 2009-01-22 21:40 244 --ah----- E:\sqmnoopt12.sqm
2009-01-21 16:31 . 2009-01-22 21:40 232 --ah----- E:\sqmdata12.sqm
2009-01-21 16:28 . 2009-01-22 21:38 244 --ah----- E:\sqmnoopt11.sqm
2009-01-21 16:28 . 2009-01-22 21:38 232 --ah----- E:\sqmdata11.sqm
2009-01-21 16:24 . 2009-01-22 21:33 244 --ah----- E:\sqmnoopt10.sqm
2009-01-21 16:24 . 2009-01-22 21:33 232 --ah----- E:\sqmdata10.sqm
2009-01-21 16:18 . 2009-01-22 21:27 244 --ah----- E:\sqmnoopt09.sqm
2009-01-21 16:18 . 2009-01-22 21:27 232 --ah----- E:\sqmdata09.sqm
2009-01-21 16:11 . 2009-01-22 21:26 268 --ah----- E:\sqmdata08.sqm
2009-01-21 16:11 . 2009-01-22 21:26 244 --ah----- E:\sqmnoopt08.sqm
2009-01-21 16:04 . 2009-01-22 12:37 268 --ah----- E:\sqmdata07.sqm
2009-01-21 16:04 . 2009-01-22 12:37 244 --ah----- E:\sqmnoopt07.sqm
2009-01-21 15:58 . 2009-01-22 11:39 268 --ah----- E:\sqmdata06.sqm
2009-01-21 15:58 . 2009-01-22 11:39 244 --ah----- E:\sqmnoopt06.sqm
2009-01-21 15:50 . 2009-01-22 10:59 244 --ah----- E:\sqmnoopt05.sqm
2009-01-21 15:50 . 2009-01-22 10:59 232 --ah----- E:\sqmdata05.sqm
2009-01-21 15:43 . 2009-01-26 12:12 268 --ah----- E:\sqmdata04.sqm
2009-01-21 15:43 . 2009-01-26 12:12 244 --ah----- E:\sqmnoopt04.sqm
2009-01-21 15:42 . 2009-01-26 09:51 268 --ah----- E:\sqmdata03.sqm
2009-01-21 15:42 . 2009-01-26 09:51 244 --ah----- E:\sqmnoopt03.sqm
2009-01-21 15:37 . 2009-01-25 16:07 268 --ah----- E:\sqmdata02.sqm
2009-01-21 15:37 . 2009-01-25 16:07 244 --ah----- E:\sqmnoopt02.sqm
2009-01-21 15:31 . 2009-01-25 11:05 172 --ah----- E:\sqmnoopt01.sqm
2009-01-21 15:31 . 2009-01-25 11:05 172 --ah----- E:\sqmdata01.sqm
2009-01-20 21:26 . 2008-06-19 17:24 28,544 --a------ e:\windows\system32\drivers\pavboot.sys
2009-01-19 09:45 . 2009-01-19 09:45 410,984 --a------ e:\windows\system32\deploytk.dll
2009-01-18 11:50 . 2009-01-18 11:50 <REP> d-------- e:\documents and settings\Wes\Application Data\InstallShield
2009-01-17 19:50 . 2009-01-18 12:26 <REP> d-------- e:\program files\SEGA
2009-01-16 10:21 . 2009-01-16 10:21 754 --a------ e:\windows\WORDPAD.INI
2009-01-14 15:20 . 2009-01-16 20:26 <REP> d-------- e:\documents and settings\Abaddon\Application Data\Canon
2009-01-14 15:17 . 2009-01-14 15:17 <REP> d-------- e:\documents and settings\Abaddon\Application Data\ArcSoft
2009-01-14 15:15 . 2004-08-03 22:58 15,104 --a------ e:\windows\system32\drivers\usbscan.sys
2009-01-14 15:15 . 2004-08-03 22:58 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys
2009-01-14 14:55 . 2009-01-14 14:55 <REP> d-------- e:\windows\system32\Color
2009-01-14 14:55 . 2009-01-14 14:55 <REP> d-------- e:\program files\NewSoft
2009-01-14 14:55 . 2009-01-14 14:56 <REP> d-------- e:\program files\Fichiers communs\PDFView
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\program files\Fichiers communs\ScanSoft Shared
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\documents and settings\All Users\Application Data\ScanSoft
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 14:52 . 2009-01-14 14:52 <REP> d-------- e:\documents and settings\Abaddon\Application Data\ScanSoft
2009-01-14 14:52 . 2009-01-14 14:52 416 --a------ e:\windows\MAXLINK.INI
2009-01-14 14:51 . 2009-01-14 14:51 <REP> d-------- e:\program files\ScanSoft
2009-01-14 14:49 . 2009-01-14 14:49 <REP> d-------- e:\program files\ArcSoft
2009-01-14 14:49 . 1995-07-31 13:44 212,480 --a------ e:\windows\PCDLIB32.DLL
2009-01-14 14:35 . 2009-01-14 14:35 <REP> d--h----- e:\windows\system32\CanonIJ Uninstaller Information
2009-01-14 14:35 . 2009-01-14 14:35 <REP> d-------- e:\program files\Fichiers communs\CANON
2009-01-14 14:35 . 2009-01-14 14:35 <REP> d--h----- e:\program files\CanonBJ
2009-01-14 14:35 . 2006-07-20 16:51 1,298,432 --a------ e:\windows\system32\CNQC4803.DLL
2009-01-14 14:35 . 2007-08-09 12:17 229,376 --a------ e:\windows\system32\CNQL4803.DLL
2009-01-14 14:35 . 2006-06-29 15:29 106,496 --a------ e:\windows\system32\cnqo4803.dll
2009-01-14 14:35 . 2006-07-20 16:51 57,344 --a------ e:\windows\system32\CNQI4803.DLL
2009-01-14 14:33 . 2009-01-14 14:35 <REP> d-------- e:\program files\Canon
2009-01-11 19:37 . 2009-01-11 19:37 <REP> d-------- e:\program files\FileZilla FTP Client
2009-01-11 19:37 . 2009-01-13 08:49 <REP> d-------- e:\documents and settings\Abaddon\Application Data\FileZilla
2009-01-07 11:10 . 2009-01-07 11:10 11 --a------ e:\windows\system\MSFc400.dll
2009-01-07 11:10 . 2009-01-07 11:10 11 --a------ e:\windows\system\MSFc310.dll
2009-01-02 13:10 . 2009-01-02 13:10 <REP> d-------- e:\windows\San Andreas Mod Installer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 09:43 24,944 ----a-w e:\windows\system32\drivers\GVTDrv.sys
2009-01-29 09:43 --------- d-----w e:\program files\DNA
2009-01-29 09:43 --------- d-----w e:\documents and settings\Abaddon\Application Data\StarOffice8
2009-01-29 09:43 --------- d-----w e:\documents and settings\Abaddon\Application Data\DNA
2009-01-29 08:30 --------- d-----w e:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-29 07:57 --------- d-----w e:\documents and settings\Dekytsomo\Application Data\StarOffice8
2009-01-28 18:36 --------- d-----w e:\documents and settings\All Users\Application Data\Google Updater
2009-01-28 15:29 6,656 ----a-w e:\windows\system32\drivers\aec.sys
2009-01-26 20:19 --------- d-----w e:\documents and settings\Abaddon\Application Data\BitTorrent
2009-01-26 19:28 --------- d-----w e:\documents and settings\All Users\Application Data\GameTap
2009-01-26 10:52 --------- d-----w e:\documents and settings\Wes\Application Data\StarOffice8
2009-01-19 08:45 --------- d-----w e:\program files\Java
2009-01-18 12:52 --------- d-----w e:\program files\Google
2009-01-18 12:04 --------- d--h--w e:\program files\InstallShield Installation Information
2009-01-17 20:30 --------- d-----w e:\program files\DAEMON Tools Lite
2009-01-17 19:30 --------- d-----w e:\program files\Ubisoft
2009-01-14 13:52 --------- d-----w e:\program files\Fichiers communs\InstallShield
2009-01-08 17:03 --------- d-----w e:\documents and settings\Abaddon\Application Data\dvdcss
2008-12-24 12:44 --------- d---a-w e:\documents and settings\All Users\Application Data\TEMP
2008-12-23 18:44 --------- d-----w e:\program files\Fichiers communs\Adobe
2008-12-23 18:38 --------- d-----w e:\program files\Fichiers communs\Macrovision Shared
2008-12-19 13:13 --------- d-----w e:\program files\MSXML 6.0
2008-12-14 11:26 --------- d-----w e:\program files\Reference Assemblies
2008-12-11 11:57 333,184 ----a-w e:\windows\system32\drivers\srv.sys
2008-12-06 20:02 --------- d-----w e:\program files\ScummVM
2008-12-06 20:02 --------- d-----w e:\documents and settings\Abaddon\Application Data\ScummVM
2008-12-06 18:28 --------- d-----w e:\program files\WinHTTrack
2008-12-04 17:13 --------- d-----w e:\program files\GameTap
2008-03-01 17:24 96 ----a-w e:\program files\Default7BBC
2008-03-01 17:24 768 ----a-w e:\program files\MySetup.DK
2008-03-01 17:24 49,706 ----a-w e:\program files\intrface.bbw
2008-03-01 17:24 3,200 ----a-w e:\program files\DEFAULT.ALI
2008-03-01 17:24 192 ----a-w e:\program files\BBWERROR.LOG
2008-03-01 17:24 11,173 ----a-w e:\program files\BBToolBar6.INI
2008-03-01 16:57 107,512 ---ha-w e:\program files\BBWF.GID
2008-03-01 16:45 2,354,456 ----a-w e:\program files\BBW7K.LSW
2008-03-01 16:44 35,866 ----a-w e:\program files\unins000.dat
2008-03-01 16:43 685,532 ----a-w e:\program files\unins000.exe
2008-02-07 19:46 1 ----a-w e:\documents and settings\Abaddon\SI.bin
2007-09-27 09:27 1,679,360 ----a-w e:\program files\bbbwf.dll
2007-02-15 12:21 8,319,488 ----a-w e:\program files\bbwdemo.exe
2006-12-28 14:37 3,763 ----a-w e:\program files\licensef.txt
2006-08-17 11:36 63,488 ----a-w e:\program files\DEFAULTf.MEL
2006-08-17 09:38 64,256 ----a-w e:\program files\DEFAULTf.HAR
2006-05-01 07:13 7,290,659 ----a-w e:\program files\BB2006manualFR.pdf
2006-04-27 13:40 173,688 ----a-w e:\program files\tscc.exe
2006-03-17 20:13 4,676,191 ----a-w e:\program files\BBWF.HLP
2006-03-17 18:55 27,515 ----a-w e:\program files\bbwf.cnt
2006-03-13 07:43 2,301,279 ----a-w e:\program files\BB2006UG_manual.pdf
2006-03-13 07:43 2,301,279 ----a-w e:\program files\Band-in-a-Box 2006 Manual.pdf
2006-03-02 13:57 253,952 ----a-w e:\program files\DEFAULTf.SOL
2006-03-01 11:56 1,001,733 ----a-w e:\program files\BB2006UG_manualFR.pdf
2006-02-15 11:03 173,568 ----a-w e:\program files\bbwdll14.dll
2006-01-19 15:04 1,248,768 ----a-w e:\program files\gp5.dll
2006-01-18 12:12 1,703,872 ----a-w e:\program files\bb2006_dx_plug_1_3_4_f.exe
2006-01-16 12:34 99,840 ----a-w e:\program files\Ptw2^f.dll
2005-12-15 14:29 4,153,421 ----a-w e:\program files\bbw.hlp
2005-12-15 14:27 26,582 ----a-w e:\program files\bbw.cnt
2005-11-23 16:19 620,544 ----a-w e:\program files\$midimon^.exe
2005-11-08 19:50 29,184 ----a-w e:\program files\bbwres.dll
2005-11-07 11:45 590,336 ----a-w e:\program files\STOMBBx.exe
2004-06-09 07:09 9,817,208 ----a-w e:\program files\bbdemo.wmv
2004-04-20 14:26 64,256 ----a-w e:\program files\DEFAULT.HAR
2004-04-20 14:26 63,488 ----a-w e:\program files\default.MEL
2004-04-20 14:26 253,952 ----a-w e:\program files\DEFAULT.SOL
2004-04-20 13:31 65,024 ----a-w e:\program files\DEFAULTf.GIT
2004-04-08 10:27 74,240 ----a-w e:\program files\BBWf.TPB
2004-04-08 10:26 53,352 ----a-w e:\program files\bbwf.tip
2004-03-23 12:01 17 ----a-w e:\program files\language.ini
2003-12-15 17:56 510,665 ----a-w e:\program files\BBW.LST
2003-11-30 17:00 3,898 ----a-w e:\program files\LICENSE.TXT
2003-11-28 03:11 73,216 ----a-w e:\program files\BBW.TPB
2003-11-28 03:11 53,636 ----a-w e:\program files\bbw.tip
2003-11-27 22:46 146,432 ----a-w e:\program files\bbwdll9.dll
2003-11-25 12:41 6,789 ----a-w e:\program files\korg_ix300.txt
2003-11-24 11:35 25,262 ----a-w e:\program files\JAZZROK2.STY
2003-11-24 11:33 36,341 ----a-w e:\program files\JAZZBAL2.STY
2003-11-22 16:38 28,668 ----a-w e:\program files\BOSANEW.STY
2003-11-19 23:52 23,760 ----a-w e:\program files\mccoy2.sty
2003-11-14 19:08 35,171 ----a-w e:\program files\fusngrv1.sty
2003-10-31 13:52 15,056 ----a-w e:\program files\J_EVANLH.STY
2003-10-29 05:48 27,813 ----a-w e:\program files\xv-3080n.pat
2003-10-02 15:17 24,314 ----a-w e:\program files\78JAZFNK.STY
2003-09-10 16:23 39,835 ----a-w e:\program files\2416VISH.STY
2003-09-10 05:21 19,552 ----a-w e:\program files\ymu90r2.pat
2003-08-08 18:34 31,090 ----a-w e:\program files\54_SWING.STY
2003-08-08 16:40 36,225 ----a-w e:\program files\11_8_POP.STY
2003-03-19 16:05 2,442 ----a-w e:\program files\Pst^preq.ini
2003-03-19 16:05 1,518 ----a-w e:\program files\Pst^gain.ini
2003-03-19 16:04 1,914 ----a-w e:\program files\Pst^greq.ini
2003-03-19 16:04 1,518 ----a-w e:\program files\Pst^tone.ini
2003-03-19 16:03 1,287 ----a-w e:\program files\PST^TREM.INI
2003-03-19 16:02 1,551 ----a-w e:\program files\Pst^flng.ini
2003-03-19 16:02 1,353 ----a-w e:\program files\Pst^ring.ini
2003-03-19 16:01 1,518 ----a-w e:\program files\Pst^cho.ini
2003-03-19 16:00 2,244 ----a-w e:\program files\Pst^echo.ini
2003-03-19 15:58 1,518 ----a-w e:\program files\Pst^rvb.ini
2003-03-19 15:57 1,287 ----a-w e:\program files\Pst^dist.ini
2003-03-19 15:56 1,782 ----a-w e:\program files\Pst^dyn.ini
2002-12-19 13:05 35,709 ----a-w e:\program files\new_jv2080.pat
2006-05-03 09:06 163,328 --sh--r e:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r e:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w e:\windows\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"msnmsgr"="e:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 68856]
"BitTorrent DNA"="e:\program files\DNA\btdna.exe" [2008-12-19 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="e:\windows\system32\dumprep 0 -u" [X]
"EasyTuneVPro"="e:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="e:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-02 185896]
"PWRISOVM.EXE"="e:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"SSBkgdUpdate"="e:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="e:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="e:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"win system"="c:\windows\winav.exe" [2009-01-20 48690]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 e:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2doxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\TmNationsForever\\TmForever.exe"=
"e:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"i:\\Jeux\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"i:\\Jeux\\Crysis\\Bin32\\Crysis.exe"=
"i:\\Jeux\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"i:\\Jeux\\Call of Duty - World at War\\CoDWaW.exe"=
"i:\\Jeux\\Call of Duty - World at War\\CoDWaWmp.exe"=
"i:\\Jeux\\Call of Duty 4 Modern Warfare Full-Rip Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"i:\\Jeux\\Flight Simulator X\\fsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 ati2doxx;ati2doxx;e:\windows\system32\drivers\ati2doxx.sys [2009-01-28 32768]
R0 KLBG;Kaspersky Lab Boot Guard Driver;e:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 pavboot;pavboot;e:\windows\system32\drivers\pavboot.sys [2009-01-20 28544]
R3 GVTDrv;GVTDrv;e:\windows\system32\drivers\GVTDrv.sys [2007-12-27 24944]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;e:\windows\system32\drivers\klfltdev.sys [2008-02-05 26640]
R3 MarkFun_NT;MarkFun_NT;e:\program files\Gigabyte\ET5Pro\MARKFUN.W32 [2007-12-27 17912]
R4 atidgllk;atidgllk;e:\program files\Gigabyte\ET5Pro\atidgllk.sys [2007-12-27 12048]
S3 cusbohcn;cusbohcn;\??\e:\docume~1\Abaddon\LOCALS~1\Temp\cusbohcn.sys --> e:\docume~1\Abaddon\LOCALS~1\Temp\cusbohcn.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - MARKFUN_NT
.
Contenu du dossier 'Tâches planifiées'
2009-01-29 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{872A39C0-8E01-44DA-ADBA-B6BA008713F1} - e:\windows\system32\iifdeecC.dll
HKCU-Run-Steam - e:\program files\steam\steam.exe
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - e:\documents and settings\Abaddon\Application Data\Mozilla\Firefox\Profiles\wwgq912q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - plugin: e:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: e:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: e:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 10:42:42
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
e:\windows\system32\GVTunner.ref 4 bytes
e:\windows\system32\svchost.exe:ext.exe 32256 bytes executable
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MarkFun_NT]
"ImagePath"="\??\e:\program files\Gigabyte\ET5Pro\markfun.w32"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-117609710-854245398-839522115-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,93,17,cf,63,c3,57,d8,2e,b9,b7,a9,13,43,3a,ea,b5,07,91,a4,e6,62,d1,
ae,70,b5,1f,d1,ad,84,56,47,d8,0c,24,5c,01,c9,36,3f,38,05,b2,35,cf,61,5d,32,\
"??"=hex:1a,f5,11,24,6a,09,04,ff,fc,2c,55,18,c9,bb,02,48
[HKEY_USERS\S-1-5-21-117609710-854245398-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:02,34,12,49,88,da,e2,c7,56,8c,0f,41,35,6a,d9,9a,3e,3e,e7,76,87,
07,80,23,5f,e4,b2,fd,eb,55,5f,6e,f6,b7,7f,c4,50,60,8e,0a,f9,89,a6,4b,c7,62,\
"rkeysecu"=hex:cf,ec,65,fa,f1,db,dd,05,b9,06,0e,9b,b5,1a,02,74
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(800)
e:\windows\system32\Ati2evxx.dll
e:\windows\system32\klogon.dll
.
------------------------ Autres processus actifs ------------------------
.
e:\windows\system32\ati2evxx.exe
e:\windows\system32\ati2evxx.exe
e:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\windows\temp\ayp4.tmp
e:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
e:\program files\Internet Explorer\iexplore.exe
e:\windows\system32\wbem\wmiapsrv.exe
e:\windows\system32\wscntfy.exe
e:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
e:\program files\Gigabyte\ET5Pro\GUI.exe
e:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
e:\windows\system32\dumprep.exe
e:\windows\system32\rundll32.exe
e:\program files\Sun\StarOffice 8\program\soffice.exe
e:\program files\Sun\StarOffice 8\program\soffice.bin
.
**************************************************************************
.
Heure de fin: 2009-01-29 10:46:25 - La machine a redémarré [Abaddon]
ComboFix-quarantined-files.txt 2009-01-29 09:46:22
Avant-CF: 27,733,532,672 octets libres
Après-CF: 27,707,633,664 octets libres
458 --- E O F --- 2009-01-15 02:02:33
et
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:38, on 29/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\TEMP\ayp4.tmp
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Gigabyte\ET5Pro\GUI.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
E:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winav.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.exe
E:\Program Files\Sun\StarOffice 8\program\soffice.BIN
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Téléchargements\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EasyTuneVPro] E:\Program Files\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "E:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "E:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] E:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [win system] C:\WINDOWS\winav.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = E:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Unknown owner - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - E:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - file:///C:/TITOUNE/IMAG1993.JPG
O24 - Desktop Component 1: (no name) - file:///C:/oh33wo7.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Tribal-black.gif
O24 - Desktop Component 3: (no name) - file:///C:/7589.jpg
O24 - Desktop Component 4: (no name) - file:///C:/ImpalaAttack.jpg
O24 - Desktop Component 5: (no name) - file:///C:/preview43.jpg
O24 - Desktop Component 6: (no name) - file:///C:/mini.phpd.jpg
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
29 janv. 2009 à 17:20
29 janv. 2009 à 17:20
re
petite verif
desactive ton antivirus le fi xest detecté a tort
telecharge AD REMOVER http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
installe, lance le choisit ta langue et fait option A et poste le rapport
petite verif
desactive ton antivirus le fi xest detecté a tort
telecharge AD REMOVER http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
installe, lance le choisit ta langue et fait option A et poste le rapport
Voilà :
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 14:15:45 | Sam 31/01/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: E:\Program Files\Ad-remover\Ad-remover.bat
Pc: TARTAROS | User: Abaddon ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
- I:\ (File System: NTFS)
System Drive: E:\
Windows Directory: E:\WINDOWS\
System Directory: E:\WINDOWS\System32\
--- Running Processes: 62
+--------------------| Boonty/Boonty Games Elements Found :
.
HKCR\boontybox
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\SYSTEM\ControlSet001\Services\Boonty Games
.
E:\Program Files\Fichiers communs\BOONTY Shared
E:\Program Files\Fichiers communs\BOONTY Shared\Service
E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
E:\Documents and Settings\All Users\Application Data\BOONTY
E:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
E:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3908000.dat
E:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3A32000.dat
+--------------------| Eorezo Elements Found :
.
.
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
.
+--------------------| Sweetim Elements Found :
.
.
+--------------------| Added Scan :
+---------- SCANNING PREFS.JS ... ( # Mozilla user preferences )
..\wwgq912q.default\prefs.js :
~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~
* BROWSER SEARCH DEFAULT ENGINE: "Google"
* BROWSER SEARCH DEFAULT URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q="
.
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 6.0.2900.2180 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.google.com/
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://fr.yahoo.com
+---------------------------------------------------------------------------+
[~2322 BYTES] - "E:\AD-REPORT-SCAN-31.01.2009.LOG"
End at: 14:22:05 | 31/01/2009 - Time elapsed: 6 minutes, 19 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 56 Lines ]
+---------------------------------------------------------------------------+
Au passage, je ne sais pas si c'est lié à une manoeuvre avec Ccleaner ou autre, mais j'ai eu du mal à me connecter à internet, et mon thème de bureau, qui est noir, n'affiche plus les caractères de texte du nom des fenêtres dans la barre explorer en blanc mais en noir, ce qui les rend illisibles... est-ce que ça a un rapport, par ce que je n'arrive pas à le corriger.
J'ai aussi, il me semble, eu quelques légers ralentissements.
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------
Updated by C_XX on 17/01/2009 at 12:00
Start at: 14:15:45 | Sam 31/01/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: E:\Program Files\Ad-remover\Ad-remover.bat
Pc: TARTAROS | User: Abaddon ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
- I:\ (File System: NTFS)
System Drive: E:\
Windows Directory: E:\WINDOWS\
System Directory: E:\WINDOWS\System32\
--- Running Processes: 62
+--------------------| Boonty/Boonty Games Elements Found :
.
HKCR\boontybox
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\SYSTEM\ControlSet001\Services\Boonty Games
.
E:\Program Files\Fichiers communs\BOONTY Shared
E:\Program Files\Fichiers communs\BOONTY Shared\Service
E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
E:\Documents and Settings\All Users\Application Data\BOONTY
E:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
E:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3908000.dat
E:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3A32000.dat
+--------------------| Eorezo Elements Found :
.
.
+--------------------| Everest Casino/Everest Poker Elements Found :
.
.
+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :
.
.
+--------------------| It's TV Elements Found :
.
+--------------------| Sweetim Elements Found :
.
.
+--------------------| Added Scan :
+---------- SCANNING PREFS.JS ... ( # Mozilla user preferences )
..\wwgq912q.default\prefs.js :
~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~
* BROWSER SEARCH DEFAULT ENGINE: "Google"
* BROWSER SEARCH DEFAULT URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q="
.
+---------------------------------------------------------------------------+
~~~~ INTERNET EXPLORER VERSION 6.0.2900.2180 ~~~~
+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://www.google.com/
+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]
Start page : hxxp://fr.yahoo.com
+---------------------------------------------------------------------------+
[~2322 BYTES] - "E:\AD-REPORT-SCAN-31.01.2009.LOG"
End at: 14:22:05 | 31/01/2009 - Time elapsed: 6 minutes, 19 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 56 Lines ]
+---------------------------------------------------------------------------+
Au passage, je ne sais pas si c'est lié à une manoeuvre avec Ccleaner ou autre, mais j'ai eu du mal à me connecter à internet, et mon thème de bureau, qui est noir, n'affiche plus les caractères de texte du nom des fenêtres dans la barre explorer en blanc mais en noir, ce qui les rend illisibles... est-ce que ça a un rapport, par ce que je n'arrive pas à le corriger.
J'ai aussi, il me semble, eu quelques légers ralentissements.
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
31 janv. 2009 à 17:20
31 janv. 2009 à 17:20
re
les couleurs transparente en haut des fenetres sa arrive, quand tu redemarre sa part, les ralentissement rien à voir avec les fix, ensuite certains fix modifie certaine config de ton PC notamment ecran de fond....donc une fois la desinfection fini tu remettra tous :)
pour suivre :
deconnecte toi d'internet, ferme TOUT et relance AD remover en option B puis tape 1 (pr seletionner boonty) puis entrée puis tape S puis entrée pour lancer la suppression puis poste le rapport
puis reposte un hijackthis
les couleurs transparente en haut des fenetres sa arrive, quand tu redemarre sa part, les ralentissement rien à voir avec les fix, ensuite certains fix modifie certaine config de ton PC notamment ecran de fond....donc une fois la desinfection fini tu remettra tous :)
pour suivre :
deconnecte toi d'internet, ferme TOUT et relance AD remover en option B puis tape 1 (pr seletionner boonty) puis entrée puis tape S puis entrée pour lancer la suppression puis poste le rapport
puis reposte un hijackthis
