Problèmes sur google
theodiablo
Messages postés
53
Statut
Membre
-
theodiablo -
theodiablo -
Bonjour,
je soupcone une infection de ma machine par un virus,
je m'explique, quand je cherche à cliquer sur un lien d'une page de recherche google, je tombe sur un site de pub qui n'a rien à voir avec ce que je recherchais, et c'est toujours la même page qui s'affiche.
j'ai donc fait un log hijackthis comme il est d'usage sur ce forum
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:05, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Theodiablo\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://stats.garena.com/clientinstall.php
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
je soupcone une infection de ma machine par un virus,
je m'explique, quand je cherche à cliquer sur un lien d'une page de recherche google, je tombe sur un site de pub qui n'a rien à voir avec ce que je recherchais, et c'est toujours la même page qui s'affiche.
j'ai donc fait un log hijackthis comme il est d'usage sur ce forum
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:05, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Theodiablo\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://stats.garena.com/clientinstall.php
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
A voir également:
- Problèmes sur google
- Google maps satellite - Guide
- Google photo - Télécharger - Albums photo
- Dns google - Guide
- Créer un compte google - Guide
- À quoi sert google drive sur android - Guide
13 réponses
Bonjour,
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
excusez moi, j'ai créé un autre sujet parceque je pensais que celui-là avait été supprimé... je n'avais pas vu que vous m'aviez répondu.
J'ai une autre personne qui s'occupe de moi. désolé de vous avoir dérangé
J'ai une autre personne qui s'occupe de moi. désolé de vous avoir dérangé
Suite aux conseils avisés de darkpoet et Trying2, je souhaiterais savoir si vous pouviez reprendre mon sujet,
j'en ai posté un autre où on m'a dit que vous seriez plus qualifié pour m'aider : /forum/affich-12081709-google-pirate?#17/
Merci
ps: je ne pourrais pas répondre avant demain après midi
j'en ai posté un autre où on m'a dit que vous seriez plus qualifié pour m'aider : /forum/affich-12081709-google-pirate?#17/
Merci
ps: je ne pourrais pas répondre avant demain après midi
Bonjour à vous deux,
Theodiablo, je suis d'accord pour t'aider du moment que Darkpoet et Trying2 sont d'accord, et que tu ne continues pas ailleurs.
Les redirections des recherches sur Google correspondent généralement à un rootkit (ce qui explique qu'on ne voit rien de néfaste sur le rapport hijackthis), il faut donc utiliser Combofix --> voir message 1.
Theodiablo, je suis d'accord pour t'aider du moment que Darkpoet et Trying2 sont d'accord, et que tu ne continues pas ailleurs.
Les redirections des recherches sur Google correspondent généralement à un rootkit (ce qui explique qu'on ne voit rien de néfaste sur le rapport hijackthis), il faut donc utiliser Combofix --> voir message 1.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour, merci d'avoir accepté de m'aider,
je viens de réaliser l'annalyse par combofix, voici le log obtenu :
ComboFix 09-04-19.05 - Theodiablo 21/04/2009 6:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.3070.2116 [GMT 2:00]
Lancé depuis: c:\documents and settings\Theodiablo\Desktop\theodiablo.exe
AV: Antivirus BitDefender *On-access scanning enabled* (Updated)
FW: Pare-feu BitDefender *enabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-21 13:54 . 2009-02-07 20:06 1206816 ----a-w c:\windows\RtlUpd.exe
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
------- Sigcheck -------
[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2008-06-19 20:42 827392 41546B396A526918DA7995A02EA04E51 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\dllcache\wininet.dll
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-19 20:43 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 14:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-06-19 20:46 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 15:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-23 05:58 2306560 8C4050BD9FD87E23CDED28FFA889B0BA c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 12:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 12:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 06:54
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-04-21 6:57
ComboFix-quarantined-files.txt 2009-04-21 04:57
Avant-CF: 156 582 064 128 bytes free
Après-CF: 157 025 411 072 bytes free
339 --- E O F --- 2009-04-19 11:45
je viens de réaliser l'annalyse par combofix, voici le log obtenu :
ComboFix 09-04-19.05 - Theodiablo 21/04/2009 6:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1033.18.3070.2116 [GMT 2:00]
Lancé depuis: c:\documents and settings\Theodiablo\Desktop\theodiablo.exe
AV: Antivirus BitDefender *On-access scanning enabled* (Updated)
FW: Pare-feu BitDefender *enabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-21 13:54 . 2009-02-07 20:06 1206816 ----a-w c:\windows\RtlUpd.exe
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
------- Sigcheck -------
[7] 2008-04-14 12:00 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 12:00 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 12:00 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2008-06-19 20:42 827392 41546B396A526918DA7995A02EA04E51 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3gdr\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\SoftwareDistribution\Download\263159e92061f273983a0f9531635ce0\sp3qfe\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\system32\dllcache\wininet.dll
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-19 20:43 361344 68F06FE0021B01E670AF37B8C5964FDF c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 12:00 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 12:00 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[7] 2008-04-14 12:00 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 14:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-06-19 20:46 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 15:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-23 05:58 2306560 8C4050BD9FD87E23CDED28FFA889B0BA c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2008-04-14 12:00 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 12:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe
[7] 2008-04-14 12:00 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 12:00 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 12:00 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 12:00 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 12:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\[u]0/u22593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll
[7] 2008-04-14 12:00 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 12:00 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 12:00 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 06:54
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-04-21 6:57
ComboFix-quarantined-files.txt 2009-04-21 04:57
Avant-CF: 156 582 064 128 bytes free
Après-CF: 157 025 411 072 bytes free
339 --- E O F --- 2009-04-19 11:45
Je viens de voir que je suis un gros boulet, j'ai oublié de desactiver mon antivirus pendant le scan comme vous me l'aviez demandé...
je recommence tout de suite
je recommence tout de suite
voilà le nouveau log :
AV: Antivirus BitDefender *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\NCR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4164)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
Heure de fin: 2009-04-21 23:41
ComboFix-quarantined-files.txt 2009-04-21 21:41
ComboFix2.txt 2009-04-21 04:57
Avant-CF: 156 981 891 072 bytes free
Après-CF: 157 028 085 760 bytes free
278 --- E O F --- 2009-04-19 11:45
J'espère que mon étourderie n'a pas rendu les choses plus difficiles.
AV: Antivirus BitDefender *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *disabled*
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-21 au 2009-04-21 ))))))))))))))))))))))))))))))))))))
.
2009-04-19 22:00 . 2009-04-19 22:00 61440 ----a-w c:\windows\system32\drivers\jpmrf.sys
2009-04-19 08:53 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-19 08:53 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 08:53 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-19 08:53 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-19 08:53 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 08:53 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 08:53 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 08:53 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 08:53 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 08:53 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 08:50 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 08:50 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 08:50 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-17 22:27 . 2009-04-17 22:28 -------- d-----w c:\program files\Photoshop 7.0
2009-04-17 22:26 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-17 21:34 . 2006-11-02 15:59 49152 ----a-w c:\windows\system32\Minesweeper.exe.mui
2009-04-17 21:34 . 2006-11-02 12:33 4305408 ----a-w c:\windows\system32\MineSweeper.dll
2009-04-05 11:30 . 2009-04-05 11:30 -------- d-----w c:\documents and settings\Theodiablo\Local Settings\Application Data\Rockstar Games
2009-04-05 01:25 . 2009-04-05 12:13 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Hamachi
2009-04-05 01:24 . 2009-04-05 01:24 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-05 01:24 . 2009-04-05 01:25 -------- d-----w c:\program files\Hamachi
2009-04-05 01:17 . 2009-04-05 01:17 -------- d-sh--w c:\windows\ftpcache
2009-04-05 01:16 . 2009-04-05 11:32 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-05 01:16 . 2009-04-05 01:16 22328 ----a-w c:\documents and settings\Theodiablo\Application Data\PnkBstrK.sys
2009-04-05 01:15 . 2009-04-05 11:32 103736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-05 01:15 . 2009-04-05 11:32 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-05 01:15 . 2009-04-05 01:15 319 ----a-w c:\windows\game.ini
2009-04-05 01:10 . 2009-04-05 01:10 -------- d-----w c:\program files\Activision
2009-04-04 14:12 . 2009-04-04 14:17 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Mumble
2009-04-04 13:45 . 2009-04-04 14:12 -------- d-----w c:\program files\Mumble
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 11:58 . 2008-04-14 03:17 25856 ----a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 17:14 . 2009-04-02 17:14 -------- d-----w c:\program files\Lame for Audacity
2009-03-30 17:57 . 2009-03-30 17:57 -------- d--h--r c:\documents and settings\Theodiablo\Application Data\SecuROM
2009-03-30 13:22 . 2009-03-30 13:22 133120 ----a-w c:\windows\system32\sndrec32.exe
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\windows\system32\xlive
2009-03-30 13:05 . 2009-03-30 13:05 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-30 12:53 . 2009-04-02 17:15 -------- d-----w c:\documents and settings\Theodiablo\Application Data\Audacity
2009-03-30 12:53 . 2009-03-30 12:53 -------- d-----w c:\program files\Audacity
2009-03-30 12:29 . 2009-03-30 12:30 -------- d-----w c:\program files\Gta 4
2009-03-29 18:43 . 2009-03-29 18:43 319488 ----a-w c:\windows\HideWin.exe
2009-03-27 14:22 . 2009-03-27 14:48 -------- d-----w c:\program files\Teamspeak 3
2009-03-25 10:03 . 2009-03-25 10:03 -------- d-----w c:\documents and settings\Theodiablo\Application Data\teamspeak2
2009-03-25 10:03 . 2009-03-25 10:03 34064 ----a-w c:\windows\system32\lhacm.acm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 21:56 . 2009-02-11 16:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 17:00 . 2009-02-21 17:09 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-17 22:27 . 2009-02-11 21:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 01:59 . 2009-02-07 15:59 227976 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-06 20:16 . 2009-02-14 19:45 -------- d-----w c:\documents and settings\Theodiablo\Application Data\dvdcss
2009-04-06 18:29 . 2008-10-17 13:01 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-06 13:32 . 2009-02-11 16:34 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-11 16:34 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 01:15 . 2009-02-07 17:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 16:13 . 2009-02-22 00:55 -------- d-----w c:\program files\World of Warcraft
2009-04-02 06:53 . 2009-02-08 11:31 -------- d-----w c:\program files\Mozilla Sunbird
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\program files\ma-config.com
2009-03-27 14:38 . 2009-02-07 17:40 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 12:03 . 2009-03-06 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-16 21:59 . 2009-03-16 21:57 -------- d-----w c:\program files\Valve
2009-03-16 21:56 . 2009-02-08 11:45 -------- d-----w c:\program files\warcraft III
2009-03-14 00:02 . 2009-03-14 00:02 -------- d-----w c:\program files\MSXML 4.0
2009-03-13 21:05 . 2009-03-13 15:38 -------- d-----w c:\program files\WowCartographe
2009-03-13 02:17 . 2009-03-13 02:09 -------- d-----w c:\program files\Black & White 2
2009-03-12 15:25 . 2009-02-07 20:06 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 15:21 . 2009-02-07 20:06 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-10 12:32 . 2009-02-07 20:06 2168320 ----a-w c:\windows\MicCal.exe
2009-03-08 02:22 . 2009-02-22 16:16 -------- d-----w c:\documents and settings\Theodiablo\Application Data\DNA
2009-03-08 01:31 . 2009-02-11 15:24 -------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-08 01:21 . 2009-02-07 16:01 -------- d-----w c:\program files\CCleaner
2009-03-08 01:14 . 2009-02-22 16:16 -------- d-----w c:\program files\DNA
2009-03-07 14:56 . 2009-02-21 17:12 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-07 09:11 . 2009-02-07 16:23 70144 ----a-w c:\documents and settings\Theodiablo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 21:16 . 2009-03-06 21:16 -------- d-----w c:\program files\Microsoft Works
2009-03-06 21:16 . 2009-02-07 15:59 -------- d-----w c:\program files\MSBuild
2009-03-06 21:15 . 2009-03-06 21:15 -------- d-----w c:\program files\Microsoft.NET
2009-03-06 21:14 . 2009-03-06 21:14 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-06 14:30 . 2009-02-25 15:32 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitTorrent
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:18 . 2009-02-23 11:21 -------- d-----w c:\program files\Peer2Me
2009-03-03 00:17 . 2009-03-13 12:57 828416 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:17 . 2008-06-19 20:42 828416 ----a-w c:\windows\system32\wininet.dll
2009-03-02 17:16 . 2009-02-19 19:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-02 17:16 . 2009-03-02 17:16 -------- d-----w c:\program files\DVDVideoSoft
2009-03-02 17:10 . 2009-02-19 19:41 -------- d-----w c:\program files\YouTube to Mp3 Converter
2009-02-28 23:04 . 2009-02-08 11:50 -------- d-----w c:\program files\psp
2009-02-28 13:06 . 2009-02-28 13:07 512 ----a-w C:\grub.bs
2009-02-28 04:54 . 2009-03-13 12:57 636088 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-27 12:31 . 2009-02-25 19:20 -------- d-----w c:\program files\Hospital Tycoon
2009-02-27 12:28 . 2009-02-27 12:28 -------- d-----w c:\program files\OO Software
2009-02-27 11:34 . 2009-02-07 17:37 -------- d-----w c:\program files\Hp
2009-02-27 11:05 . 2009-02-27 11:05 -------- d-----w c:\program files\Sun
2009-02-25 23:33 . 2009-02-25 23:32 -------- d-----w c:\program files\Video Convert
2009-02-25 19:26 . 2009-02-25 19:26 -------- d-----w c:\program files\Common Files\DirectX
2009-02-23 14:05 . 2009-02-11 15:30 -------- d-----w c:\program files\Rome Total War
2009-02-22 16:16 . 2009-02-22 16:16 -------- d-----w c:\program files\BitTorrent
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Microsoft
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live
2009-02-22 01:21 . 2009-02-22 01:21 -------- d-----w c:\program files\Windows Live SkyDrive
2009-02-22 01:07 . 2009-02-22 01:07 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-21 17:26 . 2009-02-21 17:26 -------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-21 17:03 . 2009-02-21 17:01 -------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2009-02-21 17:02 . 2009-02-21 17:02 -------- d-----w c:\documents and settings\Theodiablo\Application Data\BitDefender
2009-02-21 17:01 . 2009-02-21 16:56 -------- d-----w c:\program files\Common Files\BitDefender
2009-02-21 17:01 . 2009-02-21 17:01 -------- d-----w c:\program files\BitDefender
2009-02-21 07:39 . 2009-03-13 12:57 3596800 ------w c:\windows\system32\dllcache\mshtml.dll
2009-02-20 10:24 . 2009-03-13 12:57 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:24 . 2009-03-13 12:57 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2009-03-13 12:57 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-16 16:47 . 2009-02-27 11:05 129552 ----a-w c:\windows\system32\VBoxNetFltNotify.dll
2009-02-11 21:04 . 2009-02-11 21:04 193220 ----a-w c:\windows\Web\Wallpaper\uninstall_Vista_Wallpapers.exe
2009-02-11 15:52 . 2009-02-11 15:52 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-03-11 23:09 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 17:25 . 2009-02-07 17:25 86 ----a-w C:\bcmwl5.log
2009-02-07 17:02 . 2009-03-13 13:04 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 16:55 . 2009-02-07 15:55 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 16:02 . 2009-02-11 16:26 71680 ----a-w c:\documents and settings\Administrator\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:18 71680 ----a-w c:\documents and settings\Theodiablo\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:04 71680 ----a-w c:\windows\system32\config\systemprofile\GLB2015.tmp
2009-02-07 16:02 . 2009-02-07 16:02 71680 ----a-w c:\documents and settings\Default User\GLB2015.tmp
2009-02-07 15:53 . 2009-02-07 15:53 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-03-13 13:04 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2009-03-13 13:04 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2008-04-23 05:58 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-03-13 13:04 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2008-04-14 05:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-04-06 18:2008-10-30 16:34 29:47 . c:\program files\mozilla firefox\components\FFComm.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-22 1271808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-06 778240]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-06 69632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-18 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Theodiablo^Start Menu^Programs^Startup^Styler.lnk]
path=c:\documents and settings\Theodiablo\Start Menu\Programs\Startup\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\warcraft III\\garena\\Garena.exe"=
"c:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gta 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Gta 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S0 iastor78;iastor78; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-02-16 100560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-02-16 41744]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-06 104328]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-02-16 87568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\NCR.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17dc28e4-1c8a-11de-bbc1-001e689a17a3}]
\Shell\AutoRun\command - D:\WDSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://stats.garena.com/clientinstall.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.fluo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Theodiablo\Application Data\Mozilla\Firefox\Profiles\pmchomuj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\THEODI~1\LOCALS~1\Temp\MGU116.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Clsid]
@Denied: (Full) (LocalSystem)
[HKEY_USERS\S-1-5-21-2052111302-515967899-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,9a,e3,f7,bb,5e,5a,a2,56,35,ff,7d,a7,ac,4f,21,9e,e4,ed,a5,e4,
7d,f9,16,c4,f2,8f,82,fe,d1,45,9a,ed,53,45,ed,e6,45,9e,d2,bf,93,dc,46,a3,b9,\
"rkeysecu"=hex:ca,f1,08,4a,62,2f,7a,b4,25,23,2a,40,ed,cc,6b,07
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="4E17BC2F42417CC4CB6DB4327A79DD8659CB701E576C24A62A9E2F2FCD41C486686DB3A02A28EC637CA4557A17501E17CBBE9E4027AE529E1CADFD5B7F1B2F7DF59D7FE80AB4D5E3A8089FC5B19CACAF4C10A67ABAFDD2B6DE359AE8A2640C62F3D43BD613E8CC9F65778EBEE7A7D198A6F48575B80541419AE1259D044FE33500D1C56E601C70636A68E346BA0B590B4DB7FC0EAB46398619717E73D9DF476ADE6AC2E46DF7DE7094E423EC103815B4573712D481955EC0C7B94D173AF148E9F9069925997D3CFB668914FC31715838FCE68D8D8D1CD41FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67945D575E7D6A3B980866BCDF7815FE5E7C79AE3EA208FDDAB68C3F64DEA23E7047BAF6CE75C084D7172B37B9859323E1CAA31F80E27388E10C203986CF4291A82EFEFABB805FBB0112371AAA6D2813CF68A8A711788C81B43DF2811665AC654152611982189477C2CBE27813AEF58A16B099AFD4DFFC0B8DB070F896B7B55D69C845426313FC035DA7ABFB95FC0119266F2C35EEC9D498B141A5114D9495F3D419B482E77C197D137933E29ABFB124F169BACDC71A8573643F46D2457C65F6B9C059745A92CB592D0B3C7DD0135861F552429D8EE964B86FEB2A574CA6A589522E84C74AC75E5CF5193132A446A45CAB55E55EB3062ED8A1004C50F3FCBA1FDCC6A9C18941FE23BDD49EF7CD5DAB7714906A5F6BED00194CA44A7F921A6A831EE1613A30DBBA1BD7E336DDC00F67E4B515BA0330565C11447AE6BCC252E15359CA661E99A589061CDC4B053D47352C186AE43F3E28A9AF64948B73E2AA2E01DCC1986DE4DF40FD67CFD823C1A456294789191D1780B33309F7C0A214DA4551F47CFC3BF4021E6B17BBF90192FB700CD3612EBC802F26B115A1B55D3DD27DDE74213AB1F0B6C20D8F176F7A37548DD8D4D11FD082399492EC013ECB0932119833CB9C8BC35B32F539C92003FBE919E5E033089DE9D5F5957B76D028E450A13E0B0E95199D04D38D00311320722AE5E014CFAC7D4AF2A4C82E5B074202B5B065DAEA3740EFF5F58E539E76E7ECBA2AC810E2F06175B15E12F5F9A17D589F27F9055A3978732D4886A4571A0B85F2FCF07921604808E3C62A489283CF21804FB7EFC8794D23D55F59EE1373C996DC5E81F9AEA84BDB94621EA056B247DAFBD8B28795F55F3D55343E2C7F1B78C0392EF5BBA71B1315001D4EF96C5A00C76DD64EB815D3E346BF21BE5BBE4E01E87CB01FF019ADDC171545EED8704AAFECE2C244770FD9228361E7B982646DE0374B129FCE047A7D0BF90C09C072739C161CF4253AC0F4F581B7ACE2A57AFDA99683DDEF8DDFBF5A5E86897ABB736D21D00F2E50FAD8"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4164)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
Heure de fin: 2009-04-21 23:41
ComboFix-quarantined-files.txt 2009-04-21 21:41
ComboFix2.txt 2009-04-21 04:57
Avant-CF: 156 981 891 072 bytes free
Après-CF: 157 028 085 760 bytes free
278 --- E O F --- 2009-04-19 11:45
J'espère que mon étourderie n'a pas rendu les choses plus difficiles.
Depuis quand as-tu ce problème de redirections sur Google ?
Avant d'essayer de désinfecter, une remarque importante :
Tu sembles avoir une version non-officielle de Windows... Sache que certaines de ces versions sont elles-mêmes infectées, et que même si ce n'est pas le cas, tu ne peux pas bénéficier des mises à jour de sécurité fournies par Microsoft, ce qui rend ton ordinateur très vulnérable...
Combofix n'a rien supprimé, mais il donne quelques infos utiles. Il semble y avoir des restes de la barre d'outil Ask sur ton ordinateur, qui effectue justement des redirections : FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
Ce genre de barre d'outil est souvent proposé lors de l'installation de programmes gratuits : il faut lire attentivement et décocher tous les programmes additionnels qui sont proposés dans ces cas là, en particulier les barres d'outils !
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)
Avant d'essayer de désinfecter, une remarque importante :
Tu sembles avoir une version non-officielle de Windows... Sache que certaines de ces versions sont elles-mêmes infectées, et que même si ce n'est pas le cas, tu ne peux pas bénéficier des mises à jour de sécurité fournies par Microsoft, ce qui rend ton ordinateur très vulnérable...
Combofix n'a rien supprimé, mais il donne quelques infos utiles. Il semble y avoir des restes de la barre d'outil Ask sur ton ordinateur, qui effectue justement des redirections : FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
Ce genre de barre d'outil est souvent proposé lors de l'installation de programmes gratuits : il faut lire attentivement et décocher tous les programmes additionnels qui sont proposés dans ces cas là, en particulier les barres d'outils !
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)
ce problème de redirection apparait depuis un petit moment déja.
ma version de windows ne serait donc pas officielle? comment le sait-on? comment la remettre à niveau?
pour la barre d'outil, j'ai l'habitude de décocher les cases, mais une fois j'avais oublié, j'ai essayé de la supprimer dans ajout/suppression de programmes, je pensais que c'était bon... apparement non.
voici le log obtenu avec Toolbar-S&D :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 7:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 7:42:33,78
ma version de windows ne serait donc pas officielle? comment le sait-on? comment la remettre à niveau?
pour la barre d'outil, j'ai l'habitude de décocher les cases, mais une fois j'avais oublié, j'ai essayé de la supprimer dans ajout/suppression de programmes, je pensais que c'était bon... apparement non.
voici le log obtenu avec Toolbar-S&D :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 7:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 7:42:33,78
Salut,
j'ai ce problème de redirection depuis un petit moment déja.
Ma version de windows ne serait donc pas officielle? Comment peut-on le voir? Comment la mettre à niveau?
La barre d'outil c'est vrai qu'une fois j'en ai accepté une sans faire attention, j'ai essayé de la desinstaller grace à ajout/suppression de programmes, mais apparemment ca n'a pas marché....
voici le log obtenu :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 10:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 10:42:33,78
j'ai ce problème de redirection depuis un petit moment déja.
Ma version de windows ne serait donc pas officielle? Comment peut-on le voir? Comment la mettre à niveau?
La barre d'outil c'est vrai qu'une fois j'en ai accepté une sans faire attention, j'ai essayé de la desinstaller grace à ajout/suppression de programmes, mais apparemment ca n'a pas marché....
voici le log obtenu :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Theodiablo ( Administrator )
BOOT : Normal boot
Antivirus : Antivirus BitDefender 12.0 (Activated)
Firewall : Pare-feu BitDefender 12.0 (Activated)
C:\ (Local Disk) - NTFS - Total:269 Go (Free:144 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 22/04/2009| 10:41 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
1 - "C:\ToolBar SD\TB_1.txt" - 22/04/2009| 7:42 - Option : [1]
-----------\\ Fin du rapport a 10:42:33,78
Bonjour,
j'ai eu beaucoup de problèmes avec mon ordinateur suite à ces manip (je ne sais pas si c'est à cause des scans que j'ai effectué)
bref, je me suis retrouvé avec un problème fort embarassant: quand je démarais mon ordinateur, je devais rentrer mon mot de passe comme d'habitude, sauf qu'après l'avoir rentré, mon fond d'écran apparaissait puis je revenais à la page où je devais rentrer mon mot de passe, tout ca sans message d'erreur. j'ai meme essayé en mode sans echec, avec la session administrateur, c'était le même problème.
je vais donc réinstaller xp dessus, en attendant je suis sous ubuntu parce que j'avais fait un dualboot, je trouve ca très sympa aussi, je me demande si je ne vais pas rester dessu!
Merci pour vos réponses,
A bientot!
j'ai eu beaucoup de problèmes avec mon ordinateur suite à ces manip (je ne sais pas si c'est à cause des scans que j'ai effectué)
bref, je me suis retrouvé avec un problème fort embarassant: quand je démarais mon ordinateur, je devais rentrer mon mot de passe comme d'habitude, sauf qu'après l'avoir rentré, mon fond d'écran apparaissait puis je revenais à la page où je devais rentrer mon mot de passe, tout ca sans message d'erreur. j'ai meme essayé en mode sans echec, avec la session administrateur, c'était le même problème.
je vais donc réinstaller xp dessus, en attendant je suis sous ubuntu parce que j'avais fait un dualboot, je trouve ca très sympa aussi, je me demande si je ne vais pas rester dessu!
Merci pour vos réponses,
A bientot!
