Sujet Précédent Sujet Suivant

Quelqu'un peut lire mon rapport HiJackThis?

Clara90 -  
 Utilisateur anonyme -
Bonjour a tous

Je cherche quelqu'un qui puisse lire mon rapport hijackthis pour savoir si j'ai des virus

merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:43, on 11/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
F:\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\KeenfinderSrch\keenfinder136.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\KeenfinderSrch\keenfinder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
F:\Steam\Steam.exe
f:\steam\steamapps\shinrei99\condition zero\hl.exe
F:\Steam\GameOverlayUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TAN\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moteur.chat-land.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fgo.microsoft.com%2ffwlink%2f%3fLinkId%3d69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [svshost32] svshost32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [svshost32] svshost32.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - https://iplay.fr.toontown.com/download/sv1.5.22.4/ttinst-french.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KeenfinderSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\KeenfinderSrch\keenfinder136.exe
A voir également:

34 réponses

Précédent
  • 1
  • 2
Réponse 21 / 34
pop7
 
voila

ComboFix 09-02-14.01 - TAN 2009-02-15 17:22:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.44.1036.18.1023.492 [GMT 1:00]
Running from: c:\documents and settings\TAN\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
AV: BitDefender Antivirus v10 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\advport.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\rnaph.dll
c:\windows\system32\stera.log
c:\windows\system32\urlmsnlink.dat
c:\windows\system32\wbem\ocmor.dat
c:\windows\system32\wbem\ocmor.dll
c:\windows\system32\winup

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BRGNS
-------\Legacy_CLIPART
-------\Legacy_MOBILL
-------\Legacy_SECURITY
-------\Legacy_SOSCAR
-------\Service_BRGNS
-------\Service_ClipArt
-------\Service_MOBILL
-------\Service_Security
-------\Service_SoSCAR

((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-15 11:17 . 2009-02-15 11:17 <REP> d-------- c:\program files\VS Revo Group
2009-02-14 23:59 . 2009-02-15 00:15 <REP> d-------- C:\ToolBar SD
2009-02-14 23:52 . 2009-02-14 23:52 <REP> d-------- c:\program files\Fichiers communs\Adobe
2009-02-14 22:13 . 2009-02-14 22:13 <REP> d-------- C:\rsit
2009-02-14 22:05 . 2009-02-14 22:05 <REP> d-------- c:\program files\DelThumbs
2009-02-14 21:56 . 2009-02-14 21:56 <REP> d-------- c:\program files\CleanUp!
2009-02-14 21:47 . 2009-02-14 21:47 <REP> d-------- c:\documents and settings\TAN\Application Data\Auslogics
2009-02-14 21:45 . 2009-02-14 21:45 <REP> d-------- c:\program files\Auslogics
2009-02-14 11:56 . 2009-02-14 20:54 <REP> d-------- c:\program files\Windows Live Safety Center
2009-02-13 22:13 . 2009-02-13 22:13 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-13 22:12 . 2009-02-13 22:13 <REP> d-------- c:\program files\SystemRequirementsLab
2009-02-13 22:12 . 2009-02-13 22:12 <REP> d-------- c:\documents and settings\TAN\Application Data\SystemRequirementsLab
2009-02-12 19:15 . 2009-02-12 19:15 <REP> d-------- c:\program files\ma-config.com
2009-02-12 19:15 . 2009-02-12 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2009-02-12 17:42 . 2009-02-13 23:10 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-12 17:36 . 2009-02-12 17:36 <REP> d-------- c:\documents and settings\TAN\Application Data\ATI
2009-02-12 17:36 . 2009-02-12 17:36 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-12 17:35 . 2009-02-12 17:35 0 --a------ c:\windows\ativpsrm.bin
2009-02-12 17:33 . 2009-02-13 18:41 <REP> d-------- c:\program files\ATI
2009-02-12 17:27 . 2009-02-12 17:28 <REP> d-------- c:\program files\QuickTime
2009-02-12 17:24 . 2009-02-12 17:24 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-12 17:23 . 2009-02-12 17:23 <REP> d-------- c:\windows\system32\Adobe
2009-02-12 17:22 . 2009-02-12 17:22 <REP> d-------- c:\documents and settings\TAN\Application Data\Desktopicon
2009-02-12 17:19 . 2009-02-14 21:42 <REP> d-------- c:\program files\filehippo.com
2009-02-12 16:30 . 2009-02-12 16:30 <REP> d-------- C:\_OTMoveIt
2009-02-11 12:06 . 2009-02-11 12:06 <REP> d-------- c:\program files\Avira
2009-02-11 12:06 . 2009-02-11 12:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-09 18:08 . 2009-02-09 18:08 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2009-02-09 18:05 . 2009-02-10 17:59 <REP> d-------- c:\program files\SplitCam
2009-02-09 18:05 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2009-02-07 20:04 . 2009-02-07 20:04 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-02-06 12:00 . 2009-02-06 12:00 268 --ah----- C:\sqmdata10.sqm
2009-02-06 12:00 . 2009-02-06 12:00 244 --ah----- C:\sqmnoopt10.sqm
2009-02-03 21:12 . 2009-02-14 13:23 <REP> d-------- c:\program files\KeenfinderSrch
2009-02-03 21:12 . 2009-02-12 16:43 <REP> d-------- c:\documents and settings\All Users\Application Data\KeenfinderSrch
2009-02-03 21:10 . 2009-02-03 21:10 <REP> d-------- c:\windows\Icons
2009-02-03 21:10 . 2009-02-12 16:30 <REP> d-------- c:\program files\RelevantKnowledge
2009-02-03 21:10 . 2009-02-08 19:09 <REP> d-------- c:\program files\FileSubmit
2009-01-22 21:59 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-22 21:59 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2009-01-22 21:59 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2009-01-22 21:50 . 2009-01-22 21:50 <REP> d-------- c:\program files\Codemasters
2009-01-21 22:13 . 2009-01-21 22:13 <REP> d-------- c:\documents and settings\TAN\dwhelper
2009-01-21 15:44 . 2009-01-21 15:44 <REP> d-------- c:\documents and settings\TAN\Application Data\Propellerhead Software
2009-01-21 15:44 . 2009-01-21 15:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-01-21 15:44 . 2009-01-21 15:44 368,640 --a------ c:\windows\system32\ReWire.dll
2009-01-21 15:44 . 2009-01-21 15:44 233,472 --a------ c:\windows\system32\REX Shared Library.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 19:07 --------- d-----w c:\documents and settings\TAN\Application Data\teamspeak2
2009-02-12 16:35 --------- d-----w c:\program files\Unlocker
2009-02-12 16:33 --------- d-----w c:\program files\ATI Technologies
2009-02-12 16:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 16:23 --------- d-----w c:\program files\Java
2009-02-12 16:21 --------- d-----w c:\program files\CCleaner
2009-02-07 18:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-29 15:57 --------- d-----w c:\program files\DivX
2009-01-23 19:57 --------- d-----w c:\program files\World of Warcraft
2009-01-21 21:07 --------- d-----w c:\program files\Image-Line
2009-01-21 20:15 --------- d-----w c:\program files\Ares
2009-01-18 14:06 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-13 18:25 1,080 ----a-w c:\documents and settings\TAN\Application Data\wklnhst.dat
2009-01-12 18:11 --------- d-----w c:\documents and settings\TAN\Application Data\Apple Computer
2009-01-04 16:23 --------- d-----w c:\program files\VstPlugins
2009-01-02 19:04 --------- d--h--w c:\documents and settings\TAN\Application Data\ijjigame
2008-12-25 21:57 --------- d-----w c:\documents and settings\TAN\Application Data\Sprite Software
2008-09-10 17:26 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="c:\program files\Ares\Ares.exe" [2009-01-03 893952]
"H/PC Connection Agent"="F:\Wcescomm.exe" [2006-11-13 1289000]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2006-07-31 925696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SoundMAX Agent Service (default)"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FTRTSVC"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"a2free"=2 (0x2)

[HKLM\~\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile"= 0 (0x0)]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.0.6692-to-2.1.0.6729-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.0.6729-to-2.1.1.6739-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.1.6739-to-2.1.2.6803-frFR-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-frFR-downloader.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TAN\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\Steam\\SteamApps\\shinrei99\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"f:\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Steam\\SteamApps\\shinrei99\\counter-strike\\hl.exe"=
"f:\rapimgr.exe"= f:\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"f:\wcescomm.exe"= f:\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"f:\wcesmgr.exe"= f:\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-06-02 2368]
S0 bnpmsq68;bnpmsq6;c:\windows\system32\DRIVERS\bnpmsq68.sys --> c:\windows\system32\DRIVERS\bnpmsq68.sys [?]
S2 nwlnksipx;nwlnksipx;\??\c:\windows\system32\drivers\nwlnksipx.sys --> c:\windows\system32\drivers\nwlnksipx.sys [?]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2005-04-21 223232]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2006-07-31 402432]
S3 XDva026;XDva026;\??\c:\windows\system32\XDva026.sys --> c:\windows\system32\XDva026.sys [?]
S3 XDva028;XDva028;\??\c:\windows\system32\XDva028.sys --> c:\windows\system32\XDva028.sys [?]
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys --> c:\windows\system32\XDva032.sys [?]
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?]
S3 XDva200;XDva200;\??\c:\windows\system32\XDva200.sys --> c:\windows\system32\XDva200.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{555ea9ca-b27d-11dd-ac23-0011d841b859}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-13 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-svshost32 - svshost32.exe
HKU-Default-Run-System32 TCP Manager - systcpm.exe
HKU-Default-RunServices-svshost32 - svshost32.exe

.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
uInternet Settings,ProxyOverride = *.local
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} - hxxps://iplay.fr.toontown.com/download/sv1.5.22.4/ttinst-french.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\TAN\Application Data\Mozilla\Firefox\Profiles\oncfizi0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
FF - plugin: c:\documents and settings\TAN\Application Data\Mozilla\Firefox\Profiles\oncfizi0.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\TAN\Application Data\Mozilla\Firefox\Profiles\oncfizi0.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 17:26:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-02-15 17:32:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 16:32:05

Pre-Run: 17 488 240 640 octets libres
Post-Run: 17,410,621,440 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

278 --- E O F --- 2009-02-11 21:21:18
0
Réponse 22 / 34
Utilisateur anonyme
 
ok renvoir un nouveau rapport "log.txt" de rsit stp
0
Réponse 23 / 34
pop7
 
voila

Logfile of random's system information tool 1.05 (written by random/random)
Run by TAN at 2009-02-15 17:37:55
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 17 GB (33%) free of 50 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:07, on 15/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
F:\Wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TAN\Bureau\RSIT.exe
C:\Documents and Settings\TAN\Bureau\TAN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=http%3a%2f%2fmoteur.chat-land.org%2f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - https://iplay.fr.toontown.com/download/sv1.5.22.4/ttinst-french.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
0
Réponse 24 / 34
Utilisateur anonyme
 
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur, il n'est pas transposable sur un autre ordinateur !

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
C:\Program Files\KeenfinderSrch
C:\WINDOWS\system32\XDva026.sys
C:\WINDOWS\system32\XDva028.sys
C:\WINDOWS\system32\XDva032.sys
C:\WINDOWS\system32\XDva120.sys
C:\WINDOWS\system32\XDva200.sys
C:\WINDOWS\system32\XTrapD12.sys

------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 34
POP7
 
re dsl ton lien est foireux
0
Réponse 26 / 34
Utilisateur anonyme
 
oui desole j ai appris ca hier j ai oublie de l enlever fais quand meme l operation
0
Réponse 27 / 34
POP7
 
c'est grave si j'ai supprimé l'icone combo fix ?
0
Réponse 28 / 34
POP7
 
je trouve pas le fichier
0
Réponse 29 / 34
Utilisateur anonyme
 
ben oui on peut pas faire l operation :)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
0
Réponse 30 / 34
POP7
 
voila

ComboFix 09-02-15.01 - TAN 2009-02-16 13:04:45.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.44.1036.18.1023.345 [GMT 1:00]
Running from: c:\documents and settings\TAN\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\TAN\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus v10 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.

2009-02-15 11:17 . 2009-02-15 11:17 <REP> d-------- c:\program files\VS Revo Group
2009-02-14 23:59 . 2009-02-15 00:15 <REP> d-------- C:\ToolBar SD
2009-02-14 23:52 . 2009-02-14 23:52 <REP> d-------- c:\program files\Fichiers communs\Adobe
2009-02-14 22:13 . 2009-02-14 22:13 <REP> d-------- C:\rsit
2009-02-14 22:05 . 2009-02-14 22:05 <REP> d-------- c:\program files\DelThumbs
2009-02-14 21:56 . 2009-02-14 21:56 <REP> d-------- c:\program files\CleanUp!
2009-02-14 21:47 . 2009-02-14 21:47 <REP> d-------- c:\documents and settings\TAN\Application Data\Auslogics
2009-02-14 21:45 . 2009-02-14 21:45 <REP> d-------- c:\program files\Auslogics
2009-02-14 11:56 . 2009-02-14 20:54 <REP> d-------- c:\program files\Windows Live Safety Center
2009-02-13 22:13 . 2009-02-13 22:13 552 --a------ c:\windows\system32\d3d8caps.dat
2009-02-13 22:12 . 2009-02-13 22:13 <REP> d-------- c:\program files\SystemRequirementsLab
2009-02-13 22:12 . 2009-02-13 22:12 <REP> d-------- c:\documents and settings\TAN\Application Data\SystemRequirementsLab
2009-02-12 19:15 . 2009-02-12 19:15 <REP> d-------- c:\program files\ma-config.com
2009-02-12 19:15 . 2009-02-12 19:15 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2009-02-12 17:42 . 2009-02-13 23:10 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-12 17:36 . 2009-02-12 17:36 <REP> d-------- c:\documents and settings\TAN\Application Data\ATI
2009-02-12 17:36 . 2009-02-12 17:36 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-12 17:35 . 2009-02-12 17:35 0 --a------ c:\windows\ativpsrm.bin
2009-02-12 17:33 . 2009-02-13 18:41 <REP> d-------- c:\program files\ATI
2009-02-12 17:27 . 2009-02-12 17:28 <REP> d-------- c:\program files\QuickTime
2009-02-12 17:24 . 2009-02-12 17:24 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-12 17:23 . 2009-02-12 17:23 <REP> d-------- c:\windows\system32\Adobe
2009-02-12 17:22 . 2009-02-12 17:22 <REP> d-------- c:\documents and settings\TAN\Application Data\Desktopicon
2009-02-12 17:19 . 2009-02-14 21:42 <REP> d-------- c:\program files\filehippo.com
2009-02-12 16:30 . 2009-02-12 16:30 <REP> d-------- C:\_OTMoveIt
2009-02-11 12:06 . 2009-02-11 12:06 <REP> d-------- c:\program files\Avira
2009-02-11 12:06 . 2009-02-11 12:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-09 18:08 . 2009-02-09 18:08 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2009-02-09 18:05 . 2009-02-10 17:59 <REP> d-------- c:\program files\SplitCam
2009-02-09 18:05 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2009-02-07 20:04 . 2009-02-07 20:04 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-02-06 12:00 . 2009-02-06 12:00 268 --ah----- C:\sqmdata10.sqm
2009-02-06 12:00 . 2009-02-06 12:00 244 --ah----- C:\sqmnoopt10.sqm
2009-02-03 21:12 . 2009-02-14 13:23 <REP> d-------- c:\program files\KeenfinderSrch
2009-02-03 21:12 . 2009-02-12 16:43 <REP> d-------- c:\documents and settings\All Users\Application Data\KeenfinderSrch
2009-02-03 21:10 . 2009-02-03 21:10 <REP> d-------- c:\windows\Icons
2009-02-03 21:10 . 2009-02-12 16:30 <REP> d-------- c:\program files\RelevantKnowledge
2009-02-03 21:10 . 2009-02-08 19:09 <REP> d-------- c:\program files\FileSubmit
2009-01-22 21:59 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-01-22 21:59 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2009-01-22 21:59 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2009-01-22 21:50 . 2009-01-22 21:50 <REP> d-------- c:\program files\Codemasters
2009-01-21 22:13 . 2009-01-21 22:13 <REP> d-------- c:\documents and settings\TAN\dwhelper
2009-01-21 15:44 . 2009-01-21 15:44 <REP> d-------- c:\documents and settings\TAN\Application Data\Propellerhead Software
2009-01-21 15:44 . 2009-01-21 15:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-01-21 15:44 . 2009-01-21 15:44 368,640 --a------ c:\windows\system32\ReWire.dll
2009-01-21 15:44 . 2009-01-21 15:44 233,472 --a------ c:\windows\system32\REX Shared Library.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 19:07 --------- d-----w c:\documents and settings\TAN\Application Data\teamspeak2
2009-02-12 16:35 --------- d-----w c:\program files\Unlocker
2009-02-12 16:33 --------- d-----w c:\program files\ATI Technologies
2009-02-12 16:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 16:23 --------- d-----w c:\program files\Java
2009-02-12 16:21 --------- d-----w c:\program files\CCleaner
2009-02-07 18:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-29 15:57 --------- d-----w c:\program files\DivX
2009-01-23 19:57 --------- d-----w c:\program files\World of Warcraft
2009-01-21 21:07 --------- d-----w c:\program files\Image-Line
2009-01-21 20:15 --------- d-----w c:\program files\Ares
2009-01-18 14:06 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll
2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll
2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll
2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll
2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll
2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll
2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll
2009-01-13 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-01-13 18:25 1,080 ----a-w c:\documents and settings\TAN\Application Data\wklnhst.dat
2009-01-12 18:11 --------- d-----w c:\documents and settings\TAN\Application Data\Apple Computer
2009-01-04 16:23 --------- d-----w c:\program files\VstPlugins
2009-01-02 19:04 --------- d--h--w c:\documents and settings\TAN\Application Data\ijjigame
2008-12-25 21:57 --------- d-----w c:\documents and settings\TAN\Application Data\Sprite Software
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-10 17:26 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-15_17.30.27.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-16 11:02:53 16,384 ------w c:\windows\Temp\Perflib_Perfdata_178.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ares"="c:\program files\Ares\Ares.exe" [2009-01-03 893952]
"H/PC Connection Agent"="F:\Wcescomm.exe" [2006-11-13 1289000]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-01-20 1451248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2006-07-31 925696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SoundMAX Agent Service (default)"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"FTRTSVC"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"a2free"=2 (0x2)

[HKLM\~\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile"= 0 (0x0)]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.0.6692-to-2.1.0.6729-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.0.6729-to-2.1.1.6739-frFR-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.1.1.6739-to-2.1.2.6803-frFR-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.2.3.7359-to-2.3.0.7561-frFR-downloader.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\TAN\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"f:\\Steam\\SteamApps\\shinrei99\\condition zero\\hl.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"f:\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Steam\\SteamApps\\shinrei99\\counter-strike\\hl.exe"=
"f:\rapimgr.exe"= f:\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"f:\wcescomm.exe"= f:\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"f:\wcesmgr.exe"= f:\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2005-06-02 2368]
S0 bnpmsq68;bnpmsq6;c:\windows\system32\DRIVERS\bnpmsq68.sys --> c:\windows\system32\DRIVERS\bnpmsq68.sys [?]
S2 nwlnksipx;nwlnksipx;\??\c:\windows\system32\drivers\nwlnksipx.sys --> c:\windows\system32\drivers\nwlnksipx.sys [?]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2005-04-21 223232]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2006-07-31 402432]
S3 XDva026;XDva026;\??\c:\windows\system32\XDva026.sys --> c:\windows\system32\XDva026.sys [?]
S3 XDva028;XDva028;\??\c:\windows\system32\XDva028.sys --> c:\windows\system32\XDva028.sys [?]
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys --> c:\windows\system32\XDva032.sys [?]
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?]
S3 XDva200;XDva200;\??\c:\windows\system32\XDva200.sys --> c:\windows\system32\XDva200.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{555ea9ca-b27d-11dd-ac23-0011d841b859}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-13 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
uInternet Settings,ProxyOverride = *.local
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} - hxxps://iplay.fr.toontown.com/download/sv1.5.22.4/ttinst-french.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\TAN\Application Data\Mozilla\Firefox\Profiles\oncfizi0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
FF - plugin: c:\documents and settings\TAN\Application Data\Mozilla\Firefox\Profiles\oncfizi0.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\TAN\Application Data\Mozilla\Firefox\Profiles\oncfizi0.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 13:06:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-16 13:08:31
ComboFix-quarantined-files.txt 2009-02-16 12:08:28
ComboFix2.txt 2009-02-15 16:32:11

Pre-Run: 17 382 146 048 octets libres
Post-Run: 17,367,625,728 octets libres

264 --- E O F --- 2009-02-11 21:21:18
0
Réponse 31 / 34
POP7
 
UP
0
Réponse 32 / 34
Utilisateur anonyme
 
tu as eccetue ce demande au post 30 avec te txt ?

ou tu as juste repasse Combofix ?
0
Réponse 33 / 34
POP7
 
bah j'ai fait ce que tu m'as demandé ^^ enfin je crois
0
Réponse 34 / 34
Utilisateur anonyme
 
reessaie en suivant bien les indications c est pas normal qu'il ait agi de la sorte
0

Discussions similaires

écrire un rapport de travail
asi -
REGINALD -

3 réponses