Connexion Windows update impossible
Nartesk
Messages postés
12
Statut
Membre
-
Nartesk Messages postés 12 Statut Membre -
Nartesk Messages postés 12 Statut Membre -
Bonjour,
Sur un autre forum j'ai poster un message indiquant que je ne pouvais me connecter a windows update et que mon anti virus ne pouvais pas se mettre a jour.
Un membre de ce forum m'a conseiller de telecharger malawarbytes et hijackthis et de poster les resultats sur un forum susceptible de me dire quoi faire une fois les rapport obtenu.
J'ai deja lancer une fois malawarebytes et effacer les fichier trouver eet windows update s'est remis en route ainsi que la mise a jour d'ad aware
Par contre malawarebytes et mon antivurus (avast!) ne se mettent pas a jour
Voici donc le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:58, on 25/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 547372 helper - {31F57AFD-3989-4A5B-A33E-6B6253DF8DD4} - C:\WINDOWS\system32\547372\547372.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: 571599 helper - {70C74A46-F2DA-4723-95E2-B597E0198669} - C:\WINDOWS\system32\571599\571599.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
Sur un autre forum j'ai poster un message indiquant que je ne pouvais me connecter a windows update et que mon anti virus ne pouvais pas se mettre a jour.
Un membre de ce forum m'a conseiller de telecharger malawarbytes et hijackthis et de poster les resultats sur un forum susceptible de me dire quoi faire une fois les rapport obtenu.
J'ai deja lancer une fois malawarebytes et effacer les fichier trouver eet windows update s'est remis en route ainsi que la mise a jour d'ad aware
Par contre malawarebytes et mon antivurus (avast!) ne se mettent pas a jour
Voici donc le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:58, on 25/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 547372 helper - {31F57AFD-3989-4A5B-A33E-6B6253DF8DD4} - C:\WINDOWS\system32\547372\547372.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: 571599 helper - {70C74A46-F2DA-4723-95E2-B597E0198669} - C:\WINDOWS\system32\571599\571599.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:
- Connexion Windows update impossible
- Gmail connexion - Guide
- Windows update bloqué - Guide
- Clé windows 8 - Guide
- Windows update windows 10 - Guide
- Montage video gratuit windows - Guide
2 réponses
bonjours,
Téléchargez combofix.exe (de sUBs) sur le bureau :
Important - Désactivez votre Antivirus et antispyware avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
==> Fermez toutes les fenêtres actives,
il peut y avoir un redémarrage du PC.
Ne lancez« aucun programme tant que Combofix n’est pas fini. <==
* Double-cliquez sur combofix.exe, cliquez sur OUI et validez par Entrée
* Il vous sera demandé d’installer la console si elle n’est pas installer, cliquez sur OUI
* Patientez ..
* Le rapport apparaitra, affichez ce rapport dans votre prochaine réponse - C:\ Combofix.txt.
******** Affichez un nouveau rapport avec Hijakcthis **********
Téléchargez combofix.exe (de sUBs) sur le bureau :
Important - Désactivez votre Antivirus et antispyware avant le scan avec Combofix :
https://forum.pcastuces.com/default.asp
==> Fermez toutes les fenêtres actives,
il peut y avoir un redémarrage du PC.
Ne lancez« aucun programme tant que Combofix n’est pas fini. <==
* Double-cliquez sur combofix.exe, cliquez sur OUI et validez par Entrée
* Il vous sera demandé d’installer la console si elle n’est pas installer, cliquez sur OUI
* Patientez ..
* Le rapport apparaitra, affichez ce rapport dans votre prochaine réponse - C:\ Combofix.txt.
******** Affichez un nouveau rapport avec Hijakcthis **********
Désoler pour le temps de reponse, voici les rapports combofix et hijackthis
ComboFix 09-10-06.04 - Nat 07/10/2009 12:58.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1527 [GMT 2:00]
Lancé depuis: c:\documents and settings\Nat\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Nat\Mes documents\cc_20090520_174728.reg
c:\recycler\S-1-5-21-6585789467-0453728296-949804337-0005
c:\windows\system32\xwr41105.dll
c:\windows\system32\xwr59656.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-07 au 2009-10-07 ))))))))))))))))))))))))))))))))))))
.
2009-10-01 18:17 . 2009-10-01 18:17 -------- d-----w- c:\documents and settings\Nat\Local Settings\Application Data\Fallout3
2009-10-01 18:05 . 2009-10-01 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-09-30 18:18 . 2009-09-30 18:18 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-09-25 16:27 . 2009-09-25 16:27 -------- d-----w- c:\program files\Trend Micro
2009-09-25 11:01 . 2009-09-25 11:01 -------- d-----w- c:\documents and settings\Nat\Application Data\Malwarebytes
2009-09-25 11:00 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 11:00 . 2009-09-25 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 11:00 . 2009-09-25 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 11:00 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-21 09:49 . 2009-09-25 11:44 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-21 09:35 . 2009-09-25 11:44 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 09:34 . 2009-09-21 09:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-21 09:34 . 2009-09-21 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-21 09:34 . 2009-09-21 09:34 -------- d-----w- c:\program files\Lavasoft
2009-09-20 18:19 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-20 18:18 . 2009-09-20 18:18 -------- d-----w- c:\program files\Panda Security
2009-09-20 16:59 . 2009-09-20 16:59 -------- d-----w- C:\i386
2009-09-20 15:57 . 2009-09-20 15:57 -------- d-----w- C:\BJPrinter
2009-09-20 15:53 . 2009-09-20 15:53 -------- d-----w- c:\documents and settings\Nat\Application Data\DivX
2009-09-20 15:41 . 2009-09-20 15:41 -------- d-----w- c:\documents and settings\All Users\Modèles
2009-09-20 14:37 . 2009-09-20 14:37 -------- d-----w- c:\windows\system32\xlive
2009-09-17 18:25 . 2009-09-17 18:25 -------- d-----w- c:\documents and settings\Nat\Application Data\Red Alert 3
2009-09-08 16:53 . 2009-09-08 16:53 -------- d-----w- c:\program files\Fichiers communs\BioWare
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 10:53 . 2008-07-28 15:43 -------- d-----w- c:\documents and settings\Nat\Application Data\uTorrent
2009-10-07 10:18 . 2008-02-11 09:32 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 2
2009-10-06 13:51 . 2009-05-23 15:45 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-01 18:05 . 2007-06-19 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 18:19 . 2007-06-22 12:03 -------- d-----w- c:\program files\DivX
2009-09-25 12:02 . 2004-08-05 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-25 12:02 . 2004-08-05 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-20 15:32 . 2007-12-09 11:48 -------- d-----w- c:\documents and settings\Nat\Application Data\Apple Computer
2009-09-20 15:04 . 2007-07-03 21:24 18624 ----a-w- c:\documents and settings\Nat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 14:37 . 2009-08-13 20:24 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-09-20 14:37 . 2009-08-13 20:24 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-17 18:23 . 2007-08-07 12:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-04 15:32 . 2007-08-07 10:40 -------- d-----w- c:\documents and settings\Nat\Application Data\foobar2000
2009-09-03 11:27 . 2009-03-29 17:36 103978 ----a-w- c:\windows\War3Unin.dat
2009-08-27 21:05 . 2007-06-27 15:53 -------- d-----w- c:\documents and settings\Nat\Application Data\dvdcss
2009-08-22 10:19 . 2009-08-22 10:19 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-22 10:19 . 2009-08-22 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-18 15:23 . 2009-08-18 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-18 15:19 . 2009-08-18 15:19 -------- d-----w- c:\program files\Microsoft WSE
2009-08-13 20:22 . 2009-08-13 20:22 -------- d-----w- c:\program files\MSBuild
2009-08-13 20:19 . 2009-08-13 20:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:35 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:54 . 2009-08-22 10:19 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-22 10:18 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-22 10:18 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2008-05-28 09:07 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2007-12-04 23:41 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-12-04 23:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2007-12-04 23:41 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-12-04 23:41 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-12-04 23:41 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2007-04-19 11:26 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2007-04-19 11:26 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
2009-07-14 11:34 . 2009-07-14 11:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll
2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 05:01 . 2008-05-28 09:07 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2007-06-27 14:18 . 2007-06-27 14:18 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-25 520024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2007-6-19 622592]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ?????\0OODBS\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"d:\\Team17\\Worms2\\frontend.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Nat\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 2\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Mass Effect\\MassEffectLauncher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3778:TCP"= 3778:TCP:Hamachi1
"8080:TCP"= 8080:TCP:Hamachi2
"53:TCP"= 53:TCP:websrvx
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/09/2009 11:35 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20/09/2009 20:19 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/07/2009 12:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/07/2009 12:24 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1028432]
.
Contenu du dossier 'Tâches planifiées'
2009-09-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:43]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nat\Application Data\Mozilla\Firefox\Profiles\mdw77iqm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6303086E-EE55-3D48-9B2F-2B093DDD92C9} - c:\windows\system32\xwr59656.dll
BHO-{70C74A46-F2DA-4723-95E2-B597E0198669} - c:\windows\system32\571599\571599.dll
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C} - c:\program files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 13:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-823518204-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,e1,a9,0d,0e,24,84,01,2f,da,61,1f,34,f0,19,87,1d,d4,32,4b,c2,03,c6,
44,cd,9e,fb,a9,92,d3,8e,a1,3f,41,d0,70,fb,b3,51,d6,e0,79,a2,4a,f8,63,ea,4f,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
[HKEY_USERS\S-1-5-21-823518204-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a4,9f,2f,aa,05,e5,8a,f3,b7,09,7a,b6,3a,91,af,b9,19,e9,20,c4,85,
4b,cc,c0,9f,a3,42,72,68,65,da,28,fe,15,06,db,6b,0c,70,43,70,e2,40,e9,d4,6e,\
"rkeysecu"=hex:5f,be,3c,1d,dd,25,a8,39,a7,aa,ab,bd,b2,03,72,35
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4B156DF657EDAD8B5E225E2ABC6B9A487E17F79392B4D8C357D372F4AB01C2F193C82ACA8391E5B35EF908EBCC9B3FB0ED5687890408886CA4DA4C7492FD8E41BC06BFB40E3D1B980C9F47F27550F4024CC802338C04E60DFCE6A2D7C436D780524DCA81ACEEF9D6B25080B17BD4818D440BB3C5A75F714B0D11CABC0B6C774AA1D5C7551A95511DE07EFC70ABE24B3A476D4E4DCF43CA6347A57F1332D767CF3D091C23949695B0EA526A4856AFE0008870E6AB064E3822DE26DF9F0C254752FA038F36E0C7DE6A6725D5A8CE5C736D80CD7714CF9125E94E466DFC6FF059A974164C2C42F6E8B531053754EB84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667C038D530D6EB34527743CDA2CBF3F0BAFE6A6A15FAA34BA157E934388C971F1F764EB93DC7759366C0E68EDA32AFC1E7B348CACD09A8B93E229C15B4BC321A6AFAC2C2AD0A4E345EA6408A4E97CDC6DBEF81BB682D33409F8269119AEFF1975E6C320F3C3BF03313C39E7409FE65DD98497A30AB347D4D14A5E9FC105C55B93AB20B738A1B3F035258E441C650E06B1776AA61124E1755635CCAF06C1DAF24AED54E876DCCF399D74689AAFA567C54C2D22049CA10E14F459B4F49B8AD2AFE6204142A6C541A6F59151AB1C8C0CC84FCDF79A6B7719438E77C4A2637EE3FF67090067CC49E9403FB6F33158C23346999416BFCEF4FBA0FE9BBA66BDA28BFBDE4EF62E167F816D45CA40ADD51F46DF6DEBDBD94BCE93356633A61C0C902CE08C2BC7B84F7162AEB87A6E4D45A1208248AC14EF61E65AF97DAFC8B14E088648E7FB4B6D1CE8AAA52828C20079B3864E9CBDD0C73C6CBB85DCEACCA132F2FCC8B8639907BF853C8144491A848BF0C3848C7C47C1E1C862737AF975734F8CA26C234D094F437CD8BC23595042F24958DC0144F364D39E82B39622C7FAEB41466F65C25E679FD3C4976B7194A93D93E425BBFF8659CEB25C6FAC002247D0E29D372C205BC04F545B0459DC52316A6D70721C9E2CCEBB7555198174F3BE2E40B0B7FA4E061577BF341502CE351170594E32225CE3EDC5175F4B026F24DE1CC207BEFACCEB2789EB4CFB621E427BD218AB0F0BAA62457A6E330E6246D77C28DAFE81A7E0AA2AFA35B0520AA5A8A73DC371DA3E5F37886D26858653962EA90A2E86B5330EEB70A841E5FB46AF9F7E64D79A7D378694DD9AA2910D3029CEE9EB95DEDFBCA018CD9EC982DA1F8217E0B3D94A92234584504B33355651088597DB880B0F1CDE34F34BCC6949A604D429429AFCB31523B9A7CA8F6764BE8369A08372EC71AA9E3C1F00A0D8E5421A1797E44560A26FD2C977D78C8943E05DAB2D87EA11B5EC6ED3AAE1C30E787ACE4EE"
.
Heure de fin: 2009-10-07 13:02
ComboFix-quarantined-files.txt 2009-10-07 11:02
Avant-CF: 13 566 701 568 octets libres
Après-CF: 13 956 997 120 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
224 --- E O F --- 2009-10-01 08:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:51, on 07/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
ComboFix 09-10-06.04 - Nat 07/10/2009 12:58.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1527 [GMT 2:00]
Lancé depuis: c:\documents and settings\Nat\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Nat\Mes documents\cc_20090520_174728.reg
c:\recycler\S-1-5-21-6585789467-0453728296-949804337-0005
c:\windows\system32\xwr41105.dll
c:\windows\system32\xwr59656.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-07 au 2009-10-07 ))))))))))))))))))))))))))))))))))))
.
2009-10-01 18:17 . 2009-10-01 18:17 -------- d-----w- c:\documents and settings\Nat\Local Settings\Application Data\Fallout3
2009-10-01 18:05 . 2009-10-01 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-09-30 18:18 . 2009-09-30 18:18 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-09-25 16:27 . 2009-09-25 16:27 -------- d-----w- c:\program files\Trend Micro
2009-09-25 11:01 . 2009-09-25 11:01 -------- d-----w- c:\documents and settings\Nat\Application Data\Malwarebytes
2009-09-25 11:00 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 11:00 . 2009-09-25 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 11:00 . 2009-09-25 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-25 11:00 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-21 09:49 . 2009-09-25 11:44 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-21 09:35 . 2009-09-25 11:44 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-21 09:34 . 2009-09-21 09:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-21 09:34 . 2009-09-21 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-21 09:34 . 2009-09-21 09:34 -------- d-----w- c:\program files\Lavasoft
2009-09-20 18:19 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-20 18:18 . 2009-09-20 18:18 -------- d-----w- c:\program files\Panda Security
2009-09-20 16:59 . 2009-09-20 16:59 -------- d-----w- C:\i386
2009-09-20 15:57 . 2009-09-20 15:57 -------- d-----w- C:\BJPrinter
2009-09-20 15:53 . 2009-09-20 15:53 -------- d-----w- c:\documents and settings\Nat\Application Data\DivX
2009-09-20 15:41 . 2009-09-20 15:41 -------- d-----w- c:\documents and settings\All Users\Modèles
2009-09-20 14:37 . 2009-09-20 14:37 -------- d-----w- c:\windows\system32\xlive
2009-09-17 18:25 . 2009-09-17 18:25 -------- d-----w- c:\documents and settings\Nat\Application Data\Red Alert 3
2009-09-08 16:53 . 2009-09-08 16:53 -------- d-----w- c:\program files\Fichiers communs\BioWare
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 10:53 . 2008-07-28 15:43 -------- d-----w- c:\documents and settings\Nat\Application Data\uTorrent
2009-10-07 10:18 . 2008-02-11 09:32 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 2
2009-10-06 13:51 . 2009-05-23 15:45 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-01 18:05 . 2007-06-19 12:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 18:19 . 2007-06-22 12:03 -------- d-----w- c:\program files\DivX
2009-09-25 12:02 . 2004-08-05 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-25 12:02 . 2004-08-05 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-20 15:32 . 2007-12-09 11:48 -------- d-----w- c:\documents and settings\Nat\Application Data\Apple Computer
2009-09-20 15:04 . 2007-07-03 21:24 18624 ----a-w- c:\documents and settings\Nat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-20 14:37 . 2009-08-13 20:24 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-09-20 14:37 . 2009-08-13 20:24 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-17 18:23 . 2007-08-07 12:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-04 15:32 . 2007-08-07 10:40 -------- d-----w- c:\documents and settings\Nat\Application Data\foobar2000
2009-09-03 11:27 . 2009-03-29 17:36 103978 ----a-w- c:\windows\War3Unin.dat
2009-08-27 21:05 . 2007-06-27 15:53 -------- d-----w- c:\documents and settings\Nat\Application Data\dvdcss
2009-08-22 10:19 . 2009-08-22 10:19 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-22 10:19 . 2009-08-22 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-18 15:23 . 2009-08-18 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-18 15:19 . 2009-08-18 15:19 -------- d-----w- c:\program files\Microsoft WSE
2009-08-13 20:22 . 2009-08-13 20:22 -------- d-----w- c:\program files\MSBuild
2009-08-13 20:19 . 2009-08-13 20:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:35 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 18:54 . 2009-08-22 10:19 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-08-22 10:18 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-08-22 10:18 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-14 18:54 . 2008-05-28 09:07 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2007-12-04 23:41 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2007-12-04 23:41 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2007-12-04 23:41 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2007-12-04 23:41 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2007-12-04 23:41 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2007-04-19 11:26 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2007-04-19 11:26 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-14 11:34 . 2009-07-14 11:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 11:34 . 2009-07-14 11:34 8085504 ----a-w- c:\windows\system32\nvdispsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 11:34 . 2009-07-14 11:34 4640768 ----a-w- c:\windows\system32\nvgamesr.dll
2009-07-14 11:34 . 2009-07-14 11:34 458752 ----a-w- c:\windows\system32\nvmccssr.dll
2009-07-14 11:34 . 2009-07-14 11:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 11:34 . 2009-07-14 11:34 2854912 ----a-w- c:\windows\system32\nvmoblsr.dll
2009-07-14 11:34 . 2009-07-14 11:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 11:34 . 2009-07-14 11:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 11:34 . 2009-07-14 11:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 11:34 . 2009-07-14 11:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 11:34 . 2009-07-14 11:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 11:34 . 2009-07-14 11:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 05:01 . 2008-05-28 09:07 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2007-06-27 14:18 . 2007-06-27 14:18 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-25 520024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2007-6-19 622592]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ?????\0OODBS\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"d:\\Team17\\Worms2\\frontend.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Nat\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 2\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Mass Effect\\MassEffectLauncher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3778:TCP"= 3778:TCP:Hamachi1
"8080:TCP"= 8080:TCP:Hamachi2
"53:TCP"= 53:TCP:websrvx
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/09/2009 11:35 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [20/09/2009 20:19 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/07/2009 12:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/07/2009 12:24 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1028432]
.
Contenu du dossier 'Tâches planifiées'
2009-09-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:43]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nat\Application Data\Mozilla\Firefox\Profiles\mdw77iqm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6303086E-EE55-3D48-9B2F-2B093DDD92C9} - c:\windows\system32\xwr59656.dll
BHO-{70C74A46-F2DA-4723-95E2-B597E0198669} - c:\windows\system32\571599\571599.dll
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C} - c:\program files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 13:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-823518204-1563985344-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,e1,a9,0d,0e,24,84,01,2f,da,61,1f,34,f0,19,87,1d,d4,32,4b,c2,03,c6,
44,cd,9e,fb,a9,92,d3,8e,a1,3f,41,d0,70,fb,b3,51,d6,e0,79,a2,4a,f8,63,ea,4f,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
[HKEY_USERS\S-1-5-21-823518204-1563985344-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a4,9f,2f,aa,05,e5,8a,f3,b7,09,7a,b6,3a,91,af,b9,19,e9,20,c4,85,
4b,cc,c0,9f,a3,42,72,68,65,da,28,fe,15,06,db,6b,0c,70,43,70,e2,40,e9,d4,6e,\
"rkeysecu"=hex:5f,be,3c,1d,dd,25,a8,39,a7,aa,ab,bd,b2,03,72,35
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4B156DF657EDAD8B5E225E2ABC6B9A487E17F79392B4D8C357D372F4AB01C2F193C82ACA8391E5B35EF908EBCC9B3FB0ED5687890408886CA4DA4C7492FD8E41BC06BFB40E3D1B980C9F47F27550F4024CC802338C04E60DFCE6A2D7C436D780524DCA81ACEEF9D6B25080B17BD4818D440BB3C5A75F714B0D11CABC0B6C774AA1D5C7551A95511DE07EFC70ABE24B3A476D4E4DCF43CA6347A57F1332D767CF3D091C23949695B0EA526A4856AFE0008870E6AB064E3822DE26DF9F0C254752FA038F36E0C7DE6A6725D5A8CE5C736D80CD7714CF9125E94E466DFC6FF059A974164C2C42F6E8B531053754EB84FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5558EDD5E5BE2F6E667C038D530D6EB34527743CDA2CBF3F0BAFE6A6A15FAA34BA157E934388C971F1F764EB93DC7759366C0E68EDA32AFC1E7B348CACD09A8B93E229C15B4BC321A6AFAC2C2AD0A4E345EA6408A4E97CDC6DBEF81BB682D33409F8269119AEFF1975E6C320F3C3BF03313C39E7409FE65DD98497A30AB347D4D14A5E9FC105C55B93AB20B738A1B3F035258E441C650E06B1776AA61124E1755635CCAF06C1DAF24AED54E876DCCF399D74689AAFA567C54C2D22049CA10E14F459B4F49B8AD2AFE6204142A6C541A6F59151AB1C8C0CC84FCDF79A6B7719438E77C4A2637EE3FF67090067CC49E9403FB6F33158C23346999416BFCEF4FBA0FE9BBA66BDA28BFBDE4EF62E167F816D45CA40ADD51F46DF6DEBDBD94BCE93356633A61C0C902CE08C2BC7B84F7162AEB87A6E4D45A1208248AC14EF61E65AF97DAFC8B14E088648E7FB4B6D1CE8AAA52828C20079B3864E9CBDD0C73C6CBB85DCEACCA132F2FCC8B8639907BF853C8144491A848BF0C3848C7C47C1E1C862737AF975734F8CA26C234D094F437CD8BC23595042F24958DC0144F364D39E82B39622C7FAEB41466F65C25E679FD3C4976B7194A93D93E425BBFF8659CEB25C6FAC002247D0E29D372C205BC04F545B0459DC52316A6D70721C9E2CCEBB7555198174F3BE2E40B0B7FA4E061577BF341502CE351170594E32225CE3EDC5175F4B026F24DE1CC207BEFACCEB2789EB4CFB621E427BD218AB0F0BAA62457A6E330E6246D77C28DAFE81A7E0AA2AFA35B0520AA5A8A73DC371DA3E5F37886D26858653962EA90A2E86B5330EEB70A841E5FB46AF9F7E64D79A7D378694DD9AA2910D3029CEE9EB95DEDFBCA018CD9EC982DA1F8217E0B3D94A92234584504B33355651088597DB880B0F1CDE34F34BCC6949A604D429429AFCB31523B9A7CA8F6764BE8369A08372EC71AA9E3C1F00A0D8E5421A1797E44560A26FD2C977D78C8943E05DAB2D87EA11B5EC6ED3AAE1C30E787ACE4EE"
.
Heure de fin: 2009-10-07 13:02
ComboFix-quarantined-files.txt 2009-10-07 11:02
Avant-CF: 13 566 701 568 octets libres
Après-CF: 13 956 997 120 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
224 --- E O F --- 2009-10-01 08:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:51, on 07/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
