Bonjour à tous, Voila j'ai deux problème , le premier est le démarrage de mon PC je m'explique lorsque je redémarre mon ordinateur l'écran Windows prend environ 2minutes peut être plus pour disparaitre, puis j'ai un écran noir durant environ 30 second et après un message d'erreur apparait a l'écran de sélection de session; le second vient du fait que je suis infecter par un rootkit "H:\WINDOWS\SYSTEM32\nmdfgds0.dll' que je n'arrive pas a supprimer. Voila, j'espère avoir été asse compréhensible dans ma description, si quelqu'un pourrais m'aider s'il vous plait car cela dur depuis plus de deux semaine. Merci d'avance pour votre patience.

re, très infecté ! .... ya du boulot ... ^^ n'entreprends rien avec le PC sans mon autorisation et suis à la lettre les consignes de désinfection ! .... commence par ceci : Télécharge "MSNFix.zip"(de !aur3n7) sur ton bureau : http://sosvirus.changelog.fr/MSNFix.zip !! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !! Décompresse-le (=clique droit / Extraire ici) . Déplace ensuite le dossier que tu viens d'extraire directement sous ton disque dure , c'est à dire ici > C:\MSNFix . ( c'est très important pour le bon fonctionnement de l'outil ! ). Ouvre ce dossier et double-clique sur le fichier MSNFix.bat . -> Exécutez l'option R ( recherche ). --> Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage . Note : Si une erreur de suppression est détectée, un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations de nettoyage : dans ce cas, redémarre l'ordinateur pour que l'outil finisse son travail ... -> Le rapport sera enregistré dans le même dossier que MSNFix sous forme d'un fichier " date_heure.txt " et ici C:\WINDOWS\msnfix.txt Poste le contenu de ce rapport ainsi qu'un nouveau rapport RSIT ( log.txt ) pour analyse ... Tuto d'utilisation ici : http://sosvirus.changelog.fr/ .

H:\WINDOWS\SYSTEM32\nmdfgds0.dll

Réponse 21 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 00:03

oki ...

passe à la suite maintenant ( SDFix ) ...

Réponse 22 / 71

Taffy
18 juin 2009 à 01:18

Re, et encore merci pour ta patience. Je vais poster les rapporte séparément
Rapport de "SDFix"

[b]SDFix: Version 1.240 [/b]
Run by TAF on 17/06/2009 at 18:01

Microsoft Windows XP [version 5.1.2600]
Running From: H:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 18:40:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,f4,ae,f6,fc,e0,bc,07,13,9a,b1,3f,4e,b3,2e,b0,26,33,3f,90,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,f4,ae,f6,fc,e0,bc,07,13,9a,b1,3f,4e,b3,2e,b0,26,33,3f,90,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,f4,ae,f6,fc,e0,bc,07,13,9a,b1,3f,4e,b3,2e,b0,26,33,3f,90,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7b,4b,d5,1f,00,38,b8,90,1f,c9,47,ac,33,47,81,36,6f,18,ea,3d,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,f4,ae,f6,fc,e0,bc,07,13,9a,b1,3f,4e,b3,2e,b0,26,33,3f,90,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,f4,ae,f6,fc,e0,bc,07,13,9a,b1,3f,4e,b3,2e,b0,26,33,3f,90,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,f4,ae,f6,fc,e0,bc,07,13,9a,b1,3f,4e,b3,2e,b0,26,33,3f,90,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="H:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:5f,0b,12,9f,53,41,c6,3d,bb,31,b3,56,e5,4a,51,de,42,5d,f4,a8,86,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5b,b6,03,45,f0,29,40,13,1f,eb,c3,ef,3d,ae,19,27,4d,..
"khjeh"=hex:4a,fc,07,05,bf,ae,2f,70,d7,ba,86,6d,8c,38,a7,01,69,20,3d,af,07,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c0,f4,ae,f6,fc,e0,bc,07,13,9a,b1,3f,4e,b3,2e,b0,26,33,3f,90,d2,..

scanning hidden registry entries ...

scanning hidden files ...

H:\Documents and Settings\TAF\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\\Program Files\\Messenger\\msmsgs.exe"="H:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\\Program Files\\uTorrent\\uTorrent.exe"="H:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\Hercules\\Classic Silver\\Station2.exe"="H:\\Program Files\\Hercules\\Classic Silver\\Station2.exe:*:Enabled:Hercules Webcam Station Evolution"
"H:\\Program Files\\FlashGet\\flashget.exe"="H:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"H:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"="H:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter© 2"
"H:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="H:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\\Program Files\\ma-config.com\\maconfservice.exe"="H:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"H:\\Documents and Settings\\TAF\\Bureau\\CabalTemp\\ESTSetupLoader.exe"="H:\\Documents and Settings\\TAF\\Bureau\\CabalTemp\\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"H:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="H:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\\Documents and Settings\\TAF\\Bureau\\Fotos.exe"="H:\\Documents and Settings\\TAF\\Bureau\\Fotos.exe:*:Enabled:Session Win32"
"H:\\Program Files\\Microsoft Studio Files\\lsass.exe"="H:\\Program Files\\Microsoft Studio Files\\lsass.exe:*:Enabled:Session Win32"
"H:\\Program Files\\skmw\\gwdwin.exe"="H:\\Program Files\\skmw\\gwdwin.exe:*:Enabled:Session Win32"
"H:\\Program Files\\skmw\\irc.exe"="H:\\Program Files\\skmw\\irc.exe:*:Enabled:WinIRC"
"H:\\Program Files\\dwimn\\mwstwn.exe"="H:\\Program Files\\dwimn\\mwstwn.exe:*:Enabled:Session Win32"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="H:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="H:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Sat 25 Apr 2009 636,088 A.SH. --- H:\PROGRA~1\INTERN~1\IEXPLORE.EXE
Thu 19 Aug 2004 1,667,584 ..SH. --- H:\PROGRA~1\MESSEN~1\MSMSGS.EXE
Thu 19 Aug 2004 60,416 A.SH. --- H:\PROGRA~1\OUTLOO~1\MSIMN.EXE
Wed 22 Oct 2008 949,072 A.SHR --- H:\PROGRA~1\SPYBOT~1\ADVCHECK.DLL
Mon 15 Sep 2008 1,562,960 A.SHR --- H:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
Wed 22 Oct 2008 962,896 A.SHR --- H:\PROGRA~1\SPYBOT~1\TOOLS.DLL
Thu 12 Jun 2008 4,348 A.SH. --- H:\DOCUME~1\ALLUSE~1\DRM\DRMV1.BAK

[b]Finished![/b]

Réponse 23 / 71

Taffy
18 juin 2009 à 01:20

Rapport de "RSIT"

Logfile of random's system information tool 1.06 (written by random/random)
Run by TAF at 2009-06-17 18:58:39
Microsoft Windows XP Édition familiale Service Pack 2
System drive H: has 107 GB (45%) free of 238 GB
Total RAM: 2046 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:02, on 17/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\uTorrent\uTorrent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Documents and Settings\TAF\Bureau\RSIT.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Trend Micro\HijackThis\TAF.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] H:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - H:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\WINDOWS\System32\TuneUpDefragService.exe

Réponse 24 / 71

Utilisateur anonyme
18 juin 2009 à 01:34

parcontre , chapeau sur la réactivité d'UsbFix face au nouvelles variantes ... ( en ce moment ça y va ^^ )

ça evolue ça evolue .. sale bete ! xd , le tool evoluera en conséquence .. comme je te disais une maj est en prepa

elle devrait sortir demain ... non ! elle sortira demain ;)

Bonne suite et sorry pour le derangement :)

kissouillle à tous les 2

Réponse 25 / 71

Taffy
18 juin 2009 à 02:31

Re, bonne nuit Chiquitine29

Voila le rapport de "OTM"

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver nProtect GameGuard Service not found.
Service\Driver nProtect GameGuard Service not found.
Service\Driver nProtect GameGuard Service not found.
Service\Driver npggsvc deleted successfully.
Service\Driver a0j2rhoc not found.
Service\Driver key a0j2rhoc deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\H:\Program Files\Microsoft Studio Files\lsass.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\H:\Program Files\skmw\gwdwin.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\H:\Program Files\skmw\irc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\H:\Program Files\dwimn\mwstwn.exe deleted successfully.
========== FILES ==========
H:\WINDOWS\system32\GameMon.des moved successfully.
File/Folder H:\Program Files\dwimn\mwstwn.exe not found.
H:\Program Files\dwimn\WinRds moved successfully.
H:\Program Files\dwimn\temp_log\chat moved successfully.
H:\Program Files\dwimn\temp_log moved successfully.
H:\Program Files\dwimn\sec moved successfully.
H:\Program Files\dwimn\plugins moved successfully.
H:\Program Files\dwimn\install moved successfully.
H:\Program Files\dwimn moved successfully.
File/Folder H:\Program Files\skmw\irc.exe not found.
File/Folder H:\Program Files\skmw\gwdwin.exe not found.
H:\Program Files\skmw\WinRds moved successfully.
H:\Program Files\skmw\temp_log\chat moved successfully.
H:\Program Files\skmw\temp_log moved successfully.
H:\Program Files\skmw\sec moved successfully.
H:\Program Files\skmw\plugins moved successfully.
H:\Program Files\skmw\install moved successfully.
H:\Program Files\skmw moved successfully.
H:\WINDOWS\system32\SETB.tmp moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. H:\Documents and Settings\TAF\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. H:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. H:\WINDOWS\temp\JET2C84.tmp scheduled to be deleted on reboot.
File delete failed. H:\WINDOWS\temp\JET2DDC.tmp scheduled to be deleted on reboot.
File delete failed. H:\WINDOWS\temp\Perflib_Perfdata_564.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.1 log created on 06172009_195515

Files moved on Reboot...
File move failed. H:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
H:\WINDOWS\temp\JET2C84.tmp moved successfully.
H:\WINDOWS\temp\JET2DDC.tmp moved successfully.
H:\WINDOWS\temp\Perflib_Perfdata_564.dat moved successfully.

Registry entries deleted on Reboot...

Réponse 26 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 02:33

impec ...

continue ... ^^

poste les rapports demandés et je te donnerai la suite demain ....

bonne nuit ... =)

Réponse 27 / 71

Taffy
18 juin 2009 à 02:37

dsl pour le retard , voila le rapport de "Malwarebytes' Anti-Malware" ( il a apparu a la fin du scan)

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2301
Windows 5.1.2600 Service Pack 2

17/06/2009 20:20:02
mbam-log-2009-06-17 (20-20-02).txt

Type de recherche: Examen rapide
Eléments examinés: 85295
Temps écoulé: 1 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 28 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 02:40

oki ... poste un nouveau RSIT et je regarderai cela demain ... ^^

bonne nuit ... ;)

Réponse 29 / 71

Taffy
18 juin 2009 à 02:42

Bonne Nuit

(PS: j'habite dans les DOM-TOM donc quand tu répondras je serais encore au lit et je serais de retour devant le PC en fin de matinée heur de chez moi soi début de soirée heur de chez toi, encore merci pour ta patience)

Réponse 30 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 09:39

Salut,

on continue ...

Refais un scan RSIT et poste le nouveau "log.txt" obtenu pour analyse et attends la suite ....

Réponse 31 / 71

Taffy
18 juin 2009 à 10:40

Bonjour, voila le rapport de "RSTI"

Logfile of random's system information tool 1.06 (written by random/random)
Run by TAF at 2009-06-18 04:22:20
Microsoft Windows XP Édition familiale Service Pack 2
System drive H: has 107 GB (45%) free of 238 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:22:28, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\uTorrent\uTorrent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\TAF\Bureau\RSIT.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Trend Micro\HijackThis\TAF.exe
H:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SuperCopier2.exe] H:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - H:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\WINDOWS\System32\TuneUpDefragService.exe

Réponse 32 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 11:28

bien ...

on va tout de même faire ceci :

Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------

Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .

-- Pour XP > laisse toi guider pour faire l'installe de la console de récupération . reconnecte toi uniquement le temps de cette manipulation . une fois le console installée ,re-déconnecte toi avant de poursuivre --

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .

Poste le rapport Combofix pour analyse ...

Réponse 33 / 71

Taffy
18 juin 2009 à 21:57

Bonsoir,
avant de poster le rapport je voudrais signaler que j'ai peut être fait une "connerie" ; je m'explique j'ai lancer "ComboFix" et suivi les instructions, le PC a redémarré mais "MSN" c'est lancer au démarrage et je pense que cela a du "bugger" "ComboFix"; et donc pas de rapport au bout de 30min, j'ai donc relancer l'application. dsl.

voila le rapport obtenu a la fin

ComboFix 09-06-18.02 - TAF 18/06/2009 15:28.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2046.1615 [GMT -4:00]
Lancé depuis: h:\documents and settings\TAF\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090618-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
h:\program files\SuperCopier2\SC2Hook.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_AVPsys

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-18 au 2009-06-18 ))))))))))))))))))))))))))))))))))))
.

2009-06-18 00:02 . 2009-06-18 00:02 3561743 ----a-w- h:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 23:55 . 2009-06-17 23:55 -------- d-----w- H:\_OTM
2009-06-17 22:01 . 2009-06-17 22:01 578048 -c--a-w- h:\windows\system32\dllcache\user32.dll
2009-06-17 21:59 . 2009-06-17 21:59 -------- d-----w- h:\windows\ERUNT
2009-06-17 21:51 . 2009-06-17 22:43 -------- d-----w- H:\SDFix
2009-06-17 20:02 . 2009-06-17 20:45 -------- d-----w- H:\UsbFix
2009-06-17 14:12 . 2009-06-17 14:18 -------- d-----w- H:\MSNFix
2009-06-17 12:13 . 2009-06-17 12:13 -------- d-----w- H:\rsit
2009-06-17 01:54 . 2008-02-26 12:00 294912 -c----w- h:\windows\system32\dllcache\msctf.dll
2009-06-16 00:23 . 2009-06-16 18:09 -------- d-----w- h:\documents and settings\TAF\Application Data\TeraCopy
2009-06-16 00:23 . 2009-06-16 00:23 -------- d-----w- h:\program files\TeraCopy
2009-06-15 15:49 . 2009-06-15 15:49 191008 ----a-w- h:\windows\system32\npkcmsvc.exe
2009-06-15 10:56 . 2009-06-15 10:56 -------- d-----w- h:\program files\Games-Masters.com
2009-06-14 19:09 . 2009-06-17 15:27 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 19:09 . 2009-06-17 15:27 19096 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-06-14 19:09 . 2009-06-18 00:02 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-06-14 15:48 . 2001-08-18 01:52 18688 -c--a-w- h:\windows\system32\dllcache\cdaudio.sys
2009-06-07 11:02 . 2009-06-14 00:45 -------- d-----w- h:\windows\system32\CatRoot_bak
2009-06-05 17:31 . 2009-06-05 17:31 -------- d-----w- h:\windows\system32\Lang
2009-06-05 16:53 . 2009-06-05 16:55 157079494 ----a-w- h:\documents and settings\TAF\TRACE_BOOT+DRIVERS_1_1.BIN
2009-06-05 15:55 . 2009-06-05 15:55 -------- d-----w- H:\ATI
2009-05-31 17:27 . 2009-03-18 01:05 593920 ------w- h:\windows\system32\ati2sgag.exe
2009-05-31 17:27 . 2009-03-16 20:17 307200 ----a-w- h:\windows\system32\atiiiexx.dll
2009-05-31 17:26 . 2009-02-23 21:39 184394 ----a-w- h:\windows\system32\atiicdxx.dat
2009-05-31 17:08 . 2009-03-16 21:33 3597312 -c--a-w- h:\windows\system32\dllcache\ati2mtag.sys
2009-05-31 17:08 . 2009-03-16 21:33 3597312 ----a-w- h:\windows\system32\drivers\ati2mtag.sys
2009-05-31 17:08 . 2004-08-19 20:09 870784 -c--a-w- h:\windows\system32\dllcache\ati3d1ag.dll
2009-05-31 17:08 . 2004-08-19 20:09 870784 ----a-w- h:\windows\system32\ati3d1ag.dll
2009-05-31 17:08 . 2004-08-19 19:53 327168 -c--a-w- h:\windows\system32\dllcache\ati2mtaa.sys
2009-05-31 17:08 . 2004-08-19 19:53 327168 ----a-w- h:\windows\system32\drivers\ati2mtaa.sys
2009-05-31 17:08 . 2004-08-19 20:09 377984 -c--a-w- h:\windows\system32\dllcache\ati2dvaa.dll
2009-05-31 17:08 . 2004-08-19 20:09 377984 ----a-w- h:\windows\system32\ati2dvaa.dll
2009-05-31 16:16 . 2009-05-31 16:23 -------- d-----w- h:\program files\Driver Cleaner Pro
2009-05-31 15:59 . 2009-05-31 15:59 -------- d-----w- h:\program files\Defraggler
2009-05-31 15:56 . 2009-05-31 15:56 -------- d-----w- h:\documents and settings\Administrateur\Local Settings\Application Data\ATI
2009-05-31 15:56 . 2009-05-31 15:56 -------- d-----w- h:\documents and settings\Administrateur\Application Data\ATI
2009-05-31 15:56 . 2009-05-31 15:56 -------- d-----w- h:\documents and settings\TAF\Application Data\Canon
2009-05-31 15:54 . 2009-05-31 15:54 -------- d-----w- h:\program files\Realtek
2009-05-31 15:53 . 2009-05-31 15:53 -------- d-----w- h:\windows\system32\RTCOM
2009-05-30 18:26 . 2009-05-31 15:58 -------- d-----w- h:\documents and settings\All Users\Application Data\ATI
2009-05-30 17:40 . 2009-05-30 19:16 25992 ----a-w- h:\windows\system32\pgdfgsvc.exe
2009-05-30 17:29 . 2009-05-30 17:29 603904 ----a-w- h:\windows\system32\TUProgSt.exe
2009-05-30 17:29 . 2008-12-11 17:31 27904 ----a-w- h:\windows\system32\uxtuneup.dll
2009-05-30 17:29 . 2009-06-05 16:48 360192 ----a-w- h:\windows\system32\TuneUpDefragService.exe
2009-05-30 15:27 . 2009-05-30 15:27 37672 ----a-w- h:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 22:45 . 2009-06-04 23:14 10 ----a-w- h:\windows\popcinfo.dat
2009-05-27 22:28 . 2009-05-31 15:33 -------- d-----w- h:\program files\Zuma Deluxe
2009-05-27 20:05 . 2009-05-27 20:05 -------- d-----w- h:\windows\system32\wbem\Repository
2009-05-27 19:49 . 2009-05-31 15:53 -------- d-----w- h:\windows\LastGood(2)
2009-05-27 17:16 . 2009-05-31 15:45 -------- d-----w- h:\program files\Realtek AC97
2009-05-27 15:47 . 2003-07-12 09:39 848 ------w- h:\windows\system32\drivers\alcxinit.dat
2009-05-27 15:39 . 2009-05-31 15:54 -------- d-----w- h:\documents and settings\All Users\Application Data\ATI(2)
2009-05-27 11:48 . 2009-05-31 15:55 -------- d--h--w- h:\documents and settings\TAF\Recent(2)
2009-05-23 23:37 . 2009-05-23 23:37 -------- d-----w- h:\documents and settings\TAF\Local Settings\Application Data\Windows Live Writer
2009-05-23 23:37 . 2009-05-23 23:37 -------- d-----w- h:\documents and settings\TAF\Application Data\Windows Live Writer
2009-05-22 22:01 . 2009-05-22 22:01 -------- d-----w- h:\program files\Feneris

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 19:28 . 2008-06-29 23:20 -------- d-----w- h:\documents and settings\TAF\Application Data\uTorrent
2009-06-18 19:27 . 2008-09-17 20:08 -------- d-----w- h:\program files\SuperCopier2
2009-06-17 15:28 . 2009-03-21 14:46 1 ----a-w- h:\documents and settings\TAF\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-17 01:28 . 2008-10-23 20:27 -------- d-----w- h:\program files\FlashGet
2009-06-15 21:17 . 2008-06-06 10:02 37144 ----a-w- h:\documents and settings\TAF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 18:42 . 2008-07-12 05:54 -------- d-----w- h:\program files\a-squared Free
2009-06-05 17:25 . 2008-06-29 22:55 -------- d-----w- h:\documents and settings\TAF\Application Data\DNA
2009-06-05 17:25 . 2008-06-29 20:40 -------- d-----w- h:\documents and settings\All Users\Application Data\WLInstaller
2009-06-05 17:19 . 2008-06-29 22:47 -------- d-----w- h:\documents and settings\TAF\Application Data\Azureus
2009-05-31 23:41 . 2009-03-09 12:09 -------- d-----w- h:\program files\Dofus
2009-05-31 17:25 . 2008-06-06 10:13 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-05-31 17:25 . 2008-06-06 10:13 -------- d-----w- h:\program files\ATI Technologies
2009-05-31 17:08 . 2008-06-06 16:27 -------- d-----w- h:\documents and settings\TAF\Application Data\ATI
2009-05-31 15:55 . 2008-08-04 12:35 -------- d-----w- h:\program files\ma-config.com
2009-05-31 15:51 . 2008-12-06 11:22 -------- d-----w- h:\documents and settings\TAF\Application Data\dvdcss
2009-05-31 15:32 . 2009-01-31 18:43 -------- d-----w- h:\program files\TuneUp Utilities 2009
2009-05-31 15:31 . 2008-06-29 22:55 -------- d-----w- h:\program files\DNA
2009-05-31 15:31 . 2009-01-31 18:43 -------- d-sh--w- h:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-31 15:27 . 2008-06-22 15:54 -------- d-----w- h:\program files\CCleaner
2009-05-30 17:16 . 2004-08-05 12:00 90204 ----a-w- h:\windows\system32\perfc00C.dat
2009-05-30 17:16 . 2004-08-05 12:00 512468 ----a-w- h:\windows\system32\perfh00C.dat
2009-05-27 12:26 . 2008-08-04 12:35 -------- d-----w- h:\documents and settings\All Users\Application Data\ma-config.com
2009-05-24 03:20 . 2009-01-26 13:46 -------- d-----w- h:\documents and settings\TAF\Application Data\vlc
2009-05-17 10:39 . 2009-04-30 23:15 -------- d-----w- h:\program files\Registry Winner
2009-05-14 19:29 . 2009-05-14 19:29 133376 ----a-w- h:\windows\system32\npkcnt4.sys
2009-05-14 19:29 . 2009-05-14 19:29 58888 ----a-w- h:\windows\system32\npkpdb.dll
2009-05-14 19:20 . 2009-05-15 23:22 2645832 ----a-w- h:\documents and settings\TAF\Application Data\Mozilla\Firefox\Profiles\icztmhu6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-14 18:56 . 2009-05-15 23:22 402800 ----a-w- h:\documents and settings\TAF\Application Data\Mozilla\Firefox\Profiles\icztmhu6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
2009-05-13 10:04 . 2009-03-21 14:22 -------- d-----w- h:\program files\Fichiers communs\Adobe
2009-05-07 21:32 . 2009-05-07 21:32 322080 ----a-w- h:\windows\system32\npkcrypt.dll
2009-05-07 15:43 . 2004-08-05 12:00 347136 ----a-w- h:\windows\system32\localspl.dll
2009-05-04 14:37 . 2009-05-04 14:37 600608 ----a-w- h:\windows\system32\npkSvcUpdate.exe
2009-05-04 01:15 . 2008-08-18 19:45 -------- d-----w- h:\program files\Messenger Plus! Live
2009-05-02 20:04 . 2008-06-29 20:40 -------- d-----w- h:\program files\Windows Live
2009-04-29 04:45 . 2004-08-05 12:00 827392 ----a-w- h:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-05 12:00 78336 ----a-w- h:\windows\system32\ieencode.dll
2009-04-29 02:17 . 2007-06-06 14:52 335872 ----a-w- h:\windows\system32\ati2dvag(3).dll
2009-04-29 02:07 . 2007-06-06 14:45 204800 ----a-w- h:\windows\system32\atipdlxx(3).dll
2009-04-29 02:06 . 2007-06-06 14:45 43520 ----a-w- h:\windows\system32\ati2edxx(3).dll
2009-04-29 02:06 . 2007-06-06 14:45 155648 ----a-w- h:\windows\system32\ati2evxx(3).dll
2009-04-29 02:04 . 2007-06-06 14:43 602112 ----a-w- h:\windows\system32\ati2evxx(3).exe
2009-04-29 01:56 . 2007-06-06 14:35 2997536 ----a-w- h:\windows\system32\ati3duag(3).dll
2009-04-29 01:42 . 2007-06-06 14:25 2687872 ----a-w- h:\windows\system32\ativvaxx(3).dll
2009-04-29 01:22 . 2007-06-06 14:11 479232 ----a-w- h:\windows\system32\atikvmag(3).dll
2009-04-29 01:17 . 2007-06-06 14:30 303104 ----a-w- h:\windows\system32\atiok3x2(3).dll
2009-04-29 01:13 . 2007-06-06 14:04 630784 ----a-w- h:\windows\system32\ati2cqag(3).dll
2009-04-28 01:04 . 2008-06-29 20:40 -------- dcsh--w- h:\program files\Fichiers communs\WindowsLiveInstaller
2009-04-24 16:00 . 2009-04-24 16:00 -------- d-----w- h:\program files\Windows Live SkyDrive
2009-04-24 15:41 . 2009-04-24 15:41 -------- d-----w- h:\program files\Fichiers communs\Windows Live
2009-04-23 17:33 . 2009-04-23 17:03 -------- d-----w- h:\program files\The Last Remnant
2009-04-23 17:33 . 2009-04-10 22:37 -------- d-----w- h:\program files\adslTV
2009-04-23 17:26 . 2009-01-14 23:33 -------- d-----w- h:\program files\DivX
2009-04-23 08:31 . 2009-04-23 08:31 -------- d-----w- h:\program files\Sunbelt Software
2009-04-21 22:32 . 2009-04-21 22:32 412192 ----a-w- h:\windows\system32\npkupd.exe
2009-04-19 20:09 . 2004-08-05 12:00 1846784 ----a-w- h:\windows\system32\win32k.sys
2009-04-15 17:53 . 2009-04-15 17:53 43424 ----a-w- h:\windows\system32\npkcusb.sys
2009-04-15 17:52 . 2009-04-15 17:52 53664 ----a-w- h:\windows\system32\npkcrypt.sys
2009-04-15 15:17 . 2004-08-05 12:00 584192 ----a-w- h:\windows\system32\rpcrt4.dll
2009-04-12 20:39 . 2009-04-12 20:39 2961 ----a-w- h:\windows\system32\unins000.dat
2009-04-12 20:39 . 2009-04-12 20:39 716153 ----a-w- h:\windows\system32\unins000.exe
2009-04-06 19:52 . 2009-04-06 19:52 76320 ----a-w- h:\windows\system32\npkuninst.exe
2009-04-06 01:49 . 2009-04-06 01:49 152576 ----a-w- h:\documents and settings\TAF\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-02 00:31 . 2009-04-02 00:31 236064 ----a-w- h:\windows\system32\npkagt.exe
2009-03-21 14:42 . 2009-03-21 14:42 7424000 ----a-r- h:\documents and settings\TAF\Application Data\Microsoft\Installer\{6860B340-530D-46B3-91F8-1AE1F70F7C33}\soffice.exe
2008-03-09 11:25 . 2009-04-12 20:39 236 ----a-w- h:\program files\Fichiers communs\dx.reg
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="h:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MsnMsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"uTorrent"="h:\program files\uTorrent\uTorrent.exe" [2009-02-11 270128]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - h:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=h:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"uTorrent"="h:\program files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Hercules\\Classic Silver\\Station2.exe"=
"h:\\Program Files\\FlashGet\\flashget.exe"=
"h:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"h:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14900:TCP"= 14900:TCP:*:Disabled:NortonAV
"17447:TCP"= 17447:TCP:*:Disabled:NortonAV
"15719:TCP"= 15719:TCP:*:Disabled:NortonAV
"13918:TCP"= 13918:TCP:*:Disabled:NortonAV
"13730:TCP"= 13730:TCP:*:Disabled:NortonAV
"13913:TCP"= 13913:TCP:*:Disabled:NortonAV
"15175:TCP"= 15175:TCP:*:Disabled:NortonAV
"14894:TCP"= 14894:TCP:*:Disabled:NortonAV
"13691:TCP"= 13691:TCP:*:Disabled:NortonAV
"15834:TCP"= 15834:TCP:*:Disabled:NortonAV
"12571:TCP"= 12571:TCP:*:Disabled:NortonAV
"14820:TCP"= 14820:TCP:*:Disabled:NortonAV
"17225:TCP"= 17225:TCP:*:Disabled:NortonAV
"12905:TCP"= 12905:TCP:*:Disabled:NortonAV
"12070:TCP"= 12070:TCP:*:Disabled:NortonAV
"18124:TCP"= 18124:TCP:*:Disabled:NortonAV
"15231:TCP"= 15231:TCP:*:Disabled:NortonAV
"14583:TCP"= 14583:TCP:*:Disabled:NortonAV
"16131:TCP"= 16131:TCP:*:Disabled:NortonAV

R0 xfilt;VIA SATA IDE Hot-plug Driver;h:\windows\system32\drivers\xfilt.sys [06/06/2008 12:38 17920]
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [29/06/2008 08:37 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [29/06/2008 08:37 20560]
S3 camfilt2;camfilt2;h:\windows\system32\drivers\camfilt2.sys [12/01/2009 08:30 94720]
S3 dump_wmimmc;dump_wmimmc;\??\h:\program files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys --> h:\program files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [?]
S3 maconfservice;Ma-Config Service;h:\program files\ma-config.com\maconfservice.exe [13/05/2009 14:37 216232]
S3 Ndisprot;ArcNet NDIS Protocol Driver;h:\windows\system32\drivers\ndisprot.sys [03/12/2008 05:21 27904]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2009-06-18 h:\windows\Tasks\1-Click Maintenance.job
- h:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 01:36]

2009-06-18 h:\windows\Tasks\Registry Winner Schedule.job
- h:\program files\Registry Winner\RegistryWinner.exe [2009-04-30 23:16]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Tout télécharger avec FlashGet - h:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - h:\program files\FlashGet\jc_link.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 15:33
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\h:\docume~1\TAF\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(792)
h:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3400)
h:\windows\system32\msi.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-06-18 15:35
ComboFix-quarantined-files.txt 2009-06-18 19:35

Avant-CF: 111 752 048 640 octets libres
Après-CF: 111 734 149 120 octets libres

Current=2 Default=2 Failed=7 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
255 --- E O F --- 2009-06-17 01:55

Réponse 34 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 22:04

salut,

effectivement ... il ne falais pas relancer Combo .... je t'aurais dis ou trouvé le rapport ...

le probleme c'est que je ne sais pas ce qu'il a supprimé ... ^^

désactive MSN au démarage du PC pour éviter ce genre d'ennui la prochaine fois ...

pour le moment , refais un scan RSIT et poste le nouveau "log.txt" pour analyse ....

Réponse 35 / 71

Taffy
18 juin 2009 à 22:11

Voila le nouveau rapport de "RSIT"

Logfile of random's system information tool 1.06 (written by random/random)
Run by TAF at 2009-06-18 15:53:18
Microsoft Windows XP Édition familiale Service Pack 2
System drive H: has 107 GB (45%) free of 238 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:35, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Documents and Settings\TAF\Bureau\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\TAF.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] H:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - H:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\WINDOWS\System32\TuneUpDefragService.exe

Réponse 36 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 22:32

bien ...

une petite précision avant de poursuivre :

tu ne payes pas pour cette daube dis moi > H:\Program Files\Registry Winner

Réponse 37 / 71

Taffy
18 juin 2009 à 23:09

Re,
Non je ne le paye pas , un ami me la conseiller en voulant m'aider a régler mon problème.

Réponse 38 / 71

sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
18 juin 2009 à 23:12

un ami me la conseiller en voulant m'aider

un ami ? t'es sûr ? ... :p

bref la suite :

1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

File::
H:\WINDOWS\tasks\Registry Winner Schedule.job

Folder::
H:\Program Files\Registry Winner

Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ...

2-Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : poste le accompagné d' un nouveau rapport RSIT pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

Réponse 39 / 71

Taffy
18 juin 2009 à 23:31

Un message de "ComboFix" est apparus avant le scan en me disant de noter "H:\Programme File\ supercopier\SC2Hook.dll" car on en aurais peut etre besoin.

Voila le rapport de "ComboFix"

ComboFix 09-06-18.02 - TAF 18/06/2009 17:04.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.2046.1548 [GMT -4:00]
Lancé depuis: h:\documents and settings\TAF\Bureau\ComboFix.exe
Commutateurs utilisés :: h:\documents and settings\TAF\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090618-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"h:\windows\tasks\Registry Winner Schedule.job"
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
h:\program files\SuperCopier2\SC2Hook.dll

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\Registry Winner
h:\program files\Registry Winner\AutoBackup\AutoBackup20090430192009.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090430192413.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090501073228.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090502053836.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090524134718.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090526142627.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090527074939.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090527140149.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090530143614.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090531131112.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090531131627.zip
h:\program files\Registry Winner\AutoBackup\AutoBackup20090605131735.zip
h:\program files\Registry Winner\crd.exe
h:\program files\Registry Winner\keygen.exe
h:\program files\Registry Winner\Language\Chinese(Simplified).ini
h:\program files\Registry Winner\Language\Chinese(Traditional).ini
h:\program files\Registry Winner\Language\English.ini
h:\program files\Registry Winner\Language\French.ini
h:\program files\Registry Winner\Language\German.ini
h:\program files\Registry Winner\Language\Italian.ini
h:\program files\Registry Winner\Language\Swedish.ini
h:\program files\Registry Winner\License.txt
h:\program files\Registry Winner\manual.chm
h:\program files\Registry Winner\reg.ini
h:\program files\Registry Winner\RegistryWinner.bak
h:\program files\Registry Winner\RegistryWinner.exe
h:\program files\Registry Winner\RegistryWinner.url
h:\program files\Registry Winner\RWCleaner.dll
h:\program files\Registry Winner\RWCleaner.ini
h:\program files\Registry Winner\RWOptimizer.dll
h:\program files\Registry Winner\RWOptimizer.ini
h:\program files\Registry Winner\Settings.ini
h:\program files\Registry Winner\unins000.dat
h:\program files\Registry Winner\unins000.exe
h:\program files\Registry Winner\Update.exe
h:\program files\Registry Winner\Utilities\Favorites\[ Manga.spiderneo.com ] Nabari No Ou episode 1 DDL gratuit - Fansub [Kyuu-F].url
h:\program files\Registry Winner\Utilities\Favorites\[Wiki] Les métiers de récolte - Dofus.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men Automobile.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men Espace Membre.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men Forums.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men High-Tech.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men Loisirs.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men Sports.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men Style de vie.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1men\[u]0/u1men.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Actualités.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Emploi et formations.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Entreprise.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Forums.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Newsletters.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Produits - Mon Espace.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Produits.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Shopping.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Telecharger.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net. Trucs et astuces.url
h:\program files\Registry Winner\Utilities\Favorites\[u]0/u1net\[u]0/u1net..url
h:\program files\Registry Winner\Utilities\Favorites\Admission Postbac.url
h:\program files\Registry Winner\Utilities\Favorites\AlloSharing.COM.url
h:\program files\Registry Winner\Utilities\Favorites\Anime-torrent Details.url
h:\program files\Registry Winner\Utilities\Favorites\Ankama Support.url
h:\program files\Registry Winner\Utilities\Favorites\Barbok - Dofus.url
h:\program files\Registry Winner\Utilities\Favorites\BitTorrentShare.com - Share active torrents!.url
h:\program files\Registry Winner\Utilities\Favorites\blog\Blog de chabinette-972 - ~~~~~~~~~~~~MADININA RPZT 97two~~~~~~~~~~~~ - Skyrock.com.url
h:\program files\Registry Winner\Utilities\Favorites\blog\Blog de oreliSOglamourous - ==oreliSOglamourous== - Skyrock.com.url
h:\program files\Registry Winner\Utilities\Favorites\blog\Blog de xx-pomm3-damourr3-xx - Princ3ss d'amouRr - Skyrock.com.url
h:\program files\Registry Winner\Utilities\Favorites\blog\Blog de zeromax - The Zeromax Story - Skyrock.com.url
h:\program files\Registry Winner\Utilities\Favorites\Club, RnB, Rap, Hip-Hop MP3 Downloads.url
h:\program files\Registry Winner\Utilities\Favorites\Collège de Bois-de-Boulogne -- Admission et inscription.url
h:\program files\Registry Winner\Utilities\Favorites\contrat élève éduc - Forum Engagement et Travail Social.url
h:\program files\Registry Winner\Utilities\Favorites\crack msn webcam recorder logiciels télécharger.url
h:\program files\Registry Winner\Utilities\Favorites\Cyberprofs.com - Fiches de révisions pour le BAC en physique-chimie.url
h:\program files\Registry Winner\Utilities\Favorites\Desktop.ini
h:\program files\Registry Winner\Utilities\Favorites\Dictionnaire des métiers comment bien choisir son métier Formation, stage, école - France 5 et Onisep.url
h:\program files\Registry Winner\Utilities\Favorites\Dofus-Arena Téléchargement - Combats tactiques en ligne.url
h:\program files\Registry Winner\Utilities\Favorites\Dofus - Désencyclopédie.url
h:\program files\Registry Winner\Utilities\Favorites\DOFUS MMORPG - Jeu de rôle massivement multijoueur sur Internet.url
h:\program files\Registry Winner\Utilities\Favorites\DofuX - Encore plus d'infos sur Dofus.url
h:\program files\Registry Winner\Utilities\Favorites\DomTomConnection - Annonce n°14953 (Martinique) Rencontres cherche acteur ou actrice porno.url
h:\program files\Registry Winner\Utilities\Favorites\ExtraTorrent.com The World's Largest BitTorrent System.url
h:\program files\Registry Winner\Utilities\Favorites\Final Fantasy X Media Sounds and Music Demo, Final Fantasy X Media Sounds and Music Mods - FileFront.com.url
h:\program files\Registry Winner\Utilities\Favorites\Florensia Western Global F2P next-gen MMOG japonais Sur terre et en mer www.florensia-online.com.url
h:\program files\Registry Winner\Utilities\Favorites\Fonds d'écran Femmes (catégorie Fantasy) - Hebus.com.url
h:\program files\Registry Winner\Utilities\Favorites\Guide des stations de radio.url
h:\program files\Registry Winner\Utilities\Favorites\GuiKs.net.url
h:\program files\Registry Winner\Utilities\Favorites\http--www.manga.spiderneo.com-anime.php.url
h:\program files\Registry Winner\Utilities\Favorites\IMPORTANT\Cours d'électronique pour étudiant, techniciens et ingénieurs.url
h:\program files\Registry Winner\Utilities\Favorites\IMPORTANT\Cours de génie électrique.url
h:\program files\Registry Winner\Utilities\Favorites\IMPORTANT\Cours et exercices de maths.url
h:\program files\Registry Winner\Utilities\Favorites\IMPORTANT\Document sans nom.url
h:\program files\Registry Winner\Utilities\Favorites\IMPORTANT\Taux de réussite au BTS Domotique.url
h:\program files\Registry Winner\Utilities\Favorites\La Liste Interactive des Artisans d'Amakna - Dofus - JeuxOnLine, le réseau des mondes virtuels.url
h:\program files\Registry Winner\Utilities\Favorites\Les Shushettes - Le blog de Yoch-Tueur.url
h:\program files\Registry Winner\Utilities\Favorites\Liens\Hotmail.url
h:\program files\Registry Winner\Utilities\Favorites\Liens\Personnaliser les liens.url
h:\program files\Registry Winner\Utilities\Favorites\Liens\Windows Media.url
h:\program files\Registry Winner\Utilities\Favorites\Liens\Windows.url
h:\program files\Registry Winner\Utilities\Favorites\migraine mal aux yeux et nausées - Forum Migraine et maux de tête - FORUM Santé.url
h:\program files\Registry Winner\Utilities\Favorites\MixtapeTorrent.com HOT Mixtape Downloads, Mixtape News, The Latest Diss Tracks, Singles & More.url
h:\program files\Registry Winner\Utilities\Favorites\MSN.com.url
h:\program files\Registry Winner\Utilities\Favorites\OGame.fr.url
h:\program files\Registry Winner\Utilities\Favorites\ONISEP - Les métiers.url
h:\program files\Registry Winner\Utilities\Favorites\PagesJaunes - Résultats de la recherche.url
h:\program files\Registry Winner\Utilities\Favorites\Pandawa - Forum DOFUS.url
h:\program files\Registry Winner\Utilities\Favorites\Rappelz.france.free.fr.url
h:\program files\Registry Winner\Utilities\Favorites\Saint Seiya MANGA SUPREME.url
h:\program files\Registry Winner\Utilities\Favorites\Secrets~dofus - Secrets dofus.url
h:\program files\Registry Winner\Utilities\Favorites\Sites utiles\Allociné.url
h:\program files\Registry Winner\Utilities\Favorites\Sites utiles\Au Féminin.url
h:\program files\Registry Winner\Utilities\Favorites\Sites utiles\Boursorama.url
h:\program files\Registry Winner\Utilities\Favorites\Sites Web Microsoft\Internet Explorer 7 - Présentation rapide.url
h:\program files\Registry Winner\Utilities\Favorites\Sites Web Microsoft\Site Internet Explorer sur Microsoft.com.url
h:\program files\Registry Winner\Utilities\Favorites\Sites Web Microsoft\Windows Marketplace.url
h:\program files\Registry Winner\Utilities\Favorites\SkY-AnimeS - News Anime - Sortie One Piece - Saison 10 - 327 Animes, Mangas et Dramas en Téléchargement Gratuit.url
h:\program files\Registry Winner\Utilities\Favorites\Torrent Reactor - The most active torrents on the web.url
h:\program files\Registry Winner\Utilities\Favorites\Urban Rivals - Collection (8 personnages).url
h:\program files\Registry Winner\Utilities\Favorites\Windows Live Hotmail.url
h:\program files\Registry Winner\Utilities\Favorites\Zui quan - Wikipédia.url
h:\program files\Registry Winner\Utilities\Startup.dat
h:\windows\tasks\Registry Winner Schedule.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-18 au 2009-06-18 ))))))))))))))))))))))))))))))))))))
.

2009-06-18 00:02 . 2009-06-18 00:02 3561743 ----a-w- h:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 23:55 . 2009-06-17 23:55 -------- d-----w- H:\_OTM
2009-06-17 22:01 . 2009-06-17 22:01 578048 -c--a-w- h:\windows\system32\dllcache\user32.dll
2009-06-17 21:59 . 2009-06-17 21:59 -------- d-----w- h:\windows\ERUNT
2009-06-17 21:51 . 2009-06-17 22:43 -------- d-----w- H:\SDFix
2009-06-17 20:02 . 2009-06-17 20:45 -------- d-----w- H:\UsbFix
2009-06-17 14:12 . 2009-06-17 14:18 -------- d-----w- H:\MSNFix
2009-06-17 12:13 . 2009-06-17 12:13 -------- d-----w- H:\rsit
2009-06-17 01:54 . 2008-02-26 12:00 294912 -c----w- h:\windows\system32\dllcache\msctf.dll
2009-06-16 00:23 . 2009-06-16 18:09 -------- d-----w- h:\documents and settings\TAF\Application Data\TeraCopy
2009-06-16 00:23 . 2009-06-16 00:23 -------- d-----w- h:\program files\TeraCopy
2009-06-15 15:49 . 2009-06-15 15:49 191008 ----a-w- h:\windows\system32\npkcmsvc.exe
2009-06-15 10:56 . 2009-06-15 10:56 -------- d-----w- h:\program files\Games-Masters.com
2009-06-14 19:09 . 2009-06-17 15:27 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 19:09 . 2009-06-17 15:27 19096 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-06-14 19:09 . 2009-06-18 00:02 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-06-14 15:48 . 2001-08-18 01:52 18688 -c--a-w- h:\windows\system32\dllcache\cdaudio.sys
2009-06-07 11:02 . 2009-06-14 00:45 -------- d-----w- h:\windows\system32\CatRoot_bak
2009-06-05 17:31 . 2009-06-05 17:31 -------- d-----w- h:\windows\system32\Lang
2009-06-05 16:53 . 2009-06-05 16:55 157079494 ----a-w- h:\documents and settings\TAF\TRACE_BOOT+DRIVERS_1_1.BIN
2009-06-05 15:55 . 2009-06-05 15:55 -------- d-----w- H:\ATI
2009-05-31 17:27 . 2009-03-18 01:05 593920 ------w- h:\windows\system32\ati2sgag.exe
2009-05-31 17:27 . 2009-03-16 20:17 307200 ----a-w- h:\windows\system32\atiiiexx.dll
2009-05-31 17:26 . 2009-02-23 21:39 184394 ----a-w- h:\windows\system32\atiicdxx.dat
2009-05-31 17:08 . 2009-03-16 21:33 3597312 -c--a-w- h:\windows\system32\dllcache\ati2mtag.sys
2009-05-31 17:08 . 2009-03-16 21:33 3597312 ----a-w- h:\windows\system32\drivers\ati2mtag.sys
2009-05-31 17:08 . 2004-08-19 20:09 870784 -c--a-w- h:\windows\system32\dllcache\ati3d1ag.dll
2009-05-31 17:08 . 2004-08-19 20:09 870784 ----a-w- h:\windows\system32\ati3d1ag.dll
2009-05-31 17:08 . 2004-08-19 19:53 327168 -c--a-w- h:\windows\system32\dllcache\ati2mtaa.sys
2009-05-31 17:08 . 2004-08-19 19:53 327168 ----a-w- h:\windows\system32\drivers\ati2mtaa.sys
2009-05-31 17:08 . 2004-08-19 20:09 377984 -c--a-w- h:\windows\system32\dllcache\ati2dvaa.dll
2009-05-31 17:08 . 2004-08-19 20:09 377984 ----a-w- h:\windows\system32\ati2dvaa.dll
2009-05-31 16:16 . 2009-05-31 16:23 -------- d-----w- h:\program files\Driver Cleaner Pro
2009-05-31 15:59 . 2009-05-31 15:59 -------- d-----w- h:\program files\Defraggler
2009-05-31 15:56 . 2009-05-31 15:56 -------- d-----w- h:\documents and settings\Administrateur\Local Settings\Application Data\ATI
2009-05-31 15:56 . 2009-05-31 15:56 -------- d-----w- h:\documents and settings\Administrateur\Application Data\ATI
2009-05-31 15:56 . 2009-05-31 15:56 -------- d-----w- h:\documents and settings\TAF\Application Data\Canon
2009-05-31 15:54 . 2009-05-31 15:54 -------- d-----w- h:\program files\Realtek
2009-05-31 15:53 . 2009-05-31 15:53 -------- d-----w- h:\windows\system32\RTCOM
2009-05-30 18:26 . 2009-05-31 15:58 -------- d-----w- h:\documents and settings\All Users\Application Data\ATI
2009-05-30 17:40 . 2009-05-30 19:16 25992 ----a-w- h:\windows\system32\pgdfgsvc.exe
2009-05-30 17:29 . 2009-05-30 17:29 603904 ----a-w- h:\windows\system32\TUProgSt.exe
2009-05-30 17:29 . 2008-12-11 17:31 27904 ----a-w- h:\windows\system32\uxtuneup.dll
2009-05-30 17:29 . 2009-06-05 16:48 360192 ----a-w- h:\windows\system32\TuneUpDefragService.exe
2009-05-30 15:27 . 2009-05-30 15:27 37672 ----a-w- h:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 22:45 . 2009-06-04 23:14 10 ----a-w- h:\windows\popcinfo.dat
2009-05-27 22:28 . 2009-05-31 15:33 -------- d-----w- h:\program files\Zuma Deluxe
2009-05-27 20:05 . 2009-05-27 20:05 -------- d-----w- h:\windows\system32\wbem\Repository
2009-05-27 19:49 . 2009-05-31 15:53 -------- d-----w- h:\windows\LastGood(2)
2009-05-27 17:16 . 2009-05-31 15:45 -------- d-----w- h:\program files\Realtek AC97
2009-05-27 15:47 . 2003-07-12 09:39 848 ------w- h:\windows\system32\drivers\alcxinit.dat
2009-05-27 15:39 . 2009-05-31 15:54 -------- d-----w- h:\documents and settings\All Users\Application Data\ATI(2)
2009-05-27 11:48 . 2009-05-31 15:55 -------- d--h--w- h:\documents and settings\TAF\Recent(2)
2009-05-23 23:37 . 2009-05-23 23:37 -------- d-----w- h:\documents and settings\TAF\Local Settings\Application Data\Windows Live Writer
2009-05-23 23:37 . 2009-05-23 23:37 -------- d-----w- h:\documents and settings\TAF\Application Data\Windows Live Writer
2009-05-22 22:01 . 2009-05-22 22:01 -------- d-----w- h:\program files\Feneris

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 21:09 . 2008-06-29 23:20 -------- d-----w- h:\documents and settings\TAF\Application Data\uTorrent
2009-06-18 21:03 . 2008-09-17 20:08 -------- d-----w- h:\program files\SuperCopier2
2009-06-17 15:28 . 2009-03-21 14:46 1 ----a-w- h:\documents and settings\TAF\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-17 01:28 . 2008-10-23 20:27 -------- d-----w- h:\program files\FlashGet
2009-06-15 21:17 . 2008-06-06 10:02 37144 ----a-w- h:\documents and settings\TAF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 18:42 . 2008-07-12 05:54 -------- d-----w- h:\program files\a-squared Free
2009-06-05 17:25 . 2008-06-29 22:55 -------- d-----w- h:\documents and settings\TAF\Application Data\DNA
2009-06-05 17:25 . 2008-06-29 20:40 -------- d-----w- h:\documents and settings\All Users\Application Data\WLInstaller
2009-06-05 17:19 . 2008-06-29 22:47 -------- d-----w- h:\documents and settings\TAF\Application Data\Azureus
2009-05-31 23:41 . 2009-03-09 12:09 -------- d-----w- h:\program files\Dofus
2009-05-31 17:25 . 2008-06-06 10:13 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-05-31 17:25 . 2008-06-06 10:13 -------- d-----w- h:\program files\ATI Technologies
2009-05-31 17:08 . 2008-06-06 16:27 -------- d-----w- h:\documents and settings\TAF\Application Data\ATI
2009-05-31 15:55 . 2008-08-04 12:35 -------- d-----w- h:\program files\ma-config.com
2009-05-31 15:51 . 2008-12-06 11:22 -------- d-----w- h:\documents and settings\TAF\Application Data\dvdcss
2009-05-31 15:32 . 2009-01-31 18:43 -------- d-----w- h:\program files\TuneUp Utilities 2009
2009-05-31 15:31 . 2008-06-29 22:55 -------- d-----w- h:\program files\DNA
2009-05-31 15:31 . 2009-01-31 18:43 -------- d-sh--w- h:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-31 15:27 . 2008-06-22 15:54 -------- d-----w- h:\program files\CCleaner
2009-05-30 17:16 . 2004-08-05 12:00 90204 ----a-w- h:\windows\system32\perfc00C.dat
2009-05-30 17:16 . 2004-08-05 12:00 512468 ----a-w- h:\windows\system32\perfh00C.dat
2009-05-27 12:26 . 2008-08-04 12:35 -------- d-----w- h:\documents and settings\All Users\Application Data\ma-config.com
2009-05-24 03:20 . 2009-01-26 13:46 -------- d-----w- h:\documents and settings\TAF\Application Data\vlc
2009-05-14 19:29 . 2009-05-14 19:29 133376 ----a-w- h:\windows\system32\npkcnt4.sys
2009-05-14 19:29 . 2009-05-14 19:29 58888 ----a-w- h:\windows\system32\npkpdb.dll
2009-05-14 19:20 . 2009-05-15 23:22 2645832 ----a-w- h:\documents and settings\TAF\Application Data\Mozilla\Firefox\Profiles\icztmhu6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-14 18:56 . 2009-05-15 23:22 402800 ----a-w- h:\documents and settings\TAF\Application Data\Mozilla\Firefox\Profiles\icztmhu6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
2009-05-13 10:04 . 2009-03-21 14:22 -------- d-----w- h:\program files\Fichiers communs\Adobe
2009-05-07 21:32 . 2009-05-07 21:32 322080 ----a-w- h:\windows\system32\npkcrypt.dll
2009-05-07 15:43 . 2004-08-05 12:00 347136 ----a-w- h:\windows\system32\localspl.dll
2009-05-04 14:37 . 2009-05-04 14:37 600608 ----a-w- h:\windows\system32\npkSvcUpdate.exe
2009-05-04 01:15 . 2008-08-18 19:45 -------- d-----w- h:\program files\Messenger Plus! Live
2009-05-02 20:04 . 2008-06-29 20:40 -------- d-----w- h:\program files\Windows Live
2009-04-29 04:45 . 2004-08-05 12:00 827392 ----a-w- h:\windows\system32\wininet.dll
2009-04-29 04:45 . 2004-08-05 12:00 78336 ----a-w- h:\windows\system32\ieencode.dll
2009-04-29 02:17 . 2007-06-06 14:52 335872 ----a-w- h:\windows\system32\ati2dvag(3).dll
2009-04-29 02:07 . 2007-06-06 14:45 204800 ----a-w- h:\windows\system32\atipdlxx(3).dll
2009-04-29 02:06 . 2007-06-06 14:45 43520 ----a-w- h:\windows\system32\ati2edxx(3).dll
2009-04-29 02:06 . 2007-06-06 14:45 155648 ----a-w- h:\windows\system32\ati2evxx(3).dll
2009-04-29 02:04 . 2007-06-06 14:43 602112 ----a-w- h:\windows\system32\ati2evxx(3).exe
2009-04-29 01:56 . 2007-06-06 14:35 2997536 ----a-w- h:\windows\system32\ati3duag(3).dll
2009-04-29 01:42 . 2007-06-06 14:25 2687872 ----a-w- h:\windows\system32\ativvaxx(3).dll
2009-04-29 01:22 . 2007-06-06 14:11 479232 ----a-w- h:\windows\system32\atikvmag(3).dll
2009-04-29 01:17 . 2007-06-06 14:30 303104 ----a-w- h:\windows\system32\atiok3x2(3).dll
2009-04-29 01:13 . 2007-06-06 14:04 630784 ----a-w- h:\windows\system32\ati2cqag(3).dll
2009-04-28 01:04 . 2008-06-29 20:40 -------- dcsh--w- h:\program files\Fichiers communs\WindowsLiveInstaller
2009-04-24 16:00 . 2009-04-24 16:00 -------- d-----w- h:\program files\Windows Live SkyDrive
2009-04-24 15:41 . 2009-04-24 15:41 -------- d-----w- h:\program files\Fichiers communs\Windows Live
2009-04-23 17:33 . 2009-04-23 17:03 -------- d-----w- h:\program files\The Last Remnant
2009-04-23 17:33 . 2009-04-10 22:37 -------- d-----w- h:\program files\adslTV
2009-04-23 17:26 . 2009-01-14 23:33 -------- d-----w- h:\program files\DivX
2009-04-23 08:31 . 2009-04-23 08:31 -------- d-----w- h:\program files\Sunbelt Software
2009-04-21 22:32 . 2009-04-21 22:32 412192 ----a-w- h:\windows\system32\npkupd.exe
2009-04-19 20:09 . 2004-08-05 12:00 1846784 ----a-w- h:\windows\system32\win32k.sys
2009-04-15 17:53 . 2009-04-15 17:53 43424 ----a-w- h:\windows\system32\npkcusb.sys
2009-04-15 17:52 . 2009-04-15 17:52 53664 ----a-w- h:\windows\system32\npkcrypt.sys
2009-04-15 15:17 . 2004-08-05 12:00 584192 ----a-w- h:\windows\system32\rpcrt4.dll
2009-04-12 20:39 . 2009-04-12 20:39 2961 ----a-w- h:\windows\system32\unins000.dat
2009-04-12 20:39 . 2009-04-12 20:39 716153 ----a-w- h:\windows\system32\unins000.exe
2009-04-06 19:52 . 2009-04-06 19:52 76320 ----a-w- h:\windows\system32\npkuninst.exe
2009-04-06 01:49 . 2009-04-06 01:49 152576 ----a-w- h:\documents and settings\TAF\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-02 00:31 . 2009-04-02 00:31 236064 ----a-w- h:\windows\system32\npkagt.exe
2009-03-21 14:42 . 2009-03-21 14:42 7424000 ----a-r- h:\documents and settings\TAF\Application Data\Microsoft\Installer\{6860B340-530D-46B3-91F8-1AE1F70F7C33}\soffice.exe
2008-03-09 11:25 . 2009-04-12 20:39 236 ----a-w- h:\program files\Fichiers communs\dx.reg
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="h:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"uTorrent"="h:\program files\uTorrent\uTorrent.exe" [2009-02-11 270128]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - h:\windows\RTHDCPL.exe [2007-04-12 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=h:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="h:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"uTorrent"="h:\program files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Hercules\\Classic Silver\\Station2.exe"=
"h:\\Program Files\\FlashGet\\flashget.exe"=
"h:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"h:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14900:TCP"= 14900:TCP:*:Disabled:NortonAV
"17447:TCP"= 17447:TCP:*:Disabled:NortonAV
"15719:TCP"= 15719:TCP:*:Disabled:NortonAV
"13918:TCP"= 13918:TCP:*:Disabled:NortonAV
"13730:TCP"= 13730:TCP:*:Disabled:NortonAV
"13913:TCP"= 13913:TCP:*:Disabled:NortonAV
"15175:TCP"= 15175:TCP:*:Disabled:NortonAV
"14894:TCP"= 14894:TCP:*:Disabled:NortonAV
"13691:TCP"= 13691:TCP:*:Disabled:NortonAV
"15834:TCP"= 15834:TCP:*:Disabled:NortonAV
"12571:TCP"= 12571:TCP:*:Disabled:NortonAV
"14820:TCP"= 14820:TCP:*:Disabled:NortonAV
"17225:TCP"= 17225:TCP:*:Disabled:NortonAV
"12905:TCP"= 12905:TCP:*:Disabled:NortonAV
"12070:TCP"= 12070:TCP:*:Disabled:NortonAV
"18124:TCP"= 18124:TCP:*:Disabled:NortonAV
"15231:TCP"= 15231:TCP:*:Disabled:NortonAV
"14583:TCP"= 14583:TCP:*:Disabled:NortonAV
"16131:TCP"= 16131:TCP:*:Disabled:NortonAV

R0 xfilt;VIA SATA IDE Hot-plug Driver;h:\windows\system32\drivers\xfilt.sys [06/06/2008 12:38 17920]
R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [29/06/2008 08:37 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [29/06/2008 08:37 20560]
S3 camfilt2;camfilt2;h:\windows\system32\drivers\camfilt2.sys [12/01/2009 08:30 94720]
S3 maconfservice;Ma-Config Service;h:\program files\ma-config.com\maconfservice.exe [13/05/2009 14:37 216232]
S3 Ndisprot;ArcNet NDIS Protocol Driver;h:\windows\system32\drivers\ndisprot.sys [03/12/2008 05:21 27904]
S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\GameMon.des -service --> h:\windows\system32\GameMon.des -service [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
*Deregistered* - NPPTNT2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2009-06-18 h:\windows\Tasks\1-Click Maintenance.job
- h:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 01:36]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Tout télécharger avec FlashGet - h:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - h:\program files\FlashGet\jc_link.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 17:09
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\h:\docume~1\TAF\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="h:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(792)
h:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-06-18 17:11
ComboFix-quarantined-files.txt 2009-06-18 21:11
ComboFix2.txt 2009-06-18 19:35

Avant-CF: 111 842 795 520 octets libres
Après-CF: 111 820 820 480 octets libres

Current=2 Default=2 Failed=7 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
367 --- E O F --- 2009-06-17 01:55

Réponse 40 / 71

Taffy
18 juin 2009 à 23:35

et voila le nouveau rapport de "RSIT"

Logfile of random's system information tool 1.06 (written by random/random)
Run by TAF at 2009-06-18 17:17:58
Microsoft Windows XP Édition familiale Service Pack 2
System drive H: has 107 GB (45%) free of 238 GB
Total RAM: 2046 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:06, on 18/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Documents and Settings\TAF\Bureau\RSIT.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Trend Micro\HijackThis\TAF.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] H:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - H:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\WINDOWS\System32\TuneUpDefragService.exe

H:\WINDOWS\SYSTEM32\nmdfgds0.dll

71 réponses

Discussions similaires