Virus,trojan TR/Virtumod.PB et autres
peinz
Messages postés
19
Statut
Membre
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,voila tout est dans le titre je suis infecté par plusieur virus et trojan qui font ramer mon pc et que je ne arrive pas a supprimer j'avais avast comme antivirus j'ai essayer antivir mais impossible de les supprimer.
voila mon rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:32, on 07/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61B90950-509F-48D9-B677-1B07917BA73F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CA97DE0-31D6-485F-913A-F83EE50FF17B} - C:\Windows\system32\pmkhg.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C785F279-017E-49D0-9AB8-E9A325517988} - (no file)
O2 - BHO: (no name) - {F2015B92-B100-4A70-8937-E8D3B1AE6825} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
voila mon rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:32, on 07/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61B90950-509F-48D9-B677-1B07917BA73F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CA97DE0-31D6-485F-913A-F83EE50FF17B} - C:\Windows\system32\pmkhg.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C785F279-017E-49D0-9AB8-E9A325517988} - (no file)
O2 - BHO: (no name) - {F2015B92-B100-4A70-8937-E8D3B1AE6825} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
A voir également:
- Virus,trojan TR/Virtumod.PB et autres
- Virus mcafee - Accueil - Piratage
- Virus trojan al11 ✓ - Forum Virus
- Aide pour un virus ✓ - Forum Virus
- Virus facebook demande d'amis - Accueil - Facebook
- Softonic virus ✓ - Forum Virus
9 réponses
Bonjour,
Vous pouvez utiliser un mix de programmes pour éliminer ces virus...
Par exemple, instalez un autre anti-virus (AVG Free Edtion) et aussi un anti-spyware (Spybot S-D)
Je suis sure que cela va vous aider.
Vous pouvez utiliser un mix de programmes pour éliminer ces virus...
Par exemple, instalez un autre anti-virus (AVG Free Edtion) et aussi un anti-spyware (Spybot S-D)
Je suis sure que cela va vous aider.
rebonjour, oui je connais ces programmes et je les utilises mais ils ne detectent même pas les trojans! spybot ad-aware...
salut peinz,
fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
@+
fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
@+
Salut g!rly voila :
ComboFix 08-02.05.3 - peinz 2008-02-07 18:56:08.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.231 [GMT 1:00]
Endroit: C:\Users\peinz\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\Windows\System32\ghkmp.ini
C:\Windows\System32\ghkmp.ini2
C:\Windows\System32\hjjlm.ini
C:\Windows\System32\hjjlm.ini2
C:\Windows\system32\pmnlj.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:38 . 2008-02-07 18:20 <REP> d-------- C:\Users\peinz\AppData\Roaming\FileZilla
2008-02-07 13:36 . 2008-02-07 13:36 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-02-07 10:06 . 2008-02-07 10:07 <REP> d-------- C:\Program Files\hjt
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Users\All Users\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\ProgramData\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Program Files\Avira
2008-02-07 08:23 . 2008-02-07 08:23 <REP> d-------- C:\Program Files\Rockstar Games
2008-02-07 06:34 . 2008-02-07 06:34 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-02-06 17:19 . 2008-02-06 17:19 <REP> d-------- C:\Windows\USB Vibration
2008-02-06 17:18 . 2008-02-06 17:18 <REP> d-------- C:\Program Files\USB Vibration
2008-02-06 07:28 . 2008-02-06 07:28 <REP> d-------- C:\Users\peinz\AppData\Roaming\NHN Corporation
2008-02-06 07:24 . 2008-02-06 07:24 <REP> d-------- C:\Program Files\NHN USA
2008-02-06 07:24 . 2008-01-16 18:25 679,936 --a------ C:\Windows\System32\ijjiSetup.exe
2008-02-06 02:30 . 2008-02-06 02:31 <REP> d-------- C:\Program Files\MTA San Andreas
2008-02-04 14:49 . 2008-02-04 14:49 <REP> d-------- C:\Program Files\Common Files\INCA Shared
2008-02-04 14:49 . 2008-02-05 16:15 33 --a------ C:\Windows\GunzLauncher.INI
2008-02-04 14:48 . 2008-02-06 07:00 <REP> d--h----- C:\Users\peinz\AppData\Roaming\ijjigame
2008-02-04 14:48 . 2003-07-17 19:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-02-04 14:48 . 2005-01-01 10:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\Users\All Users\IJJIGame
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\ProgramData\IJJIGame
2008-02-04 14:44 . 2008-02-04 14:44 <REP> d-------- C:\ijji
2008-02-04 12:30 . 2008-02-04 12:39 <REP> d-------- C:\Program Files\Pro Evolution Soccer 2008
2008-02-04 10:08 . 2008-02-07 08:23 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 10:08 . 2008-02-04 10:08 <REP> d-------- C:\Program Files\Infogrames
2008-02-04 03:43 . 2008-02-07 12:20 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-02-04 03:43 . 2008-02-04 03:43 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-02-04 03:43 . 2008-02-07 12:20 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-02-04 03:32 . 2008-02-04 03:32 359,410 --ahs---- C:\Windows\System32\ghkmp.ini2.ren
2008-02-04 02:35 . 2008-02-04 02:35 <REP> d-------- C:\Program Files\Electronic Arts
2008-02-04 02:09 . 2008-02-04 02:09 <REP> dr-h----- C:\Users\peinz\AppData\Roaming\SecuROM
2008-02-04 02:09 . 2008-02-04 02:09 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-02-02 14:59 . 2008-02-04 03:34 359,426 --ahs---- C:\Windows\System32\ghkmp.ini.ren
2008-02-01 20:50 . 2008-02-01 20:51 <REP> d-------- C:\Program Files\TeamSpeak 3
2008-02-01 07:10 . 2008-02-01 07:10 <REP> d-------- C:\Users\peinz\AppData\Roaming\Media Player Classic
2008-02-01 07:07 . 2008-02-01 07:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-31 19:06 . 2008-01-31 19:06 <REP> d-------- C:\Program Files\Hasbro
2008-01-31 03:58 . 2008-02-01 10:42 <REP> d-------- C:\Users\peinz\AppData\Roaming\Hamachi
2008-01-31 03:58 . 2008-01-31 03:58 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-01-30 10:43 . 2008-01-30 10:43 332,288 --------- C:\Windows\System32\pmkhg.dll
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-30 08:30 . 2008-01-30 08:30 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-29 16:52 . 2008-01-29 16:52 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-01-29 16:24 . 2008-01-29 16:24 <REP> d-------- C:\Valve
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-01-29 12:13 . 2008-02-07 09:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-29 07:29 . 2008-01-29 07:29 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-01-29 04:55 . 2008-01-29 04:55 <REP> d-------- C:\Program Files\PowerISO
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\Users\All Users\FLEXnet
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\ProgramData\FLEXnet
2008-01-27 03:22 . 2008-01-27 03:22 <REP> d-------- C:\Users\peinz\AppData\Roaming\Webcammax
2008-01-27 03:20 . 2008-01-27 03:20 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 03:20 . 2008-01-27 03:20 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-27 03:01 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Bonjour
2008-01-27 02:49 . 2008-01-27 02:49 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 02:43 . 2008-01-27 02:43 <REP> d-------- C:\Program Files\NFO viewer
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\Users\All Users\TEMP
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\ProgramData\TEMP
2008-01-27 02:20 . 2008-01-27 02:44 <REP> d-------- C:\Fraps
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\Users\All Users\Logishrd
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\ProgramData\Logishrd
2008-01-26 22:55 . 2008-01-29 02:10 <REP> d-------- C:\Program Files\Common Files\logishrd
2008-01-26 22:55 . 2008-02-07 19:04 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-01-26 01:52 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-01-26 00:26 . 2008-02-07 10:05 <REP> d-------- C:\Users\peinz\AppData\Roaming\uTorrent
2008-01-26 00:26 . 2008-02-03 10:32 <REP> d-------- C:\Program Files\uTorrent
2008-01-25 12:03 . 2008-01-25 12:03 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-25 12:02 . 2008-01-25 12:02 <REP> d-------- C:\Windows\Downloaded Installations
2008-01-24 16:50 . 2008-02-07 15:42 <REP> d-------- C:\Users\peinz\AppData\Roaming\HLSW
2008-01-24 16:50 . 2008-01-24 16:50 <REP> d---s---- C:\Program Files\HLSW
2008-01-24 13:47 . 2008-01-24 13:47 <REP> d-------- C:\Program Files\CCleaner
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\ProgramData\Electronic Arts
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-01-21 21:29 . 2008-02-06 07:08 <REP> d-------- C:\Program Files\Oxygene V6
2008-01-21 20:24 . 2008-01-21 20:24 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-21 20:18 . 2008-01-21 20:18 <REP> d-------- C:\Windows\PCHEALTH
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\Users\All Users\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\ProgramData\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:18 <REP> d-------- C:\Program Files\Windows Live
2008-01-21 20:13 . 2008-01-21 20:17 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\Users\All Users\CanonBJ
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\ProgramData\CanonBJ
2008-01-21 15:54 . 2008-01-27 03:02 <REP> d-------- C:\Users\All Users\Adobe
2008-01-21 15:53 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-01-21 05:00 . 2008-01-21 05:00 <REP> d-------- C:\Program Files\DivX
2008-01-21 05:00 . 2008-01-21 05:00 684 --a------ C:\Windows\mozver.dat
2008-01-21 03:58 . 2008-01-21 03:58 <REP> d-------- C:\Users\peinz\AppData\Roaming\OtakuSoftware
2008-01-21 01:36 . 2007-12-11 17:06 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-21 01:36 . 2007-12-11 17:06 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-21 01:36 . 2007-12-11 17:06 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-21 01:36 . 2007-12-11 17:06 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-21 01:33 . 2008-02-04 05:51 <REP> d-------- C:\Program Files\Common Files\InstallShield
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 21:00 174 --sha-w C:\Program Files\desktop.ini
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Mail
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Defender
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Calendar
2008-01-20 20:24 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-20 20:24 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-20 20:24 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-20 20:24 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-20 20:24 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-20 20:23 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-20 20:17 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-20 20:17 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-20 20:17 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-20 20:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-20 20:15 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-20 20:15 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-20 20:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-20 20:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-20 20:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-20 20:08 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-20 20:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-20 20:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-20 20:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Modèles
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Favoris
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Bureau
2008-01-20 19:51 --------- d-sh--w C:\Program Files\Fichiers communs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
2008-01-30 10:43 332288 --------- C:\Windows\system32\pmkhg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-01-20 21:14 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-21 20:49 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 20:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 20:00 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 20:00 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 09:38 249896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^peinz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Users\peinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\Windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2007-09-11 07:57 3178152 C:\FRAPS\FRAPS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 16:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\ddccd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\Windows\mrofinu1044.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-21 20:49 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-23 12:23 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-20 21:20 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 13:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-20 21:15]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 19:04:39
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-07 19:08:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 18:07:54
.
2008-02-06 00:49:58 --- E O F ---
ComboFix 08-02.05.3 - peinz 2008-02-07 18:56:08.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.231 [GMT 1:00]
Endroit: C:\Users\peinz\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\Windows\System32\ghkmp.ini
C:\Windows\System32\ghkmp.ini2
C:\Windows\System32\hjjlm.ini
C:\Windows\System32\hjjlm.ini2
C:\Windows\system32\pmnlj.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-07 to 2008-02-07 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:38 . 2008-02-07 18:20 <REP> d-------- C:\Users\peinz\AppData\Roaming\FileZilla
2008-02-07 13:36 . 2008-02-07 13:36 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-02-07 10:06 . 2008-02-07 10:07 <REP> d-------- C:\Program Files\hjt
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Users\All Users\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\ProgramData\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Program Files\Avira
2008-02-07 08:23 . 2008-02-07 08:23 <REP> d-------- C:\Program Files\Rockstar Games
2008-02-07 06:34 . 2008-02-07 06:34 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-02-06 17:19 . 2008-02-06 17:19 <REP> d-------- C:\Windows\USB Vibration
2008-02-06 17:18 . 2008-02-06 17:18 <REP> d-------- C:\Program Files\USB Vibration
2008-02-06 07:28 . 2008-02-06 07:28 <REP> d-------- C:\Users\peinz\AppData\Roaming\NHN Corporation
2008-02-06 07:24 . 2008-02-06 07:24 <REP> d-------- C:\Program Files\NHN USA
2008-02-06 07:24 . 2008-01-16 18:25 679,936 --a------ C:\Windows\System32\ijjiSetup.exe
2008-02-06 02:30 . 2008-02-06 02:31 <REP> d-------- C:\Program Files\MTA San Andreas
2008-02-04 14:49 . 2008-02-04 14:49 <REP> d-------- C:\Program Files\Common Files\INCA Shared
2008-02-04 14:49 . 2008-02-05 16:15 33 --a------ C:\Windows\GunzLauncher.INI
2008-02-04 14:48 . 2008-02-06 07:00 <REP> d--h----- C:\Users\peinz\AppData\Roaming\ijjigame
2008-02-04 14:48 . 2003-07-17 19:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-02-04 14:48 . 2005-01-01 10:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\Users\All Users\IJJIGame
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\ProgramData\IJJIGame
2008-02-04 14:44 . 2008-02-04 14:44 <REP> d-------- C:\ijji
2008-02-04 12:30 . 2008-02-04 12:39 <REP> d-------- C:\Program Files\Pro Evolution Soccer 2008
2008-02-04 10:08 . 2008-02-07 08:23 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 10:08 . 2008-02-04 10:08 <REP> d-------- C:\Program Files\Infogrames
2008-02-04 03:43 . 2008-02-07 12:20 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-02-04 03:43 . 2008-02-04 03:43 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-02-04 03:43 . 2008-02-07 12:20 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-02-04 03:32 . 2008-02-04 03:32 359,410 --ahs---- C:\Windows\System32\ghkmp.ini2.ren
2008-02-04 02:35 . 2008-02-04 02:35 <REP> d-------- C:\Program Files\Electronic Arts
2008-02-04 02:09 . 2008-02-04 02:09 <REP> dr-h----- C:\Users\peinz\AppData\Roaming\SecuROM
2008-02-04 02:09 . 2008-02-04 02:09 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-02-02 14:59 . 2008-02-04 03:34 359,426 --ahs---- C:\Windows\System32\ghkmp.ini.ren
2008-02-01 20:50 . 2008-02-01 20:51 <REP> d-------- C:\Program Files\TeamSpeak 3
2008-02-01 07:10 . 2008-02-01 07:10 <REP> d-------- C:\Users\peinz\AppData\Roaming\Media Player Classic
2008-02-01 07:07 . 2008-02-01 07:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-31 19:06 . 2008-01-31 19:06 <REP> d-------- C:\Program Files\Hasbro
2008-01-31 03:58 . 2008-02-01 10:42 <REP> d-------- C:\Users\peinz\AppData\Roaming\Hamachi
2008-01-31 03:58 . 2008-01-31 03:58 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-01-30 10:43 . 2008-01-30 10:43 332,288 --------- C:\Windows\System32\pmkhg.dll
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-30 08:30 . 2008-01-30 08:30 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-29 16:52 . 2008-01-29 16:52 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-01-29 16:24 . 2008-01-29 16:24 <REP> d-------- C:\Valve
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-01-29 12:13 . 2008-02-07 09:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-29 07:29 . 2008-01-29 07:29 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-01-29 04:55 . 2008-01-29 04:55 <REP> d-------- C:\Program Files\PowerISO
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\Users\All Users\FLEXnet
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\ProgramData\FLEXnet
2008-01-27 03:22 . 2008-01-27 03:22 <REP> d-------- C:\Users\peinz\AppData\Roaming\Webcammax
2008-01-27 03:20 . 2008-01-27 03:20 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 03:20 . 2008-01-27 03:20 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-27 03:01 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Bonjour
2008-01-27 02:49 . 2008-01-27 02:49 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 02:43 . 2008-01-27 02:43 <REP> d-------- C:\Program Files\NFO viewer
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\Users\All Users\TEMP
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\ProgramData\TEMP
2008-01-27 02:20 . 2008-01-27 02:44 <REP> d-------- C:\Fraps
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\Users\All Users\Logishrd
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\ProgramData\Logishrd
2008-01-26 22:55 . 2008-01-29 02:10 <REP> d-------- C:\Program Files\Common Files\logishrd
2008-01-26 22:55 . 2008-02-07 19:04 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-01-26 01:52 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-01-26 00:26 . 2008-02-07 10:05 <REP> d-------- C:\Users\peinz\AppData\Roaming\uTorrent
2008-01-26 00:26 . 2008-02-03 10:32 <REP> d-------- C:\Program Files\uTorrent
2008-01-25 12:03 . 2008-01-25 12:03 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-25 12:02 . 2008-01-25 12:02 <REP> d-------- C:\Windows\Downloaded Installations
2008-01-24 16:50 . 2008-02-07 15:42 <REP> d-------- C:\Users\peinz\AppData\Roaming\HLSW
2008-01-24 16:50 . 2008-01-24 16:50 <REP> d---s---- C:\Program Files\HLSW
2008-01-24 13:47 . 2008-01-24 13:47 <REP> d-------- C:\Program Files\CCleaner
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\ProgramData\Electronic Arts
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-01-21 21:29 . 2008-02-06 07:08 <REP> d-------- C:\Program Files\Oxygene V6
2008-01-21 20:24 . 2008-01-21 20:24 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-21 20:18 . 2008-01-21 20:18 <REP> d-------- C:\Windows\PCHEALTH
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\Users\All Users\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\ProgramData\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:18 <REP> d-------- C:\Program Files\Windows Live
2008-01-21 20:13 . 2008-01-21 20:17 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\Users\All Users\CanonBJ
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\ProgramData\CanonBJ
2008-01-21 15:54 . 2008-01-27 03:02 <REP> d-------- C:\Users\All Users\Adobe
2008-01-21 15:53 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-01-21 05:00 . 2008-01-21 05:00 <REP> d-------- C:\Program Files\DivX
2008-01-21 05:00 . 2008-01-21 05:00 684 --a------ C:\Windows\mozver.dat
2008-01-21 03:58 . 2008-01-21 03:58 <REP> d-------- C:\Users\peinz\AppData\Roaming\OtakuSoftware
2008-01-21 01:36 . 2007-12-11 17:06 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-21 01:36 . 2007-12-11 17:06 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-21 01:36 . 2007-12-11 17:06 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-21 01:36 . 2007-12-11 17:06 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-21 01:33 . 2008-02-04 05:51 <REP> d-------- C:\Program Files\Common Files\InstallShield
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 21:00 174 --sha-w C:\Program Files\desktop.ini
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Mail
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Defender
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Calendar
2008-01-20 20:24 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-20 20:24 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-20 20:24 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-20 20:24 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-20 20:24 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-20 20:23 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-20 20:17 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-20 20:17 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-20 20:17 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-20 20:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-20 20:15 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-20 20:15 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-20 20:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-20 20:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-20 20:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-20 20:08 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-20 20:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-20 20:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-20 20:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Modèles
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Favoris
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Bureau
2008-01-20 19:51 --------- d-sh--w C:\Program Files\Fichiers communs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
2008-01-30 10:43 332288 --------- C:\Windows\system32\pmkhg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-01-20 21:14 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-21 20:49 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 20:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 20:00 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 20:00 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 09:38 249896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^peinz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Users\peinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\Windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2007-09-11 07:57 3178152 C:\FRAPS\FRAPS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 16:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\ddccd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\Windows\mrofinu1044.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-21 20:49 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-23 12:23 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-20 21:20 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 13:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-20 21:15]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
*Newly Created Service* - SSMDRV
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 19:04:39
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-07 19:08:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 18:07:54
.
2008-02-06 00:49:58 --- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour g!rly bien sur sans probleme,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:06, on 08/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8CA97DE0-31D6-485F-913A-F83EE50FF17B} - C:\Windows\system32\pmkhg.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:06, on 08/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8CA97DE0-31D6-485F-913A-F83EE50FF17B} - C:\Windows\system32\pmkhg.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
bonjour peinz,
Copie le texte ci-dessous :
File::
C:\Windows\System32\drivers\lvuvc.hs
C:\Windows\System32\ghkmp.ini.ren
C:\Windows\System32\ghkmp.ini2.ren
C:\Windows\System32\pmkhg.dll
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Windows\mrofinu1044.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt2.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
puis passe ceci et postegalement le rapport
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
tutoriel si besoin.
https://www.malekal.com/supprimer-virus-desinfecter-pc/
Donc post les deux rapports
@+
Copie le texte ci-dessous :
File::
C:\Windows\System32\drivers\lvuvc.hs
C:\Windows\System32\ghkmp.ini.ren
C:\Windows\System32\ghkmp.ini2.ren
C:\Windows\System32\pmkhg.dll
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Windows\mrofinu1044.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt2.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
puis passe ceci et postegalement le rapport
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
tutoriel si besoin.
https://www.malekal.com/supprimer-virus-desinfecter-pc/
Donc post les deux rapports
@+
ComboFix 08-02.05.3 - peinz 2008-02-08 13:15:42.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.456 [GMT 1:00]
Endroit: C:\Users\peinz\Desktop\ComboFix.exe
Command switches used :: C:\Users\peinz\Desktop\CFScript.txt..txt
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:38 . 2008-02-08 13:14 <REP> d-------- C:\Users\peinz\AppData\Roaming\FileZilla
2008-02-07 13:36 . 2008-02-07 13:36 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-02-07 10:06 . 2008-02-08 08:02 <REP> d-------- C:\Program Files\hjt
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Users\All Users\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\ProgramData\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Program Files\Avira
2008-02-07 08:23 . 2008-02-07 08:23 <REP> d-------- C:\Program Files\Rockstar Games
2008-02-07 06:34 . 2008-02-07 06:34 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-02-06 17:19 . 2008-02-06 17:19 <REP> d-------- C:\Windows\USB Vibration
2008-02-06 17:18 . 2008-02-06 17:18 <REP> d-------- C:\Program Files\USB Vibration
2008-02-06 07:28 . 2008-02-06 07:28 <REP> d-------- C:\Users\peinz\AppData\Roaming\NHN Corporation
2008-02-06 07:24 . 2008-02-06 07:24 <REP> d-------- C:\Program Files\NHN USA
2008-02-06 07:24 . 2008-01-16 18:25 679,936 --a------ C:\Windows\System32\ijjiSetup.exe
2008-02-06 02:30 . 2008-02-06 02:31 <REP> d-------- C:\Program Files\MTA San Andreas
2008-02-04 14:49 . 2008-02-04 14:49 <REP> d-------- C:\Program Files\Common Files\INCA Shared
2008-02-04 14:49 . 2008-02-05 16:15 33 --a------ C:\Windows\GunzLauncher.INI
2008-02-04 14:48 . 2008-02-06 07:00 <REP> d--h----- C:\Users\peinz\AppData\Roaming\ijjigame
2008-02-04 14:48 . 2003-07-17 19:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-02-04 14:48 . 2005-01-01 10:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\Users\All Users\IJJIGame
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\ProgramData\IJJIGame
2008-02-04 14:44 . 2008-02-04 14:44 <REP> d-------- C:\ijji
2008-02-04 12:30 . 2008-02-04 12:39 <REP> d-------- C:\Program Files\Pro Evolution Soccer 2008
2008-02-04 10:08 . 2008-02-07 08:23 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 10:08 . 2008-02-04 10:08 <REP> d-------- C:\Program Files\Infogrames
2008-02-04 03:43 . 2008-02-08 12:27 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-02-04 03:43 . 2008-02-04 03:43 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-02-04 03:43 . 2008-02-08 12:28 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-02-04 03:32 . 2008-02-04 03:32 359,410 --ahs---- C:\Windows\System32\ghkmp.ini2.ren
2008-02-04 02:35 . 2008-02-04 02:35 <REP> d-------- C:\Program Files\Electronic Arts
2008-02-04 02:09 . 2008-02-04 02:09 <REP> dr-h----- C:\Users\peinz\AppData\Roaming\SecuROM
2008-02-04 02:09 . 2008-02-04 02:09 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-02-02 14:59 . 2008-02-04 03:34 359,426 --ahs---- C:\Windows\System32\ghkmp.ini.ren
2008-02-01 20:50 . 2008-02-01 20:51 <REP> d-------- C:\Program Files\TeamSpeak 3
2008-02-01 07:10 . 2008-02-01 07:10 <REP> d-------- C:\Users\peinz\AppData\Roaming\Media Player Classic
2008-02-01 07:07 . 2008-02-01 07:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-31 19:06 . 2008-01-31 19:06 <REP> d-------- C:\Program Files\Hasbro
2008-01-31 03:58 . 2008-02-01 10:42 <REP> d-------- C:\Users\peinz\AppData\Roaming\Hamachi
2008-01-31 03:58 . 2008-01-31 03:58 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-30 08:30 . 2008-01-30 08:30 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-29 16:52 . 2008-01-29 16:52 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-01-29 16:24 . 2008-01-29 16:24 <REP> d-------- C:\Valve
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-01-29 12:13 . 2008-02-07 09:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-29 07:29 . 2008-01-29 07:29 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-01-29 04:55 . 2008-01-29 04:55 <REP> d-------- C:\Program Files\PowerISO
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\Users\All Users\FLEXnet
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\ProgramData\FLEXnet
2008-01-27 03:22 . 2008-01-27 03:22 <REP> d-------- C:\Users\peinz\AppData\Roaming\Webcammax
2008-01-27 03:20 . 2008-01-27 03:20 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 03:20 . 2008-01-27 03:20 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-27 03:01 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Bonjour
2008-01-27 02:49 . 2008-01-27 02:49 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 02:43 . 2008-01-27 02:43 <REP> d-------- C:\Program Files\NFO viewer
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\Users\All Users\TEMP
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\ProgramData\TEMP
2008-01-27 02:20 . 2008-01-27 02:44 <REP> d-------- C:\Fraps
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\Users\All Users\Logishrd
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\ProgramData\Logishrd
2008-01-26 22:55 . 2008-01-29 02:10 <REP> d-------- C:\Program Files\Common Files\logishrd
2008-01-26 22:55 . 2008-02-08 08:00 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-01-26 01:52 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-01-26 00:26 . 2008-02-07 10:05 <REP> d-------- C:\Users\peinz\AppData\Roaming\uTorrent
2008-01-26 00:26 . 2008-02-03 10:32 <REP> d-------- C:\Program Files\uTorrent
2008-01-25 12:03 . 2008-01-25 12:03 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-25 12:02 . 2008-01-25 12:02 <REP> d-------- C:\Windows\Downloaded Installations
2008-01-24 16:50 . 2008-02-08 01:48 <REP> d-------- C:\Users\peinz\AppData\Roaming\HLSW
2008-01-24 16:50 . 2008-01-24 16:50 <REP> d---s---- C:\Program Files\HLSW
2008-01-24 13:47 . 2008-01-24 13:47 <REP> d-------- C:\Program Files\CCleaner
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\ProgramData\Electronic Arts
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-01-21 21:29 . 2008-02-06 07:08 <REP> d-------- C:\Program Files\Oxygene V6
2008-01-21 20:24 . 2008-01-21 20:24 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-21 20:18 . 2008-01-21 20:18 <REP> d-------- C:\Windows\PCHEALTH
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\Users\All Users\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\ProgramData\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:18 <REP> d-------- C:\Program Files\Windows Live
2008-01-21 20:13 . 2008-01-21 20:17 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\Users\All Users\CanonBJ
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\ProgramData\CanonBJ
2008-01-21 15:54 . 2008-01-27 03:02 <REP> d-------- C:\Users\All Users\Adobe
2008-01-21 15:53 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-01-21 05:00 . 2008-01-21 05:00 <REP> d-------- C:\Program Files\DivX
2008-01-21 05:00 . 2008-01-21 05:00 684 --a------ C:\Windows\mozver.dat
2008-01-21 03:58 . 2008-01-21 03:58 <REP> d-------- C:\Users\peinz\AppData\Roaming\OtakuSoftware
2008-01-21 01:36 . 2007-12-11 17:06 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-21 01:36 . 2007-12-11 17:06 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-21 01:36 . 2007-12-11 17:06 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-21 01:36 . 2007-12-11 17:06 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-21 01:33 . 2008-02-04 05:51 <REP> d-------- C:\Program Files\Common Files\InstallShield
2008-01-21 01:33 . 2008-01-21 01:33 <REP> d-------- C:\NVIDIA
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 21:00 174 --sha-w C:\Program Files\desktop.ini
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Mail
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Defender
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Calendar
2008-01-20 20:24 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-20 20:24 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-20 20:24 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-20 20:24 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-20 20:24 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-20 20:24 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-20 20:24 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-20 20:24 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-20 20:24 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-20 20:24 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-20 20:24 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-20 20:24 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-20 20:24 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-20 20:24 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-20 20:24 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-20 20:24 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-20 20:24 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-20 20:24 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-20 20:24 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-20 20:23 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-20 20:23 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-20 20:23 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-20 20:23 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-20 20:23 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-20 20:23 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-20 20:23 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-20 20:23 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-20 20:23 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-20 20:23 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-20 20:23 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-20 20:23 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-20 20:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-20 20:17 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-01-20 20:17 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-20 20:17 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-01-20 20:17 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-01-20 20:17 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-01-20 20:17 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-20 20:17 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-01-20 20:17 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-01-20 20:17 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-20 20:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-20 20:15 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-20 20:15 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-20 20:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-20 20:11 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-20 20:11 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-20 20:11 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-20 20:11 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-20 20:11 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-20 20:11 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-20 20:11 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-20 20:11 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-01-20 20:11 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-20 20:11 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-20 20:11 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-20 20:10 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-20 20:10 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-20 20:10 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-20 20:10 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-20 20:10 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-20 20:10 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-20 20:10 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-20 20:10 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-20 20:10 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-20 20:10 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-20 20:10 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-20 20:10 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-20 20:10 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-20 20:10 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-20 20:10 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-20 20:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-20 20:08 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-20 20:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-20 20:08 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-20 20:08 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-20 20:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-20 20:08 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-20 20:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-20 20:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Modèles
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Favoris
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Bureau
2008-01-20 19:51 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-24 12:49 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
C:\Windows\system32\pmkhg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-01-20 21:14 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-21 20:49 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 20:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 20:00 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 20:00 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 09:38 249896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^peinz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Users\peinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\Windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2007-09-11 07:57 3178152 C:\FRAPS\FRAPS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 16:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\ddccd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\Windows\mrofinu1044.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-21 20:49 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-23 12:23 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-20 21:20 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 13:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-20 21:15]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 13:17:56
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-08 13:18:39
ComboFix-quarantined-files.txt 2008-02-08 12:18:35
ComboFix2.txt 2008-02-07 18:08:00
.
2008-02-08 00:46:15 --- E O F ---
voila pour combo et pour le compte utilisateur il n'est jamais activé car sa me sert a rien et j'aime pas.c'est grave?
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.456 [GMT 1:00]
Endroit: C:\Users\peinz\Desktop\ComboFix.exe
Command switches used :: C:\Users\peinz\Desktop\CFScript.txt..txt
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:38 . 2008-02-08 13:14 <REP> d-------- C:\Users\peinz\AppData\Roaming\FileZilla
2008-02-07 13:36 . 2008-02-07 13:36 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-02-07 10:06 . 2008-02-08 08:02 <REP> d-------- C:\Program Files\hjt
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Users\All Users\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\ProgramData\Avira
2008-02-07 09:35 . 2008-02-07 09:35 <REP> d-------- C:\Program Files\Avira
2008-02-07 08:23 . 2008-02-07 08:23 <REP> d-------- C:\Program Files\Rockstar Games
2008-02-07 06:34 . 2008-02-07 06:34 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-02-06 17:19 . 2008-02-06 17:19 <REP> d-------- C:\Windows\USB Vibration
2008-02-06 17:18 . 2008-02-06 17:18 <REP> d-------- C:\Program Files\USB Vibration
2008-02-06 07:28 . 2008-02-06 07:28 <REP> d-------- C:\Users\peinz\AppData\Roaming\NHN Corporation
2008-02-06 07:24 . 2008-02-06 07:24 <REP> d-------- C:\Program Files\NHN USA
2008-02-06 07:24 . 2008-01-16 18:25 679,936 --a------ C:\Windows\System32\ijjiSetup.exe
2008-02-06 02:30 . 2008-02-06 02:31 <REP> d-------- C:\Program Files\MTA San Andreas
2008-02-04 14:49 . 2008-02-04 14:49 <REP> d-------- C:\Program Files\Common Files\INCA Shared
2008-02-04 14:49 . 2008-02-05 16:15 33 --a------ C:\Windows\GunzLauncher.INI
2008-02-04 14:48 . 2008-02-06 07:00 <REP> d--h----- C:\Users\peinz\AppData\Roaming\ijjigame
2008-02-04 14:48 . 2003-07-17 19:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-02-04 14:48 . 2005-01-01 10:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\Users\All Users\IJJIGame
2008-02-04 14:46 . 2008-02-04 14:46 <REP> d-------- C:\ProgramData\IJJIGame
2008-02-04 14:44 . 2008-02-04 14:44 <REP> d-------- C:\ijji
2008-02-04 12:30 . 2008-02-04 12:39 <REP> d-------- C:\Program Files\Pro Evolution Soccer 2008
2008-02-04 10:08 . 2008-02-07 08:23 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 10:08 . 2008-02-04 10:08 <REP> d-------- C:\Program Files\Infogrames
2008-02-04 03:43 . 2008-02-08 12:27 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-02-04 03:43 . 2008-02-04 03:43 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-02-04 03:43 . 2008-02-08 12:28 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-02-04 03:32 . 2008-02-04 03:32 359,410 --ahs---- C:\Windows\System32\ghkmp.ini2.ren
2008-02-04 02:35 . 2008-02-04 02:35 <REP> d-------- C:\Program Files\Electronic Arts
2008-02-04 02:09 . 2008-02-04 02:09 <REP> dr-h----- C:\Users\peinz\AppData\Roaming\SecuROM
2008-02-04 02:09 . 2008-02-04 02:09 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-02-02 14:59 . 2008-02-04 03:34 359,426 --ahs---- C:\Windows\System32\ghkmp.ini.ren
2008-02-01 20:50 . 2008-02-01 20:51 <REP> d-------- C:\Program Files\TeamSpeak 3
2008-02-01 07:10 . 2008-02-01 07:10 <REP> d-------- C:\Users\peinz\AppData\Roaming\Media Player Classic
2008-02-01 07:07 . 2008-02-01 07:07 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-31 19:06 . 2008-01-31 19:06 <REP> d-------- C:\Program Files\Hasbro
2008-01-31 03:58 . 2008-02-01 10:42 <REP> d-------- C:\Users\peinz\AppData\Roaming\Hamachi
2008-01-31 03:58 . 2008-01-31 03:58 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\Users\All Users\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:37 <REP> d-------- C:\ProgramData\Lavasoft
2008-01-30 08:33 . 2008-01-30 08:33 <REP> d-------- C:\Program Files\Lavasoft
2008-01-30 08:30 . 2008-01-30 08:30 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:35 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-01-30 08:25 . 2008-01-30 08:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-29 16:52 . 2008-01-29 16:52 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-01-29 16:24 . 2008-01-29 16:24 <REP> d-------- C:\Valve
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-29 12:16 . 2008-01-29 12:16 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-01-29 12:13 . 2008-02-07 09:15 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-29 07:29 . 2008-01-29 07:29 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-01-29 04:55 . 2008-01-29 04:55 <REP> d-------- C:\Program Files\PowerISO
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\Users\All Users\FLEXnet
2008-01-27 06:00 . 2008-01-27 06:00 <REP> d-------- C:\ProgramData\FLEXnet
2008-01-27 03:22 . 2008-01-27 03:22 <REP> d-------- C:\Users\peinz\AppData\Roaming\Webcammax
2008-01-27 03:20 . 2008-01-27 03:20 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 03:20 . 2008-01-27 03:20 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-01-27 03:01 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Bonjour
2008-01-27 02:49 . 2008-01-27 02:49 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-27 02:43 . 2008-01-27 02:43 <REP> d-------- C:\Program Files\NFO viewer
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\Users\All Users\TEMP
2008-01-27 02:20 . 2008-02-04 03:39 <REP> d-a------ C:\ProgramData\TEMP
2008-01-27 02:20 . 2008-01-27 02:44 <REP> d-------- C:\Fraps
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\Users\All Users\Logishrd
2008-01-26 22:57 . 2008-01-29 02:09 <REP> d-------- C:\ProgramData\Logishrd
2008-01-26 22:55 . 2008-01-29 02:10 <REP> d-------- C:\Program Files\Common Files\logishrd
2008-01-26 22:55 . 2008-02-08 08:00 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-01-26 01:52 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-01-26 00:26 . 2008-02-07 10:05 <REP> d-------- C:\Users\peinz\AppData\Roaming\uTorrent
2008-01-26 00:26 . 2008-02-03 10:32 <REP> d-------- C:\Program Files\uTorrent
2008-01-25 12:03 . 2008-01-25 12:03 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-25 12:02 . 2008-01-25 12:02 <REP> d-------- C:\Windows\Downloaded Installations
2008-01-24 16:50 . 2008-02-08 01:48 <REP> d-------- C:\Users\peinz\AppData\Roaming\HLSW
2008-01-24 16:50 . 2008-01-24 16:50 <REP> d---s---- C:\Program Files\HLSW
2008-01-24 13:47 . 2008-01-24 13:47 <REP> d-------- C:\Program Files\CCleaner
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-01-24 00:29 . 2008-01-24 00:29 <REP> d-------- C:\ProgramData\Electronic Arts
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-01-21 21:43 . 2008-01-24 18:04 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-01-21 21:29 . 2008-02-06 07:08 <REP> d-------- C:\Program Files\Oxygene V6
2008-01-21 20:24 . 2008-01-21 20:24 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-21 20:18 . 2008-01-21 20:18 <REP> d-------- C:\Windows\PCHEALTH
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\Users\All Users\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:13 <REP> d-------- C:\ProgramData\WLInstaller
2008-01-21 20:13 . 2008-01-21 20:18 <REP> d-------- C:\Program Files\Windows Live
2008-01-21 20:13 . 2008-01-21 20:17 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\Users\All Users\CanonBJ
2008-01-21 15:59 . 2008-01-21 15:59 <REP> d--h----- C:\ProgramData\CanonBJ
2008-01-21 15:54 . 2008-01-27 03:02 <REP> d-------- C:\Users\All Users\Adobe
2008-01-21 15:53 . 2008-01-27 03:01 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-01-21 05:00 . 2008-01-21 05:00 <REP> d-------- C:\Program Files\DivX
2008-01-21 05:00 . 2008-01-21 05:00 684 --a------ C:\Windows\mozver.dat
2008-01-21 03:58 . 2008-01-21 03:58 <REP> d-------- C:\Users\peinz\AppData\Roaming\OtakuSoftware
2008-01-21 01:36 . 2007-12-11 17:06 1,073,152 --a------ C:\Windows\System32\nvcpluir.dll
2008-01-21 01:36 . 2007-12-11 17:06 753,664 --a------ C:\Windows\System32\nvcplui.exe
2008-01-21 01:36 . 2007-12-11 17:06 413,696 --a------ C:\Windows\System32\nvcpl.cpl
2008-01-21 01:36 . 2007-12-11 17:06 307,200 --a------ C:\Windows\System32\nvexpbar.dll
2008-01-21 01:33 . 2008-02-04 05:51 <REP> d-------- C:\Program Files\Common Files\InstallShield
2008-01-21 01:33 . 2008-01-21 01:33 <REP> d-------- C:\NVIDIA
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 21:00 174 --sha-w C:\Program Files\desktop.ini
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Mail
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Defender
2008-01-20 20:43 --------- d-----w C:\Program Files\Windows Calendar
2008-01-20 20:24 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-20 20:24 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-20 20:24 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-20 20:24 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-20 20:24 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-20 20:24 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-20 20:24 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-20 20:24 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-20 20:24 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-20 20:24 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-20 20:24 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-20 20:24 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-20 20:24 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-20 20:24 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-20 20:24 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-20 20:24 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-20 20:24 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-20 20:24 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-20 20:24 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-20 20:23 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-20 20:23 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-20 20:23 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-20 20:23 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-20 20:23 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-20 20:23 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-20 20:23 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-20 20:23 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-20 20:23 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-20 20:23 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-20 20:23 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-20 20:23 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-20 20:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-20 20:17 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-01-20 20:17 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-20 20:17 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-01-20 20:17 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-01-20 20:17 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-01-20 20:17 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-20 20:17 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-01-20 20:17 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-01-20 20:17 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-20 20:15 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-20 20:15 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-20 20:15 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-20 20:15 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-20 20:11 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-20 20:11 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-20 20:11 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-20 20:11 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-20 20:11 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-20 20:11 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-20 20:11 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-20 20:11 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-01-20 20:11 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-20 20:11 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-20 20:11 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-20 20:10 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-20 20:10 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-20 20:10 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-20 20:10 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-20 20:10 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-20 20:10 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-20 20:10 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-20 20:10 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-20 20:10 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-20 20:10 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-20 20:10 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-20 20:10 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-20 20:10 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-20 20:10 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-20 20:10 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-20 20:08 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-20 20:08 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-20 20:08 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-01-20 20:08 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-20 20:08 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-01-20 20:08 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-20 20:08 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-20 20:08 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-01-20 20:08 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Modèles
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Favoris
2008-01-20 19:51 --------- d-sh--w C:\ProgramData\Bureau
2008-01-20 19:51 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-24 12:49 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-14 10:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
C:\Windows\system32\pmkhg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-01-20 21:14 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-21 20:49 171448]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 20:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 20:00 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 20:00 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 08:05 217088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-07 09:38 249896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^peinz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Users\peinz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\Windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
C:\Program Files\a-squared Anti-Malware\a2guard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
--a------ 2007-09-11 07:57 3178152 C:\FRAPS\FRAPS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 16:02 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\ddccd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 08:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\Windows\mrofinu1044.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-21 20:49 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-23 12:23 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-20 21:20 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 13:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-20 21:15]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 13:17:56
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-08 13:18:39
ComboFix-quarantined-files.txt 2008-02-08 12:18:35
ComboFix2.txt 2008-02-07 18:08:00
.
2008-02-08 00:46:15 --- E O F ---
voila pour combo et pour le compte utilisateur il n'est jamais activé car sa me sert a rien et j'aime pas.c'est grave?
re,
tu n´as pas l´aire d´avoir bien executé la manip`
Copie bien l´integralité des lignes ci dessous et recommence :
Copie le texte ci-dessous :
File::
C:\Windows\System32\drivers\lvuvc.hs
C:\Windows\System32\ghkmp.ini.ren
C:\Windows\System32\ghkmp.ini2.ren
C:\Windows\System32\pmkhg.dll
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Windows\mrofinu1044.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt3.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
tu n´as pas l´aire d´avoir bien executé la manip`
Copie bien l´integralité des lignes ci dessous et recommence :
Copie le texte ci-dessous :
File::
C:\Windows\System32\drivers\lvuvc.hs
C:\Windows\System32\ghkmp.ini.ren
C:\Windows\System32\ghkmp.ini2.ren
C:\Windows\System32\pmkhg.dll
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Windows\mrofinu1044.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA97DE0-31D6-485F-913A-F83EE50FF17B}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt3.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
