Besoin d'aide pour virrer le virus de MSN

Maillou94 Messages postés 22 Statut Membre -  
Maillou94 Messages postés 22 Statut Membre -
Bonsoir, et oui j'ai fais le con, rien que le titre vous le montre deja... J'ai clické sur un lien que m'avais envoyé un contacte sur msn et baam, j'ai moi aussi ete contaminé. Maintenant j'envoie ce lien a tous mes contacte MSN, Firefox bug enormement, je me retrouve redirictionné vers des site porno non stop :sweat: mon PC subit des gros coups de lag de quand je joue, en clair c'est la "merde" :pfff:

Je precise que j'ai deja essayé MSNfix qui me dis bien que je suis contaminé mais qui ne me décontamine... Il me demande de redemarrer pour virrer le virus, mais le virus ne par jamais, j'ai du faire 10 fois le scan de MSNfix mais toujours rien.

J'aurai besoin d'aide pour que mon PC redevienne comme avant svp.

Merci d'avance.
A voir également:

38 réponses

Précédent
  • 1
  • 2
Réponse 21 / 38
Maillou94 Messages postés 22 Statut Membre
 
Je rajoute que apres l'analyse, kapersky ma detecté un nouveau virus:

C:\DOCUME~1\MAISLO~1\LOCALS~1\Temp\Av-test.txt

Est ce que je dois le supprimer car c'est un vrai virus ou est ce que je dosi le garder car ce ficher ferai partie de la demarche de desinfinction avec combofix SDfix ?
0
Réponse 22 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
C'est un fichier de test des antivirus (Eicar), ce n'est pas dangereux, mais tu peux le supprimer.


Redémarre ton ordinateur et poste un nouveau rapport hijackthis stp


0
Réponse 23 / 38
Maillou94 Messages postés 22 Statut Membre
 
ok jle fais de suite
0
Réponse 24 / 38
Maillou94 Messages postés 22 Statut Membre
 
Voici le rapport:

j'ai une petite question, cette exe "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" ne serait pas un virus ? car j'ai un doute

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:34:18, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Mais lol\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://postarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.postarticles.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Non c'est tout à fait normal, apparemment c'est un pilote : https://www.systemlookup.com/Startup/672-WZCSLDR2_exe.html


edit : a suivre...
0
Réponse 26 / 38
Maillou94 Messages postés 22 Statut Membre
 
bon, 15 minutes apres que j'ai posté le dernier log de hijackThis! j'ai ete redirectionné d'un coup vers des sites porno... les infections ont l'air assez "musclés"...
0
Réponse 27 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Ah... J'ai parlé un peu vite alors en disant que l'ordinateur était désinfecté...


Le virus MSN a été supprimé, mais il y a autre chose de bien plus grave !


Essaye ça :

• Télécharge Rooter (créé par l'équipe IDN) sur ton Bureau.
/!\ Déconnecte toi d'internet et ferme toutes les applications en cours /!\
• Exécute Rooter et laisse le travailler jusqu'à l'apparition du rapport dans le bloc note
• Poste le rapport dans ta prochaine réponse.


P.S : je vais dormir, on finira demain si tu veux bien.

0
Réponse 28 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
En regardant à nouveau le premier rapport Combofix, je vois qu'il a supprimé un service "Seneka"

C'est le nom d'un tout nouveau rootkit, ça va être compliqué de s'en débarrasser, Combofix n'a rien vu...

Essaye de passer Rooter pour voir s'il le détecte.


0
Réponse 29 / 38
Maillou94 Messages postés 22 Statut Membre
 
Rooter n'a rien trouvé malheusement :( voici quand meme le log

14/02/2009| 4:11

----------------------\\ Search..

No infections found !


1 - "C:\Rooter$\Rooter_1.txt" - 14/02/2009| 4:12

----------------------\\ Scan completed at 4:12

Sinon tu me fais peur la avec "Le virus MSN a été supprimé, mais il y a autre chose de bien plus grave ! " xD

Je te remerci en tout cas enormement pour tout l'interet que tu portes a mon probleme en tout cas :) a demain

Maillou
0
Réponse 30 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Menu démarrer --> Exécuter --> Tape Combofix /u (l'espace entre combofix et le slash est important) et valide.

Combofix devrait être supprimé après ça (si ce n'est pas le cas, ne fais pas la suite et préviens moi)


Puis télécharge le à nouveau en suivant exactement les mêmes précautions qu'ici : http://www.commentcamarche.net/forum/affich 11020699 besoin d aide pour virrer le virus de msn#18


0
Réponse 31 / 38
Maillou94 Messages postés 22 Statut Membre
 
ComboFix 09-02-12.03 - Mais lol 2009-02-15 2:12:40.3 - NTFSx86
Lancé depuis: c:\documents and settings\Mais lol\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.

2009-02-15 00:26 . 2009-02-15 00:26 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-02-14 04:11 . 2009-02-14 04:12 <REP> d-------- C:\Rooter$
2009-02-14 03:56 . 2009-02-14 03:59 <REP> d-------- c:\program files\SpywareBlaster
2009-02-14 03:56 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-02-14 01:30 . 2009-02-14 01:30 <REP> d-------- C:\rsit
2009-02-14 00:31 . 2009-02-14 00:31 579,072 --a------ c:\windows\system32\DllCache\user32.dll
2009-02-14 00:29 . 2009-02-14 00:29 <REP> d-------- c:\windows\ERUNT
2009-02-13 21:31 . 2009-02-13 21:31 <REP> d-------- c:\program files\Trend Micro
2009-02-13 00:47 . 2009-02-14 03:53 <REP> d-------- c:\program files\a-squared Free
2009-02-12 23:21 . 2009-02-12 23:21 <REP> d-------- c:\documents and settings\Mais lol\Application Data\Malwarebytes
2009-02-12 23:04 . 2009-02-12 23:04 <REP> d-------- c:\documents and settings\Mais lol\Application Data\teamspeak2
2009-02-12 22:55 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-12 22:54 . 2009-02-12 22:54 <REP> d-------- c:\program files\Panda Security
2009-02-12 22:48 . 2009-02-12 22:48 <REP> d-------- c:\documents and settings\Mais lol\Contacts
2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage réseau
2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage d'impression
2009-02-12 22:45 . 2008-05-01 18:49 <REP> d--h----- c:\documents and settings\Mais lol\Modèles
2009-02-12 22:45 . 2009-02-14 14:53 <REP> dr------- c:\documents and settings\Mais lol\Mes documents
2009-02-12 22:45 . 2008-05-01 20:44 <REP> dr------- c:\documents and settings\Mais lol\Menu Démarrer
2009-02-12 22:45 . 2009-02-12 22:45 <REP> dr------- c:\documents and settings\Mais lol\Favoris
2009-02-12 22:45 . 2009-02-15 02:11 <REP> d-------- c:\documents and settings\Mais lol\Bureau
2009-02-12 22:45 . 2009-02-14 03:31 <REP> d-------- c:\documents and settings\Mais lol
2009-02-12 22:45 . 2009-02-12 22:45 244 --ah----- C:\sqmnoopt01.sqm
2009-02-12 22:45 . 2009-02-12 22:45 232 --ah----- C:\sqmdata01.sqm
2009-02-12 22:11 . 2009-02-12 22:16 1,374 --a------ c:\windows\imsins.BAK
2009-02-12 22:10 . 2008-05-07 05:55 1,294,336 --------- c:\windows\system32\DllCache\quartz.dll
2009-02-12 22:10 . 2008-06-20 11:44 360,960 --------- c:\windows\system32\DllCache\tcpip.sys
2009-02-12 22:10 . 2008-10-23 13:51 284,160 --------- c:\windows\system32\DllCache\gdi32.dll
2009-02-12 22:10 . 2008-07-07 21:18 253,952 --------- c:\windows\system32\DllCache\es.dll
2009-02-12 22:10 . 2008-06-20 18:37 247,808 --------- c:\windows\system32\DllCache\mswsock.dll
2009-02-12 22:10 . 2008-06-20 10:32 225,920 --------- c:\windows\system32\DllCache\tcpip6.sys
2009-02-12 22:10 . 2008-06-20 18:37 147,968 --------- c:\windows\system32\DllCache\dnsapi.dll
2009-02-12 22:10 . 2008-08-14 10:48 138,368 --------- c:\windows\system32\DllCache\afd.sys
2009-02-12 22:10 . 2006-08-16 13:13 100,352 --------- c:\windows\system32\DllCache\6to4svc.dll
2009-02-12 21:08 . 2009-02-13 01:24 <REP> d-------- c:\program files\MSNFix
2009-02-12 14:00 . 2009-02-12 14:00 <REP> d-------- c:\program files\Live-Prod
2009-02-12 07:20 . 2009-02-12 07:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-12 02:22 . 2009-02-12 02:22 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-12 02:03 . 2009-02-12 02:04 <REP> d-------- c:\program files\Windows Live
2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\DllCache\bthport.sys
2009-02-12 02:03 . 2008-06-24 17:30 74,240 --------- c:\windows\system32\DllCache\mscms.dll
2009-02-12 01:54 . 2008-08-14 14:39 2,188,032 --------- c:\windows\system32\DllCache\ntoskrnl.exe
2009-02-12 01:54 . 2008-08-14 14:39 2,144,768 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
2009-02-12 01:54 . 2008-08-14 14:39 2,065,024 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
2009-02-12 01:54 . 2008-08-14 14:39 2,022,912 --------- c:\windows\system32\DllCache\ntkrpamp.exe
2009-02-12 01:54 . 2008-09-15 16:14 1,847,040 --------- c:\windows\system32\DllCache\win32k.sys
2009-02-12 01:53 . 2008-05-08 13:14 203,008 --------- c:\windows\system32\DllCache\rmcast.sys
2009-02-12 01:51 . 2008-09-04 17:34 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
2009-02-12 01:51 . 2008-10-15 17:55 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
2009-02-12 01:51 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
2009-02-12 01:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-12 01:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-12 01:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-12 01:38 . 2009-02-12 01:38 <REP> d-------- c:\program files\MSECACHE
2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 01:10 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 01:10 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 23:04 . 2009-02-11 23:04 <REP> d-------- c:\documents and settings\NetworkService\Bureau
2009-02-04 19:42 . 2009-02-04 19:42 34 --a------ c:\windows\cdplayer.ini
2009-02-04 19:28 . 2009-02-04 19:34 <REP> d-------- C:\audiograbber
2009-02-03 03:45 . 2009-02-03 03:45 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-02-03 03:40 . 2009-02-14 03:54 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-02-03 01:13 . 2009-02-03 01:13 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-03 01:12 . 2009-02-03 01:12 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-03 01:11 . 2009-02-03 01:11 <REP> d-------- c:\program files\Microsoft
2009-02-03 01:05 . 2009-02-03 01:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-01 23:18 . 2009-02-01 23:18 <REP> d-------- C:\Logs
2009-01-31 20:40 . 2009-01-31 20:40 <REP> d-------- c:\documents and settings\All Users\Application Data\id Software
2009-01-30 00:57 . 2009-01-30 00:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-01-29 22:58 . 2009-01-31 17:46 <REP> d-------- c:\program files\Fichiers communs\Blizzard Entertainment
2009-01-29 01:03 . 2009-01-29 01:03 <REP> d-------- c:\program files\CCleaner
2009-01-28 15:14 . 2009-01-28 15:14 <REP> d-------- c:\windows\system32\LogFiles
2009-01-28 15:14 . 2009-01-31 20:40 2,246,144 --a------ c:\windows\system32\pbsvc.exe
2009-01-28 15:14 . 2009-02-01 00:40 189,576 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-28 15:14 . 2009-02-01 00:40 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-28 15:14 . 2009-01-31 20:44 70,968 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-18 18:43 . 2004-10-30 01:42 142,976 --a------ c:\windows\system32\DllCache\usbport.sys
2009-01-17 16:49 . 2009-02-13 21:53 <REP> d-------- c:\program files\Steam
2009-01-16 22:05 . 2009-02-14 03:31 98,329 --a------ c:\windows\system32\oodbs.lor
2009-01-16 13:09 . 2009-01-16 13:09 0 --a------ c:\windows\oodcnt.INI
2009-01-16 06:50 . 2009-01-16 06:50 <REP> d-------- c:\windows\system32\oodag
2009-01-16 04:42 . 2009-01-16 04:42 <REP> d-------- c:\program files\OO Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 01:13 55,892,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-15 01:13 2,033,184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-14 02:55 --------- d-----w c:\program files\Lavasoft
2009-02-14 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-14 02:34 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-14 02:31 745,688 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-14 02:31 188,756 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-12 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 22:04 --------- d-----w c:\program files\Teamspeak2_RC2
2009-02-11 16:18 --------- d-----w c:\program files\mIRC
2009-02-04 12:43 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 12:43 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-31 20:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-25 15:44 --------- d-----w c:\program files\ma-config.com
2009-01-25 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-16 20:15 3,594,752 ------w c:\windows\system32\DllCache\mshtml.dll
2009-01-13 15:39 --------- d-----w c:\program files\Warcraft III
2009-01-05 00:19 --------- d-----w c:\program files\MP4Converter
2008-12-29 12:32 --------- d-----w c:\program files\FreeGo
2008-12-27 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-27 15:09 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-27 15:09 --------- d-----w c:\program files\Bonjour
2008-12-27 15:08 --------- d-----w c:\program files\QuickTime
2008-12-27 15:07 --------- d-----w c:\program files\Apple Software Update
2008-12-27 14:58 --------- d-----w c:\program files\Safari
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ------w c:\windows\system32\DllCache\wininet.dll
2008-12-20 22:47 671,232 ------w c:\windows\system32\DllCache\mstime.dll
2008-12-20 22:47 477,696 ------w c:\windows\system32\DllCache\mshtmled.dll
2008-12-20 22:47 44,544 ------w c:\windows\system32\DllCache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\DllCache\webcheck.dll
2008-12-20 22:47 193,024 ------w c:\windows\system32\DllCache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\DllCache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\DllCache\occache.dll
2008-12-20 22:47 1,160,192 ------w c:\windows\system32\DllCache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\DllCache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
2008-12-15 22:30 --------- d-----w c:\program files\PyGrenouille
2008-12-11 10:24 333,184 ------w c:\windows\system32\DllCache\srv.sys
2008-12-09 18:41 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

2007-07-18 20:14 506368 fa7c7c2b461130a792adf6a28f1d652b c:\windows\system32\winlogon.exe

2007-08-06 10:51 3256832 7c56d56d6be0760ddf9a37344731bd3f c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PyGrenouille.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PyGrenouille.lnk
backup=c:\windows\pss\PyGrenouille.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
--a------ 2005-11-23 14:04 1544192 c:\program files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-01-17 16:50 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\aka_soviet\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Documents and Settings\\Mais lol\\Mes documents\\SteamLan\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24060:TCP"= 24060:TCP:BitComet 24060 TCP
"24060:UDP"= 24060:UDP:BitComet 24060 UDP

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - ANIO
*Deregistered* - ANIWZCSdService
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - kl1
*Deregistered* - klif
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - ose
*Deregistered* - PartMgr
*Deregistered* - pavboot
*Deregistered* - PnkBstrA
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - PStrip
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Secdrv
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - StarOpen
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - SysmonLog
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
Contenu du dossier 'Tâches planifiées'

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://postarticles.net
uInternet Connection Wizard,ShellNext = hxxp://www.postarticles.net/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Mais lol\Application Data\Mozilla\Firefox\Profiles\105thn2o.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 02:13:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="735F38CE053145D2BEB77280501600C513089CA77F579AF90913C39F765E9AAB0A3DE08E0DC92EAB19ABF887A1B954E5ADB44B02B76514451FA28D1B2F053FD51D42BEAB0489CDCEBDC402AE2327C2D3926E0DF1C72CA095D998A89B75A872403100BE82F568DE336AEA7A4EE9BB549158916FEA6F0F3C1FC8646254D3D1BE67701C11A1D3331D41801692F0EFA798963B8BC597D0C1E402200B4FA9B3D9B4BC26CD2ACB7389C8D7075641D816EF9DCC98E0A656F3CE1D58B725C6B8E7EF6724446440F90E5DA748274D3FF99C6CFB94F3A96AB6C5946CAD8BDE624FA2176FF85EC0D1D64179815AAEB1897D2B4C4C41F38EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E66739C56F2C05D95DB60FF3DFDD262872CF388E5F2E99C4D1AFAFACA30F42D2B73F5D227B40F2B9DE7D3D24DB148F32DAEC04BF0A08C7A5815AE79C44AF60D7E7E765910E6D82646A6DA40D7CF6268CC6ACE4BF9A310AD1C9D2FBAE5BD635E186BFE37A1EF395D724B2DA8EBD2C1DC03532908E37D17F80A14F639CD8D07478253733F20467110658923A3E842DAA4FC8B4805B6E69D15FA39E59579143D592F64F6DC57EB05C54F2E0DE6415C586A9C7FD758CACCA2A0D921FDC7F3D23949E561BF2732D8A641E8609297C9B17EFB61EEEEE3CC519379D5046AF6CF8BBEFFBBFC5E83017049BB0C709BF37A59627525A7AB336F14FAB19E51CDBA8C4ABAC82540CB7E12582F3CD92728B7AA40CF24C2F284E7E4CBA3FFCFDBBA9718665927858BF0A25A4BC682B646DB8DEF0949D66F3138CC855FE2BB769D6AA3A04B0EB9C344551C8C53E74745F32B82FC321F25724E90100ED0F2EAE9B32B0AA6CA7899EF617C0D120E71846C79041EC3C75C4CB5C71023FDFB60DB82CA4529BCC39BF244FC051F5AB6D59B308E9CBCCDBAC6AE161FE29DAD4130B22D799EB9B1D28E3C692E4BFA1C655C0C02F3515378931BCAB9AFE5557DD1676AA7F949CEEB20BD2133BB80A73B27C5A69ED7B1D478FC49832126FA7ECEC051B8724A7468ACCCC6C89E40575C09312361C9B5D2BD01D7CE0EE7566078A5AFA4C5F70FA12190AAB94A0CFA68A8FF31BEA38300AC6D4C2C07B511A889C51616461CE2ECBE8F8EDBB32BFE210951DC0EC1096CB4ABD8E78CD503D751358972183B466CEE9FBBD6363B1C4A5C526D54C3641802E77216898364D08A2536B661DECA429E4B83D2E35DC0200C46190DF4AF4A0B2BEFE450460DC65FD5FACCBF9BC0D158F2AB264C2943717B71290ED1356FCD16087654536F3FA8DDC1198B3454B1F6A8679E1EAAB15D46824811398786BF67F3034BEFC07D71DBFD9BC2021ED78B711EC5167924BAF6CF1F2"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(696)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
Heure de fin: 2009-02-15 2:15:01
ComboFix-quarantined-files.txt 2009-02-15 01:14:59
ComboFix2.txt 2009-02-14 01:39:31

Avant-CF: 267 305 578 496 octets libres
Après-CF: 267,299,090,432 octets libres

367 --- E O F --- 2009-02-12 21:16:37
0
Réponse 32 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Aucune trace du rootkit dans ce rapport, et le scan de rootkit n'a rien donné...


"Lancé depuis: c:\documents and settings\Mais lol\Bureau\ComboFix.exe "
Tu n'as pas renommé Combofix avant de le télécharger... Essaye de le supprimer puis de recommencer en suivant bien ce qui est indiqué pour le renommer avant le téléchargement (après ça ne sert plus à rien)

Puis poste le nouveau rapport, et dis moi si tu as encore des problèmes.


Est-ce que tu arrives à mettre à jour Kaspersky ?
Si oui, fais le et fais un scan complet de ton ordinateur, puis poste le rapport de scan dans ta prochaine réponse stp.


0
Réponse 33 / 38
Maillou94 Messages postés 22 Statut Membre
 
nouveau rapport combofix, celui de Kapersky arrive

ComboFix 09-02-14.01 - Mais lol 2009-02-15 12:22:17.4 - NTFSx86
Lancé depuis: c:\documents and settings\Mais lol\Bureau\C-Fix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.

2009-02-15 12:19 . 2009-02-15 12:21 <REP> d-------- C:\ComboFix
2009-02-15 00:26 . 2009-02-15 00:26 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-02-14 04:11 . 2009-02-14 04:12 <REP> d-------- C:\Rooter$
2009-02-14 03:56 . 2009-02-14 03:59 <REP> d-------- c:\program files\SpywareBlaster
2009-02-14 03:56 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-02-14 01:30 . 2009-02-14 01:30 <REP> d-------- C:\rsit
2009-02-14 00:31 . 2009-02-14 00:31 579,072 --a------ c:\windows\system32\DllCache\user32.dll
2009-02-14 00:29 . 2009-02-14 00:29 <REP> d-------- c:\windows\ERUNT
2009-02-13 21:31 . 2009-02-13 21:31 <REP> d-------- c:\program files\Trend Micro
2009-02-13 00:47 . 2009-02-14 03:53 <REP> d-------- c:\program files\a-squared Free
2009-02-12 23:21 . 2009-02-12 23:21 <REP> d-------- c:\documents and settings\Mais lol\Application Data\Malwarebytes
2009-02-12 23:04 . 2009-02-12 23:04 <REP> d-------- c:\documents and settings\Mais lol\Application Data\teamspeak2
2009-02-12 22:55 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-12 22:54 . 2009-02-12 22:54 <REP> d-------- c:\program files\Panda Security
2009-02-12 22:48 . 2009-02-15 10:04 <REP> d-------- c:\documents and settings\Mais lol\Contacts
2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage réseau
2009-02-12 22:45 . 2008-05-01 20:44 <REP> d--h----- c:\documents and settings\Mais lol\Voisinage d'impression
2009-02-12 22:45 . 2008-05-01 18:49 <REP> d--h----- c:\documents and settings\Mais lol\Modèles
2009-02-12 22:45 . 2009-02-14 14:53 <REP> dr------- c:\documents and settings\Mais lol\Mes documents
2009-02-12 22:45 . 2008-05-01 20:44 <REP> dr------- c:\documents and settings\Mais lol\Menu Démarrer
2009-02-12 22:45 . 2009-02-12 22:45 <REP> dr------- c:\documents and settings\Mais lol\Favoris
2009-02-12 22:45 . 2009-02-15 12:20 <REP> d-------- c:\documents and settings\Mais lol\Bureau
2009-02-12 22:45 . 2009-02-14 03:31 <REP> d-------- c:\documents and settings\Mais lol
2009-02-12 22:45 . 2009-02-12 22:45 244 --ah----- C:\sqmnoopt01.sqm
2009-02-12 22:45 . 2009-02-12 22:45 232 --ah----- C:\sqmdata01.sqm
2009-02-12 22:11 . 2009-02-12 22:16 1,374 --a------ c:\windows\imsins.BAK
2009-02-12 22:10 . 2008-05-07 05:55 1,294,336 --------- c:\windows\system32\DllCache\quartz.dll
2009-02-12 22:10 . 2008-06-20 11:44 360,960 --------- c:\windows\system32\DllCache\tcpip.sys
2009-02-12 22:10 . 2008-10-23 13:51 284,160 --------- c:\windows\system32\DllCache\gdi32.dll
2009-02-12 22:10 . 2008-07-07 21:18 253,952 --------- c:\windows\system32\DllCache\es.dll
2009-02-12 22:10 . 2008-06-20 18:37 247,808 --------- c:\windows\system32\DllCache\mswsock.dll
2009-02-12 22:10 . 2008-06-20 10:32 225,920 --------- c:\windows\system32\DllCache\tcpip6.sys
2009-02-12 22:10 . 2008-06-20 18:37 147,968 --------- c:\windows\system32\DllCache\dnsapi.dll
2009-02-12 22:10 . 2008-08-14 10:48 138,368 --------- c:\windows\system32\DllCache\afd.sys
2009-02-12 22:10 . 2006-08-16 13:13 100,352 --------- c:\windows\system32\DllCache\6to4svc.dll
2009-02-12 21:08 . 2009-02-13 01:24 <REP> d-------- c:\program files\MSNFix
2009-02-12 14:00 . 2009-02-12 14:00 <REP> d-------- c:\program files\Live-Prod
2009-02-12 07:20 . 2009-02-12 07:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-12 02:22 . 2009-02-12 02:22 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-12 02:03 . 2009-02-12 02:04 <REP> d-------- c:\program files\Windows Live
2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-12 02:03 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\DllCache\bthport.sys
2009-02-12 02:03 . 2008-06-24 17:30 74,240 --------- c:\windows\system32\DllCache\mscms.dll
2009-02-12 01:54 . 2008-08-14 14:39 2,188,032 --------- c:\windows\system32\DllCache\ntoskrnl.exe
2009-02-12 01:54 . 2008-08-14 14:39 2,144,768 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
2009-02-12 01:54 . 2008-08-14 14:39 2,065,024 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
2009-02-12 01:54 . 2008-08-14 14:39 2,022,912 --------- c:\windows\system32\DllCache\ntkrpamp.exe
2009-02-12 01:54 . 2008-09-15 16:14 1,847,040 --------- c:\windows\system32\DllCache\win32k.sys
2009-02-12 01:53 . 2008-05-08 13:14 203,008 --------- c:\windows\system32\DllCache\rmcast.sys
2009-02-12 01:51 . 2008-09-04 17:34 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
2009-02-12 01:51 . 2008-10-15 17:55 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
2009-02-12 01:51 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
2009-02-12 01:49 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-12 01:49 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-12 01:49 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-12 01:38 . 2009-02-12 01:38 <REP> d-------- c:\program files\MSECACHE
2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 01:10 . 2009-02-12 01:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-12 01:10 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-12 01:10 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-11 23:04 . 2009-02-11 23:04 <REP> d-------- c:\documents and settings\NetworkService\Bureau
2009-02-04 19:42 . 2009-02-04 19:42 34 --a------ c:\windows\cdplayer.ini
2009-02-04 19:28 . 2009-02-04 19:34 <REP> d-------- C:\audiograbber
2009-02-03 03:45 . 2009-02-03 03:45 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-02-03 03:40 . 2009-02-14 03:54 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-02-03 01:13 . 2009-02-03 01:13 <REP> d-------- c:\program files\Microsoft Silverlight
2009-02-03 01:12 . 2009-02-03 01:12 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-03 01:11 . 2009-02-03 01:11 <REP> d-------- c:\program files\Microsoft
2009-02-03 01:05 . 2009-02-03 01:05 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-01 23:18 . 2009-02-01 23:18 <REP> d-------- C:\Logs
2009-01-31 20:40 . 2009-01-31 20:40 <REP> d-------- c:\documents and settings\All Users\Application Data\id Software
2009-01-30 00:57 . 2009-01-30 00:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-01-29 22:58 . 2009-01-31 17:46 <REP> d-------- c:\program files\Fichiers communs\Blizzard Entertainment
2009-01-29 01:03 . 2009-01-29 01:03 <REP> d-------- c:\program files\CCleaner
2009-01-28 15:14 . 2009-01-28 15:14 <REP> d-------- c:\windows\system32\LogFiles
2009-01-28 15:14 . 2009-01-31 20:40 2,246,144 --a------ c:\windows\system32\pbsvc.exe
2009-01-28 15:14 . 2009-02-01 00:40 189,576 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-28 15:14 . 2009-02-01 00:40 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-28 15:14 . 2009-01-31 20:44 70,968 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-18 18:43 . 2004-10-30 01:42 142,976 --a------ c:\windows\system32\DllCache\usbport.sys
2009-01-17 16:49 . 2009-02-13 21:53 <REP> d-------- c:\program files\Steam
2009-01-16 22:05 . 2009-02-14 03:31 98,329 --a------ c:\windows\system32\oodbs.lor
2009-01-16 13:09 . 2009-01-16 13:09 0 --a------ c:\windows\oodcnt.INI
2009-01-16 06:50 . 2009-01-16 06:50 <REP> d-------- c:\windows\system32\oodag
2009-01-16 04:42 . 2009-01-16 04:42 <REP> d-------- c:\program files\OO Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 11:23 55,982,112 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-15 11:23 2,039,072 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-14 02:55 --------- d-----w c:\program files\Lavasoft
2009-02-14 02:55 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-14 02:34 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-14 02:31 745,688 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-14 02:31 188,756 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-12 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 23:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 22:04 --------- d-----w c:\program files\Teamspeak2_RC2
2009-02-11 16:18 --------- d-----w c:\program files\mIRC
2009-02-04 12:43 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 12:43 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-31 20:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-25 15:44 --------- d-----w c:\program files\ma-config.com
2009-01-25 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-16 20:15 3,594,752 ------w c:\windows\system32\DllCache\mshtml.dll
2009-01-13 15:39 --------- d-----w c:\program files\Warcraft III
2009-01-05 00:19 --------- d-----w c:\program files\MP4Converter
2008-12-29 12:32 --------- d-----w c:\program files\FreeGo
2008-12-27 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-27 15:09 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-27 15:09 --------- d-----w c:\program files\Bonjour
2008-12-27 15:08 --------- d-----w c:\program files\QuickTime
2008-12-27 15:07 --------- d-----w c:\program files\Apple Software Update
2008-12-27 14:58 --------- d-----w c:\program files\Safari
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 22:47 826,368 ------w c:\windows\system32\DllCache\wininet.dll
2008-12-20 22:47 671,232 ------w c:\windows\system32\DllCache\mstime.dll
2008-12-20 22:47 477,696 ------w c:\windows\system32\DllCache\mshtmled.dll
2008-12-20 22:47 44,544 ------w c:\windows\system32\DllCache\pngfilt.dll
2008-12-20 22:47 233,472 ------w c:\windows\system32\DllCache\webcheck.dll
2008-12-20 22:47 193,024 ------w c:\windows\system32\DllCache\msrating.dll
2008-12-20 22:47 105,984 ------w c:\windows\system32\DllCache\url.dll
2008-12-20 22:47 102,912 ------w c:\windows\system32\DllCache\occache.dll
2008-12-20 22:47 1,160,192 ------w c:\windows\system32\DllCache\urlmon.dll
2008-12-19 09:11 70,656 ------w c:\windows\system32\DllCache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\DllCache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\DllCache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\DllCache\ieakui.dll
2008-12-15 22:30 --------- d-----w c:\program files\PyGrenouille
2008-12-11 10:24 333,184 ------w c:\windows\system32\DllCache\srv.sys
2008-12-09 18:41 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
.

------- Sigcheck -------

2007-07-18 20:14 506368 fa7c7c2b461130a792adf6a28f1d652b c:\windows\system32\winlogon.exe

2007-08-06 10:51 3256832 7c56d56d6be0760ddf9a37344731bd3f c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PyGrenouille.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PyGrenouille.lnk
backup=c:\windows\pss\PyGrenouille.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
--a------ 2005-11-23 14:04 1544192 c:\program files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-01-26 15:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2009-01-17 16:50 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\aka_soviet\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"c:\\Documents and Settings\\Mais lol\\Mes documents\\SteamLan\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24060:TCP"= 24060:TCP:BitComet 24060 TCP
"24060:UDP"= 24060:UDP:BitComet 24060 UDP

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - ANIO
*Deregistered* - ANIWZCSdService
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - AVP
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - kl1
*Deregistered* - klif
*Deregistered* - klim5
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - ose
*Deregistered* - PartMgr
*Deregistered* - pavboot
*Deregistered* - PnkBstrA
*Deregistered* - PptpMiniport
*Deregistered* - PSched
*Deregistered* - PStrip
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - StarOpen
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - SysmonLog
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - Update
*Deregistered* - usnjsvc
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
Contenu du dossier 'Tâches planifiées'

2009-02-15 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://postarticles.net
uInternet Connection Wizard,ShellNext = hxxp://www.postarticles.net/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
FF - ProfilePath - c:\documents and settings\Mais lol\Application Data\Mozilla\Firefox\Profiles\105thn2o.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 12:23:19
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\docume~1\MAISLO~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="735F38CE053145D2BEB77280501600C513089CA77F579AF90913C39F765E9AAB0A3DE08E0DC92EAB19ABF887A1B954E5ADB44B02B76514451FA28D1B2F053FD51D42BEAB0489CDCEBDC402AE2327C2D3926E0DF1C72CA095D998A89B75A872403100BE82F568DE336AEA7A4EE9BB549158916FEA6F0F3C1FC8646254D3D1BE67701C11A1D3331D41801692F0EFA798963B8BC597D0C1E402200B4FA9B3D9B4BC26CD2ACB7389C8D7075641D816EF9DCC98E0A656F3CE1D58B725C6B8E7EF6724446440F90E5DA748274D3FF99C6CFB94F3A96AB6C5946CAD8BDE624FA2176FF85EC0D1D64179815AAEB1897D2B4C4C41F38EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E66739C56F2C05D95DB60FF3DFDD262872CF388E5F2E99C4D1AFAFACA30F42D2B73F5D227B40F2B9DE7D3D24DB148F32DAEC04BF0A08C7A5815AE79C44AF60D7E7E765910E6D82646A6DA40D7CF6268CC6ACE4BF9A310AD1C9D2FBAE5BD635E186BFE37A1EF395D724B2DA8EBD2C1DC03532908E37D17F80A14F639CD8D07478253733F20467110658923A3E842DAA4FC8B4805B6E69D15FA39E59579143D592F64F6DC57EB05C54F2E0DE6415C586A9C7FD758CACCA2A0D921FDC7F3D23949E561BF2732D8A641E8609297C9B17EFB61EEEEE3CC519379D5046AF6CF8BBEFFBBFC5E83017049BB0C709BF37A59627525A7AB336F14FAB19E51CDBA8C4ABAC82540CB7E12582F3CD92728B7AA40CF24C2F284E7E4CBA3FFCFDBBA9718665927858BF0A25A4BC682B646DB8DEF0949D66F3138CC855FE2BB769D6AA3A04B0EB9C344551C8C53E74745F32B82FC321F25724E90100ED0F2EAE9B32B0AA6CA7899EF617C0D120E71846C79041EC3C75C4CB5C71023FDFB60DB82CA4529BCC39BF244FC051F5AB6D59B308E9CBCCDBAC6AE161FE29DAD4130B22D799EB9B1D28E3C692E4BFA1C655C0C02F3515378931BCAB9AFE5557DD1676AA7F949CEEB20BD2133BB80A73B27C5A69ED7B1D478FC49832126FA7ECEC051B8724A7468ACCCC6C89E40575C09312361C9B5D2BD01D7CE0EE7566078A5AFA4C5F70FA12190AAB94A0CFA68A8FF31BEA38300AC6D4C2C07B511A889C51616461CE2ECBE8F8EDBB32BFE210951DC0EC1096CB4ABD8E78CD503D751358972183B466CEE9FBBD6363B1C4A5C526D54C3641802E77216898364D08A2536B661DECA429E4B83D2E35DC0200C46190DF4AF4A0B2BEFE450460DC65FD5FACCBF9BC0D158F2AB264C2943717B71290ED1356FCD16087654536F3FA8DDC1198B3454B1F6A8679E1EAAB15D46824811398786BF67F3034BEFC07D71DBFD9BC2021ED78B711EC5167924BAF6CF1F2"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(696)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
Heure de fin: 2009-02-15 12:24:37
ComboFix-quarantined-files.txt 2009-02-15 11:24:35
ComboFix2.txt 2009-02-15 01:15:05

Avant-CF: 267 262 898 176 octets libres
Après-CF: 267,252,953,088 octets libres

373 --- E O F --- 2009-02-15 02:00:27
0
Réponse 34 / 38
Maillou94 Messages postés 22 Statut Membre
 
rapport Kapersky, il me detecte ces deux fichier en me disant que c'est des virus mais apres il me dit "non trouvé"

non trouvé : virus Heur.Invader (modification) Le fichier: C:\Documents and Settings\Mais lol\Bureau\SDFix.exe/SDFix\catchme.exe
non trouvé : virus Heur.Invader (modification) Le fichier: C:\Documents and Settings\Mais lol\Bureau\SDFix.exe/SDFix\apps\Cghtme.exe
0
Réponse 35 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Les fichiers détectés par Kaspersky ne sont pas infectés, ils font partie de SDFix, ce sont de fausses alertes.

Combofix, même renommé, ne détecte plus rien...

As-tu encore des problèmes ?

0
Réponse 36 / 38
Maillou94 Messages postés 22 Statut Membre
 
non aucune redirection pour l'instant :) et le virus MSN est partie, je te tiens au courant si il m'arrive des problemes.

Merci pour ton aide en tout cas :) passe une bonne journée.
0
Réponse 37 / 38
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Ok, tiens moi au courant ;)

Dans tous les cas, je dois encore te donner les derniers conseils de nettoyage et de sécurisation.

0
Réponse 38 / 38
Maillou94 Messages postés 22 Statut Membre
 
ok :)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses
impossible de terminer l’opération car virus Win 7
Slipt -
Malekal_morte- -

2 réponses