Sujet Précédent Sujet Suivant

Rapport hijackthis:aidez moi a trouver virus

Fermé
darktemplar242 - 3 avril 2008 à 00:22
 Utilisateur anonyme - 6 avril 2008 à 10:57
KK1 peut verifier le rapport et m'aider a trouver les virus qui infecte mon premier HD???
bon postez vos réponses vites plz jai toujours en moyenne 45 running prossess


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:14, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmosite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.fr.fr-ca\msntb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [b0401779] rundll32.exe "C:\WINDOWS\system32\rdisskni.dll",b
O4 - HKLM\..\Run: [BMb37324e5] Rundll32.exe "C:\WINDOWS\system32\pqjmtsps.dll",s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix /autoclose
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.family.my/c/online-e-games
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109046768267
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{46CA97CC-7B51-4DEC-83C0-517E8D8F2755}: NameServer = 206.47.244.139 207.164.234.193
O18 - Protocol: bw+0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: (no name) - http://pixgate.free.fr/galleries/Digital_Art/AUTRES/Dazed.jpg

36 réponses

  • 1
  • 2
Réponse 1 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
4 avril 2008 à 15:07
Bonjour,

en concertation avec M.L. King :

Télécharge CleanX-II de sUBs (merci mOe) ici :

http://download.bleepingcomputer.com/sUBs/CleanX-II.exe

Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
Ferme toutes les applications.
Désactive puis réactive ta restauration système.
Double-clique sur CleanX-II.exe pour démarrer la réparation.
Clique OK lorsque tu reçois un message d'avertissement.
A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
Démarrer, exécuter et tape %temp%\report.txt . Le bloc-note va ouvrir le rapport.

Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.

Pour désactiver puis réactiver la restauration système, suis ce tuto :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
1
Réponse 2 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
5 avril 2008 à 09:42
Bonjour,

bonne nouvelle.Le rapport ne montre plus de trace d'infection.

Je vous laisse continuer;

Juste un point, comme tu le pressens, les téléchargements sont une source d'ennui (surtout sur les cracks et les keygen).

Bonne suite.
1
Réponse 3 / 36
Utilisateur anonyme
3 avril 2008 à 00:27
bonsoir voici


Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

pour effectuer les fix deconnect toi et ferme toutes tes applications !!

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp







Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

0
Réponse 4 / 36
darktemplar242
3 avril 2008 à 00:32
jvien dfaire une gaffe, jai fixer descopt componnent 0 (laffaire pixgate) pi le fond decran est devenu noir...

jai supprimé le backup pcq jpensai ke cetai un virus
0
darktemplar242
3 avril 2008 à 00:37
c bon jai réapliqué le fond decran,je commence ta procédure
0
lestat > darktemplar242
3 avril 2008 à 00:40
salut.

ya aussi un site ou tu peux mettre ton.log et il te dise ce qui et bon ou pas .www.hijackthis.de/fr.
0
Utilisateur anonyme > lestat
4 avril 2008 à 13:30
Ne pas se fier à ça pour désinfecter.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 36
darktemplar242
3 avril 2008 à 01:07
Bon voila le log de vundo fix.5 fichiers supprimés


VundoFix V7.0.3

Scan started at 18:40:51 02/04/2008

Listing files found while scanning....

C:\WINDOWS\system32\dvcvbbab.dll
C:\WINDOWS\system32\fwjepblv.dll
C:\windows\system32\ijkmp.ini
C:\windows\system32\ijkmp.ini2
C:\WINDOWS\system32\myacdmwc.dll
C:\windows\system32\pmkji.dll
C:\WINDOWS\system32\xcewjvdw.dll
C:\WINDOWS\system32\xvtlbibw.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dvcvbbab.dll
C:\WINDOWS\system32\dvcvbbab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwjepblv.dll
C:\WINDOWS\system32\fwjepblv.dll Has been deleted!

Attempting to delete C:\windows\system32\ijkmp.ini
C:\windows\system32\ijkmp.ini Has been deleted!

Attempting to delete C:\windows\system32\ijkmp.ini2
C:\windows\system32\ijkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\myacdmwc.dll
C:\WINDOWS\system32\myacdmwc.dll Has been deleted!

Attempting to delete C:\windows\system32\pmkji.dll
C:\windows\system32\pmkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xcewjvdw.dll
C:\WINDOWS\system32\xcewjvdw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xvtlbibw.dll
C:\WINDOWS\system32\xvtlbibw.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 6 / 36
darktemplar242
3 avril 2008 à 01:18
rapport de virtumundobegone



[04/02/2008, 19:11:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Anthony et Jeremy\Bureau\fix\VirtumundoBeGone.exe" )
[04/02/2008, 19:11:51] - Detected System Information:
[04/02/2008, 19:11:51] - Windows Version: 5.1.2600, Service Pack 2
[04/02/2008, 19:11:51] - Current Username: Anthony et Jeremy (Admin)
[04/02/2008, 19:11:51] - Windows is in NORMAL mode.
[04/02/2008, 19:11:51] - Searching for Browser Helper Objects:
[04/02/2008, 19:11:51] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/02/2008, 19:11:51] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[04/02/2008, 19:11:51] - BHO 3: {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - No filename found. Continuing.
[04/02/2008, 19:11:51] - BHO 4: {30C4CAF4-F637-4F03-A8CA-14D618B06237} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - Checking for HKLM\...\Winlogon\Notify\pmkji
[04/02/2008, 19:11:51] - Key not found: HKLM\...\Winlogon\Notify\pmkji, continuing.
[04/02/2008, 19:11:51] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (IE to GetRight Helper)
[04/02/2008, 19:11:51] - BHO 6: {4bb3baa1-260e-4a40-9661-6e0868bc0897} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - Checking for HKLM\...\Winlogon\Notify\hbyngmvv
[04/02/2008, 19:11:51] - Key not found: HKLM\...\Winlogon\Notify\hbyngmvv, continuing.
[04/02/2008, 19:11:51] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/02/2008, 19:11:51] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/02/2008, 19:11:51] - BHO 8: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[04/02/2008, 19:11:51] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/02/2008, 19:11:51] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - No filename found. Continuing.
[04/02/2008, 19:11:51] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/02/2008, 19:11:51] - BHO 12: {B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - Checking for HKLM\...\Winlogon\Notify\mljighi
[04/02/2008, 19:11:51] - Found: HKLM\...\Winlogon\Notify\mljighi - This is probably Virtumundo.
[04/02/2008, 19:11:51] - Assigning {B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D} MSEvents Object
[04/02/2008, 19:11:51] - BHO list has been changed! Starting over...
[04/02/2008, 19:11:51] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/02/2008, 19:11:51] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[04/02/2008, 19:11:51] - BHO 3: {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - No filename found. Continuing.
[04/02/2008, 19:11:51] - BHO 4: {30C4CAF4-F637-4F03-A8CA-14D618B06237} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - Checking for HKLM\...\Winlogon\Notify\pmkji
[04/02/2008, 19:11:51] - Key not found: HKLM\...\Winlogon\Notify\pmkji, continuing.
[04/02/2008, 19:11:51] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (IE to GetRight Helper)
[04/02/2008, 19:11:51] - BHO 6: {4bb3baa1-260e-4a40-9661-6e0868bc0897} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - Checking for HKLM\...\Winlogon\Notify\hbyngmvv
[04/02/2008, 19:11:51] - Key not found: HKLM\...\Winlogon\Notify\hbyngmvv, continuing.
[04/02/2008, 19:11:51] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/02/2008, 19:11:51] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/02/2008, 19:11:51] - BHO 8: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[04/02/2008, 19:11:51] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/02/2008, 19:11:51] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/02/2008, 19:11:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:51] - No filename found. Continuing.
[04/02/2008, 19:11:51] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/02/2008, 19:11:51] - BHO 12: {B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D} (MSEvents Object)
[04/02/2008, 19:11:51] - ALERT: Found MSEvents Object!
[04/02/2008, 19:11:51] - Finished Searching Browser Helper Objects
[04/02/2008, 19:11:51] - *** Detected MSEvents Object
[04/02/2008, 19:11:51] - Trying to remove MSEvents Object...
[04/02/2008, 19:11:52] - Terminating Process: IEXPLORE.EXE
[04/02/2008, 19:11:52] - Terminating Process: RUNDLL32.EXE
[04/02/2008, 19:11:53] - Disabling Automatic Shell Restart
[04/02/2008, 19:11:53] - Terminating Process: EXPLORER.EXE
[04/02/2008, 19:11:53] - Suspending the NT Session Manager System Service
[04/02/2008, 19:11:53] - Terminating Windows NT Logon/Logoff Manager
[04/02/2008, 19:11:53] - Re-enabling Automatic Shell Restart
[04/02/2008, 19:11:53] - File to disable: C:\WINDOWS\system32\mljighi.dll
[04/02/2008, 19:11:53] - Removing HKLM\...\Browser Helper Objects\{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}
[04/02/2008, 19:11:53] - Removing HKCR\CLSID\{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}
[04/02/2008, 19:11:53] - Adding Kill Bit for ActiveX for GUID: {B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}
[04/02/2008, 19:11:53] - Deleting ATLEvents/MSEvents Registry entries
[04/02/2008, 19:11:53] - Removing HKLM\...\Winlogon\Notify\mljighi
[04/02/2008, 19:11:53] - Searching for Browser Helper Objects:
[04/02/2008, 19:11:53] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[04/02/2008, 19:11:53] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[04/02/2008, 19:11:53] - BHO 3: {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} ()
[04/02/2008, 19:11:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:53] - No filename found. Continuing.
[04/02/2008, 19:11:53] - BHO 4: {30C4CAF4-F637-4F03-A8CA-14D618B06237} ()
[04/02/2008, 19:11:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:53] - Checking for HKLM\...\Winlogon\Notify\pmkji
[04/02/2008, 19:11:53] - Key not found: HKLM\...\Winlogon\Notify\pmkji, continuing.
[04/02/2008, 19:11:53] - BHO 5: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (IE to GetRight Helper)
[04/02/2008, 19:11:54] - BHO 6: {4bb3baa1-260e-4a40-9661-6e0868bc0897} ()
[04/02/2008, 19:11:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:54] - Checking for HKLM\...\Winlogon\Notify\hbyngmvv
[04/02/2008, 19:11:54] - Key not found: HKLM\...\Winlogon\Notify\hbyngmvv, continuing.
[04/02/2008, 19:11:54] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/02/2008, 19:11:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/02/2008, 19:11:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/02/2008, 19:11:54] - BHO 8: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (EWPBrowseObject Class)
[04/02/2008, 19:11:54] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/02/2008, 19:11:54] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/02/2008, 19:11:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/02/2008, 19:11:54] - No filename found. Continuing.
[04/02/2008, 19:11:54] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/02/2008, 19:11:54] - Finished Searching Browser Helper Objects
[04/02/2008, 19:11:54] - Finishing up...
[04/02/2008, 19:11:54] - A restart is needed.
[04/02/2008, 19:12:15] - Attempting to Restart via STOP error (Blue Screen!)
0
lestat
3 avril 2008 à 03:56
je t'ai mis le site en liens.va dessus il fonctionne encore bien.
0
Réponse 7 / 36
Utilisateur anonyme
3 avril 2008 à 10:27
bonjour c'est parfait voici la suite car il reste encore du monde a virer



Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
--
Nous serons capable de tailler la montagne du désespoir . En diamant de l'éspoir . Fort de cette foi , nous serons capable de changer dans notre nation le son de la discorde en une merveilleuse symphonie de fraternité , ....!!
0
Réponse 8 / 36
darktemplar242
3 avril 2008 à 22:42
ComboFix 08-04-03.3 - Anthony et Jeremy 2008-04-03 16:30:48.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1560 [GMT -4:00]
Endroit: C:\Documents and Settings\Anthony et Jeremy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb37324e5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\amufuajc.dll
C:\WINDOWS\system32\buyfsygs.dll
C:\WINDOWS\system32\ciykggvp.dll
C:\WINDOWS\system32\ekkepliv.dll
C:\WINDOWS\system32\evvsxkql.dll
C:\WINDOWS\system32\fugxsxxf.ini
C:\WINDOWS\system32\fxxsxguf.dll
C:\WINDOWS\system32\gayaxnsg.dll
C:\WINDOWS\system32\gwacxtoi.dll
C:\WINDOWS\system32\hbyngmvv.dll
C:\WINDOWS\system32\ipiisitg.dll
C:\WINDOWS\system32\iwwseplt.dll
C:\WINDOWS\system32\jvmbydqb.dll
C:\WINDOWS\system32\koqljqtf.dll
C:\WINDOWS\system32\krgwinri.dll
C:\WINDOWS\system32\lcwtypda.dll
C:\WINDOWS\system32\lkmqfqkg.dll
C:\WINDOWS\system32\lmlkgdok.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mctkmypy.dll
C:\WINDOWS\system32\myaypynj.dll
C:\WINDOWS\system32\pqjmtsps.dll
C:\WINDOWS\system32\pstqhyvx.dll
C:\WINDOWS\system32\qbefgxdr.dll
C:\WINDOWS\system32\qlfdugel.dll
C:\WINDOWS\system32\qmrhqwgt.dll
C:\WINDOWS\system32\qoxbhnee.dll
C:\WINDOWS\system32\qsfhjliq.dll
C:\WINDOWS\system32\rckdsren.dll
C:\WINDOWS\system32\rdxgfebq.ini
C:\WINDOWS\system32\sljqrdkd.dll
C:\WINDOWS\system32\sqrmtqru.dll
C:\WINDOWS\system32\tpewuniu.dll
C:\WINDOWS\system32\tqtpenfp.dll
C:\WINDOWS\system32\uwehuhnw.dll
C:\WINDOWS\system32\uxejxgad.dll
C:\WINDOWS\system32\vcoohwxm.dll
C:\WINDOWS\system32\vegxikqq.dll
C:\WINDOWS\system32\vilpekke.ini
C:\WINDOWS\system32\vnhxeynr.dll
C:\WINDOWS\system32\wwowdbnv.dll
C:\WINDOWS\system32\yemdqhnn.dll
C:\WINDOWS\system32\yiehbwst.dll
C:\WINDOWS\system32\ypaulqpk.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 18:40 . 2008-04-02 18:47 <REP> d-------- C:\VundoFix Backups
2008-04-02 18:15 . 2008-04-02 18:15 <REP> d-------- C:\Program Files\Trend Micro
2008-04-01 17:30 . 2008-04-02 16:10 1,600,087 ---hs---- C:\WINDOWS\system32\ywjctfsd.ini
2008-03-31 16:26 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 16:26 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 16:18 . 2008-04-02 16:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 16:18 . 2008-03-31 16:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 13:18 . 2008-03-30 13:18 <REP> d-------- C:\Program Files\Lionhead Studios
2008-03-30 12:10 . 2008-03-30 12:10 <REP> d-------- C:\WINDOWS\system32\xlive
2008-03-30 12:10 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-30 12:10 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-30 12:10 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-30 12:10 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-30 12:09 . 2008-01-28 13:48 785,464 -ra------ C:\WINDOWS\system32\tmpC.tmp
2008-03-30 12:09 . 2008-01-28 13:48 785,464 -ra------ C:\WINDOWS\system32\tmpB.tmp
2008-03-30 11:58 . 2008-03-30 11:58 <REP> d-------- C:\Program Files\Sega
2008-03-29 11:56 . 2008-03-29 11:56 <REP> d-------- C:\WINDOWS\C6996F17923349EB8084E73E5272DAF4.TMP
2008-03-29 11:51 . 2008-03-29 11:51 <REP> d-------- C:\Program Files\Timeline Interactive
2008-03-28 23:43 . 2008-03-28 23:43 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2008-03-28 20:11 . 2008-03-29 21:04 <REP> d-------- C:\Program Files\Eternal Lands
2008-03-28 19:13 . 2008-03-28 19:13 78,848 --a------ C:\WINDOWS\system32\drivers\SSHDRV85.sys
2008-03-28 18:38 . 2008-03-28 22:01 1,476,164 ---hs---- C:\WINDOWS\system32\vxgvqnuu.ini
2008-03-27 18:34 . 2008-03-28 18:35 1,532,946 ---hs---- C:\WINDOWS\system32\ffeccqhq.ini
2008-03-27 17:36 . 2008-03-27 17:36 1,479,792 ---hs---- C:\WINDOWS\system32\viaojsnt.ini
2008-03-26 17:31 . 2008-03-27 17:33 1,585,599 ---hs---- C:\WINDOWS\system32\tgvxqqyo.ini
2008-03-25 17:29 . 2008-03-26 17:30 1,586,392 ---hs---- C:\WINDOWS\system32\lyhdwsrn.ini
2008-03-24 14:45 . 2008-03-25 16:24 2,299,728 ---hs---- C:\WINDOWS\system32\xwccjdlm.ini
2008-03-23 14:41 . 2008-03-24 14:42 2,328,793 ---hs---- C:\WINDOWS\system32\whntopsb.ini
2008-03-22 16:01 . 2008-04-02 18:40 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\DNA
2008-03-22 14:42 . 2008-03-23 07:59 2,356,956 ---hs---- C:\WINDOWS\system32\ragnfwib.ini
2008-03-22 11:53 . 2008-03-22 14:36 2,591,433 ---hs---- C:\WINDOWS\system32\vbmaoutt.ini
2008-03-21 19:00 . 2008-03-21 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-21 17:19 . 2008-03-21 18:54 <REP> d-------- C:\Program Files\Ubisoft
2008-03-21 11:52 . 2008-03-22 11:52 2,591,253 ---hs---- C:\WINDOWS\system32\fetcnwgs.ini
2008-03-20 19:05 . 2008-03-20 19:41 <REP> d-------- C:\Program Files\WowCartographe
2008-03-20 08:04 . 2008-03-21 10:52 2,751,147 ---hs---- C:\WINDOWS\system32\yyddbwar.ini
2008-03-18 17:29 . 2008-03-20 08:01 1,534,488 ---hs---- C:\WINDOWS\system32\bsdxbjaq.ini
2008-03-18 07:11 . 2008-03-18 07:11 <REP> d-------- C:\users
2008-03-18 07:04 . 2008-03-18 07:08 <REP> d-------- C:\Program Files\Fichiers communs\Softimage
2008-03-18 07:03 . 2008-03-18 07:08 <REP> d-------- C:\Softimage
2008-03-18 07:03 . 2007-08-14 18:12 45,056 --------- C:\WINDOWS\system32\XSIChooser.exe
2008-03-17 17:28 . 2008-03-18 17:29 1,526,075 ---hs---- C:\WINDOWS\system32\inkssidr.ini
2008-03-17 13:17 . 2008-03-17 16:32 1,359,185 ---hs---- C:\WINDOWS\system32\cqswyuvb.ini
2008-03-17 07:36 . 2008-03-17 07:36 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\Lavasoft
2008-03-16 13:17 . 2008-03-16 18:27 1,366,863 ---hs---- C:\WINDOWS\system32\xtgwkesj.ini
2008-03-16 13:11 . 2008-03-16 13:11 63 --a------ C:\WINDOWS\system32\b04005f7
2008-03-16 12:56 . 2008-03-16 12:57 <REP> d-------- C:\Program Files\RegCure
2008-03-15 15:54 . 2008-03-15 15:54 <REP> d-------- C:\Program Files\uTorrent
2008-03-15 15:54 . 2008-03-15 16:17 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\uTorrent
2008-03-15 08:44 . 2008-03-15 08:44 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-11 16:42 . 2008-03-11 16:42 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\InstallShield
2008-03-09 16:11 . 2008-03-09 16:11 <REP> d-------- C:\Program Files\Eidos
2008-03-09 16:10 . 2008-03-09 16:10 <REP> d-------- C:\Program Files\OpenAL
2008-03-09 16:10 . 2008-01-08 16:00 799,424 -ra------ C:\WINDOWS\system32\tmpA.tmp
2008-03-09 16:10 . 2008-01-08 16:00 799,424 -ra------ C:\WINDOWS\system32\tmp9.tmp
2008-03-09 16:10 . 2008-03-09 16:10 418,480 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-09 16:10 . 2008-03-09 16:10 115,432 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-05 21:28 . 2008-03-05 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-05 20:26 . 2008-04-02 16:48 <REP> d-------- C:\Program Files\World of Warcraft
2008-03-05 18:36 . 2008-03-05 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 21:52 --------- d-----w C:\Program Files\GetRight
2008-04-02 21:45 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\LimeWire
2008-04-01 23:06 --------- d-----w C:\Program Files\LimeWire
2008-04-01 22:18 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\DMCache
2008-03-30 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 15:56 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-29 12:21 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\GetRight
2008-03-29 04:10 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\BitTorrent
2008-03-20 15:52 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\Xfire
2008-03-09 20:22 --------- d-----w C:\Program Files\GameShadow
2008-03-09 20:17 --------- d-----w C:\Program Files\Warcraft III
2008-03-06 01:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-06 00:26 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-03-03 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 21:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-01 17:14 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-01 17:08 --------- d-----w C:\Program Files\Windows Live
2008-02-25 23:45 --------- d-----w C:\Program Files\GameSpy Arcade
2008-02-23 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-02-23 13:57 --------- d-----w C:\Program Files\Game Cam V2
2008-02-23 05:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 02:37 --------- d-----w C:\Program Files\PQDVD
2008-02-23 00:30 --------- d-----w C:\Program Files\Xvid
2008-02-22 22:46 --------- d-----w C:\Program Files\Ocean Journey 3D Screensaver
2008-02-22 21:20 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\LEGO Company
2008-02-18 22:43 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\Apple Computer
2008-02-18 22:29 --------- d-----w C:\Program Files\QuickTime
2008-02-18 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-18 22:28 --------- d-----w C:\Program Files\Apple Software Update
2008-02-18 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-18 15:23 22,328 ----a-w C:\Documents and Settings\Anthony et Jeremy\Application Data\PnkBstrK.sys
2008-02-18 13:03 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2008-02-18 02:29 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\My Battle for Middle-earth(tm) II Files
2008-02-17 19:37 --------- d-----w C:\Program Files\PROSUM
2008-02-17 15:17 --------- d-----w C:\Program Files\DNA
2008-02-16 16:54 --------- d-----w C:\Program Files\BoltSoft
2008-02-11 21:16 --------- d-----w C:\Program Files\Fichiers communs\CANON
2008-02-11 21:16 --------- d-----w C:\Program Files\Canon
2008-02-11 21:14 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-02-11 21:13 --------- d--h--w C:\Program Files\CanonBJ
2008-02-03 00:47 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\IDM
2008-02-01 19:19 0 ------r C:\logwmemory.bin
2008-01-12 21:06 32,880 ----a-w C:\Documents and Settings\Anthony et Jeremy\Application Data\GDIPFONTCACHEV1.DAT
2008-01-07 16:04 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-12-25 03:15 22,328 ------w C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
2004-02-24 01:42 1,386,496 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30C4CAF4-F637-4F03-A8CA-14D618B06237}]
C:\WINDOWS\system32\pmkji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4bb3baa1-260e-4a40-9661-6e0868bc0897}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-24 22:42 32768]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Tok-Cirrhatus-3444"="C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 18:38 94208 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RAM Idle"="C:\Program Files\Customizer XP\RAMIdle.exe" [2002-01-11 14:17 104448]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [2005-09-14 21:44 65536]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-16 21:20 398944]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"b0401779"="C:\WINDOWS\system32\rdisskni.dll" [ ]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-11 12:27 151597]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2005-05-31 01:04 4393096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:54 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljighi]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a--c--- 2004-08-12 20:43 537088 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-22 16:02 287040 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:54 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
C:\Program Files\ErrorSmart\ErrorSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 16:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 23:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
--a------ 2005-08-24 19:25 101080 C:\Program Files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
--a------ 2004-08-02 18:36 1122304 C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle]
--a------ 2002-01-11 14:17 104448 C:\Program Files\Customizer XP\RAMIdle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 16:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-03-21 02:49 16126464 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 16:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
--a------ 2005-05-31 01:04 4393096 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-11 12:27 151597 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus-3444]
C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
--a------ 2001-08-28 08:00 77891 C:\WINDOWS\SYSTEM32\USRmlnkA.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\Anthony et Jeremy\\Bureau\\warsow\\warsow.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Anthony et Jeremy\\Mes documents\\Downloads\\Programs\\WoW-2.0.0-frfr-Installer.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Anthony et Jeremy\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v71B24F3E\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"C:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Sega\\The Club\\Launcher.exe"=
"C:\\Program Files\\Sega\\The Club\\TheClub.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6110:TCP"= 6110:TCP:6110

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-08-02 18:04]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 18:23]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2008-03-28 19:13]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-29 00:54]
S3 musbehco;musbehco;C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\musbehco.sys [2002-10-21 09:02]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 16:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5ff8ee-d5f4-11dc-a6aa-001bfcffa331}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\2 Copernic Daily ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\2 Copernic Daily ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\3 Copernic Weekly ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\3 Copernic Weekly ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\4 Copernic Monthly ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\4 Copernic Monthly ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2008-03-21 18:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-03 20:34:23 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-16 17:12:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 16:34:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-03 16:37:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-03 20:37:43
Pre-Run: 25,378,107,392 octets libres
Post-Run: 25,267,703,808 octets libres
.
2008-02-20 02:17:14 --- E O F ---
0
Réponse 9 / 36
Utilisateur anonyme
3 avril 2008 à 23:00
je travail sur ton rapport j'ai besoin d'un nouveau rapport hijackthis stp
0
Réponse 10 / 36
darktemplar242
3 avril 2008 à 23:03
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:46, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Customizer XP\RAMIdle.exe
C:\WINDOWS\UMStor\Res.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmosite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30C4CAF4-F637-4F03-A8CA-14D618B06237} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.fr.fr-ca\msntb.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAMIdle.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [b0401779] rundll32.exe "C:\WINDOWS\system32\rdisskni.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix /autoclose
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-3444] "C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.family.my/c/online-e-games
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109046768267
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: bw+0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {469EAE39-05AF-4475-944B-DACF06664CFD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mljighi - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 11 / 36
Utilisateur anonyme
3 avril 2008 à 23:26
tu as vraiment un bon paquet d'infections !



fait ceci

Copie le texte ci-dessous :



registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30C4CAF4-F637-4F03-A8CA-14D618B06237}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4bb3baa1-260e-4a40-9661-6e0868bc0897}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tok-Cirrhatus-3444"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b0401779"=-

file::
C:\WINDOWS\system32\b04005f7
C:\WINDOWS\system32\tmpC.tmp
C:\WINDOWS\system32\tmpB.tmp
C:\WINDOWS\C6996F17923349EB8084E73E5272DAF4.TMP
C:\WINDOWS\system32\vxgvqnuu.ini
C:\WINDOWS\system32\ffeccqhq.ini
C:\WINDOWS\system32\viaojsnt.ini
C:\WINDOWS\system32\tgvxqqyo.ini
C:\WINDOWS\system32\lyhdwsrn.ini
C:\WINDOWS\system32\xwccjdlm.ini
C:\WINDOWS\system32\whntopsb.ini
C:\WINDOWS\system32\ragnfwib.ini
C:\WINDOWS\system32\vbmaoutt.ini
C:\WINDOWS\system32\fetcnwgs.ini
C:\WINDOWS\system32\yyddbwar.ini
C:\WINDOWS\system32\bsdxbjaq.ini
C:\WINDOWS\system32\ywjctfsd.ini
C:\WINDOWS\system32\inkssidr.ini
C:\WINDOWS\system32\cqswyuvb.ini
C:\WINDOWS\system32\xtgwkesj.ini
C:\WINDOWS\system32\tmpA.tmp
C:\WINDOWS\system32\tmp9.tmp
C:\WINDOWS\system32\pmkji.dll
C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe
C:\WINDOWS\system32\rdisskni.dll




Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans combofix comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport combofix.txt
0
Réponse 12 / 36
darktemplar242
3 avril 2008 à 23:54
jsais pas si cest normal mais ya pas eu de 1 ou 2 et ni de redémarrage requis... cetait presque parreil comme la premierre fois que je lai executé mais pas les memes noms de fichiers...


ComboFix 08-04-03.3 - Anthony et Jeremy 2008-04-03 17:47:37.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1548 [GMT -4:00]
Endroit: C:\Documents and Settings\Anthony et Jeremy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Anthony et Jeremy\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe
C:\WINDOWS\C6996F17923349EB8084E73E5272DAF4.TMP
C:\WINDOWS\system32\b04005f7
C:\WINDOWS\system32\bsdxbjaq.ini
C:\WINDOWS\system32\cqswyuvb.ini
C:\WINDOWS\system32\fetcnwgs.ini
C:\WINDOWS\system32\ffeccqhq.ini
C:\WINDOWS\system32\inkssidr.ini
C:\WINDOWS\system32\lyhdwsrn.ini
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\ragnfwib.ini
C:\WINDOWS\system32\rdisskni.dll
C:\WINDOWS\system32\tgvxqqyo.ini
C:\WINDOWS\system32\tmp9.tmp
C:\WINDOWS\system32\tmpA.tmp
C:\WINDOWS\system32\tmpB.tmp
C:\WINDOWS\system32\tmpC.tmp
C:\WINDOWS\system32\vbmaoutt.ini
C:\WINDOWS\system32\viaojsnt.ini
C:\WINDOWS\system32\vxgvqnuu.ini
C:\WINDOWS\system32\whntopsb.ini
C:\WINDOWS\system32\xtgwkesj.ini
C:\WINDOWS\system32\xwccjdlm.ini
C:\WINDOWS\system32\ywjctfsd.ini
C:\WINDOWS\system32\yyddbwar.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Anthony et Jeremy\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\Anthony et Jeremy\Local Settings\Temporary Internet Files\ijjistarter2.exe
C:\WINDOWS\system32\b04005f7
C:\WINDOWS\system32\bsdxbjaq.ini
C:\WINDOWS\system32\cqswyuvb.ini
C:\WINDOWS\system32\fetcnwgs.ini
C:\WINDOWS\system32\ffeccqhq.ini
C:\WINDOWS\system32\inkssidr.ini
C:\WINDOWS\system32\lssexp.dll
C:\WINDOWS\system32\lyhdwsrn.ini
C:\WINDOWS\system32\ragnfwib.ini
C:\WINDOWS\system32\tgvxqqyo.ini
C:\WINDOWS\system32\tmp9.tmp
C:\WINDOWS\system32\tmpA.tmp
C:\WINDOWS\system32\tmpB.tmp
C:\WINDOWS\system32\tmpC.tmp
C:\WINDOWS\system32\vbmaoutt.ini
C:\WINDOWS\system32\viaojsnt.ini
C:\WINDOWS\system32\vxgvqnuu.ini
C:\WINDOWS\system32\whntopsb.ini
C:\WINDOWS\system32\xtgwkesj.ini
C:\WINDOWS\system32\xwccjdlm.ini
C:\WINDOWS\system32\ywjctfsd.ini
C:\WINDOWS\system32\yyddbwar.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 18:40 . 2008-04-02 18:47 <REP> d-------- C:\VundoFix Backups
2008-04-02 18:15 . 2008-04-02 18:15 <REP> d-------- C:\Program Files\Trend Micro
2008-03-31 16:26 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 16:26 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 16:18 . 2008-04-03 16:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-31 16:18 . 2008-03-31 16:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 13:18 . 2008-03-30 13:18 <REP> d-------- C:\Program Files\Lionhead Studios
2008-03-30 12:10 . 2008-03-30 12:10 <REP> d-------- C:\WINDOWS\system32\xlive
2008-03-30 12:10 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-30 12:10 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-30 12:10 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-30 12:10 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-30 11:58 . 2008-03-30 11:58 <REP> d-------- C:\Program Files\Sega
2008-03-29 11:56 . 2008-03-29 11:56 <REP> d-------- C:\WINDOWS\C6996F17923349EB8084E73E5272DAF4.TMP
2008-03-29 11:51 . 2008-03-29 11:51 <REP> d-------- C:\Program Files\Timeline Interactive
2008-03-28 23:43 . 2008-03-28 23:43 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2008-03-28 20:11 . 2008-03-29 21:04 <REP> d-------- C:\Program Files\Eternal Lands
2008-03-28 19:13 . 2008-03-28 19:13 78,848 --a------ C:\WINDOWS\system32\drivers\SSHDRV85.sys
2008-03-22 16:01 . 2008-04-02 18:40 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\DNA
2008-03-21 19:00 . 2008-03-21 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-21 17:19 . 2008-03-21 18:54 <REP> d-------- C:\Program Files\Ubisoft
2008-03-20 19:05 . 2008-03-20 19:41 <REP> d-------- C:\Program Files\WowCartographe
2008-03-18 07:11 . 2008-03-18 07:11 <REP> d-------- C:\users
2008-03-18 07:04 . 2008-03-18 07:08 <REP> d-------- C:\Program Files\Fichiers communs\Softimage
2008-03-18 07:03 . 2008-03-18 07:08 <REP> d-------- C:\Softimage
2008-03-18 07:03 . 2007-08-14 18:12 45,056 --------- C:\WINDOWS\system32\XSIChooser.exe
2008-03-17 07:36 . 2008-03-17 07:36 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\Lavasoft
2008-03-16 12:56 . 2008-03-16 12:57 <REP> d-------- C:\Program Files\RegCure
2008-03-15 15:54 . 2008-03-15 15:54 <REP> d-------- C:\Program Files\uTorrent
2008-03-15 15:54 . 2008-03-15 16:17 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\uTorrent
2008-03-15 08:44 . 2008-03-15 08:44 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-11 16:42 . 2008-03-11 16:42 <REP> d-------- C:\Documents and Settings\Anthony et Jeremy\Application Data\InstallShield
2008-03-09 16:11 . 2008-03-09 16:11 <REP> d-------- C:\Program Files\Eidos
2008-03-09 16:10 . 2008-03-09 16:10 <REP> d-------- C:\Program Files\OpenAL
2008-03-09 16:10 . 2008-03-09 16:10 418,480 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-09 16:10 . 2008-03-09 16:10 115,432 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-05 21:28 . 2008-03-05 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-05 20:26 . 2008-04-02 16:48 <REP> d-------- C:\Program Files\World of Warcraft
2008-03-05 18:36 . 2008-03-05 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 21:44 --------- d-----w C:\Program Files\GetRight
2008-04-02 21:45 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\LimeWire
2008-04-01 23:06 --------- d-----w C:\Program Files\LimeWire
2008-04-01 22:18 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\DMCache
2008-03-30 17:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-29 15:56 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-29 12:21 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\GetRight
2008-03-29 04:10 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\BitTorrent
2008-03-20 15:52 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\Xfire
2008-03-14 20:43 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-09 20:22 --------- d-----w C:\Program Files\GameShadow
2008-03-09 20:17 --------- d-----w C:\Program Files\Warcraft III
2008-03-06 01:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-06 00:26 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-03-03 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 21:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-03 21:58 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-01 17:14 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-01 17:08 --------- d-----w C:\Program Files\Windows Live
2008-02-25 23:45 --------- d-----w C:\Program Files\GameSpy Arcade
2008-02-23 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-02-23 20:49 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-23 13:57 --------- d-----w C:\Program Files\Game Cam V2
2008-02-23 05:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 02:37 --------- d-----w C:\Program Files\PQDVD
2008-02-23 00:30 --------- d-----w C:\Program Files\Xvid
2008-02-22 22:46 --------- d-----w C:\Program Files\Ocean Journey 3D Screensaver
2008-02-22 21:20 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\LEGO Company
2008-02-18 22:43 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\Apple Computer
2008-02-18 22:29 --------- d-----w C:\Program Files\QuickTime
2008-02-18 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-18 22:28 --------- d-----w C:\Program Files\Apple Software Update
2008-02-18 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-18 15:23 22,328 ----a-w C:\Documents and Settings\Anthony et Jeremy\Application Data\PnkBstrK.sys
2008-02-18 13:03 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2008-02-18 02:29 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\My Battle for Middle-earth(tm) II Files
2008-02-17 19:37 --------- d-----w C:\Program Files\PROSUM
2008-02-17 16:13 5,120 ----a-w C:\WINDOWS\system32\BReWErS.dll
2008-02-17 15:17 --------- d-----w C:\Program Files\DNA
2008-02-16 16:54 --------- d-----w C:\Program Files\BoltSoft
2008-02-11 21:16 --------- d-----w C:\Program Files\Fichiers communs\CANON
2008-02-11 21:16 --------- d-----w C:\Program Files\Canon
2008-02-11 21:14 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-02-11 21:13 --------- d--h--w C:\Program Files\CanonBJ
2008-02-03 01:29 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-02-03 00:47 --------- d-----w C:\Documents and Settings\Anthony et Jeremy\Application Data\IDM
2008-02-01 19:19 0 ------r C:\logwmemory.bin
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-01-12 21:06 32,880 ----a-w C:\Documents and Settings\Anthony et Jeremy\Application Data\GDIPFONTCACHEV1.DAT
2008-01-07 20:24 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-01-07 16:04 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-12-25 03:15 22,328 ------w C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
2004-02-24 01:42 1,386,496 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-24 22:42 32768]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 18:38 94208 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RAM Idle"="C:\Program Files\Customizer XP\RAMIdle.exe" [2002-01-11 14:17 104448]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [2005-09-14 21:44 65536]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-16 21:20 398944]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-11 12:27 151597]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2005-05-31 01:04 4393096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:54 15360]

C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2004-09-11 12:37:55 45056]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-24 22:42:40 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-24 22:41:44 573440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljighi]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a--c--- 2004-08-12 20:43 537088 C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-22 16:02 287040 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:54 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
C:\Program Files\ErrorSmart\ErrorSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-05-15 16:55 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 23:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
--a------ 2005-08-24 19:25 101080 C:\Program Files\Microsoft Location Finder\LocationFinder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
--a------ 2004-08-02 18:36 1122304 C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle]
--a------ 2002-01-11 14:17 104448 C:\Program Files\Customizer XP\RAMIdle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 16:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-03-21 02:49 16126464 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-05-15 16:55 1628208 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
--a------ 2005-05-31 01:04 4393096 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-09-11 12:27 151597 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus-3444]
C:\Documents and Settings\Anthony et Jeremy\Local Settings\Application Data\br7911on.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
--a------ 2001-08-28 08:00 77891 C:\WINDOWS\SYSTEM32\USRmlnkA.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\Anthony et Jeremy\\Bureau\\warsow\\warsow.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Anthony et Jeremy\\Mes documents\\Downloads\\Programs\\WoW-2.0.0-frfr-Installer.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Anthony et Jeremy\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v71B24F3E\\Native\\STUBEXE\\@PROGRAMFILES@\\Kuma Games\\Kuma.exe"=
"C:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Sega\\The Club\\Launcher.exe"=
"C:\\Program Files\\Sega\\The Club\\TheClub.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6110:TCP"= 6110:TCP:6110

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-08-02 18:04]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 18:23]
R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2008-03-28 19:13]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-29 00:54]
S3 musbehco;musbehco;C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\musbehco.sys []
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 16:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5ff8ee-d5f4-11dc-a6aa-001bfcffa331}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\2 Copernic Daily ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\2 Copernic Daily ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\3 Copernic Weekly ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\3 Copernic Weekly ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2007-12-24 02:20:43 C:\WINDOWS\Tasks\4 Copernic Monthly ~AMD690 Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2004-09-11 00:43:21 C:\WINDOWS\Tasks\4 Copernic Monthly ~INTEL Admin.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2008-03-21 18:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-03 21:00:00 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-16 17:12:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 17:49:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-03 17:49:57
ComboFix-quarantined-files.txt 2008-04-03 21:49:41
ComboFix2.txt 2008-04-03 20:37:47
Pre-Run: 25,533,255,680 octets libres
Post-Run: 25,485,651,968 octets libres
.
2008-02-20 02:17:14 --- E O F ---
0
Réponse 13 / 36
Utilisateur anonyme
4 avril 2008 à 09:00
Bonjour il te reste une grosse infection capricieuse on va changer d'outil

télécharge cet utilitaire de désinfection :
http://vaksin.com/File/Fix-VBWorm-Rontok-Lightmoon.exe

Enregistres-le sur ton bureau.
Double clic sur l'icône de Fix-VBWorm-Rontok-Lightmoon.exe sur ton bureau.

Vérifie que tous tes disques durs/clés sont présents dans la liste et clique sur [Start scan].

A la fin du scan, un rapport sera généré sur ton bureau avec comme nom :
NFix_aaaa-mm-jj_hh-mm-ss.log (aaaa-mm-jj_hh-mm-ss = date et heure)

Copie et colle tous le contenu de ce rapport dans ton prochain message.

Ensuite ouvre le menu demarrer
Dans ""exécuter" tapes ou copie ceci:
cmd /c dir /a /s "F:\Perso">>"%userprofile%\bureau\snif.txt"
valide.
Sur ton bureau tu trouvera un fichier nommé snif.txt, poste aussi son contenu.
0
Réponse 14 / 36
darktemplar242
4 avril 2008 à 13:25
ya un disque dur que je doit pas toucher alors jveut rien endomager dessu(je ne doit pas non plus lutiliser)
il y a tout les backups de norton ghost
0
Réponse 15 / 36
darktemplar242
4 avril 2008 à 14:04
Norman Generic Fix
Copyright © 1990 - 2006, Norman ASA. Built 2006/12/07 10:49:23

Norman Scanner Engine Version: 5.90.27
Nvcbin.def Version: 5.90.00, Date: 2006/12/07 10:49:23, Variants: 1469
Nvcmacro.def Version: 5.90.00, Date: 2006/05/30 09:17:46, Variants: 12

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: AMD690\Anthony et Jeremy

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00D9B8A0


Scan started: 04/04/2008 07:33:57


Scanning running processes and process memory...

Number of processes/threads found: 2095
Number of processes/threads scanned: 2095
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 0 minutes 09 seconds


Scanning file system...

C:\*.*


C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file)
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)
D:\*.*



Running post-scan cleanup routine:


Number of files found: 146208
Number of archives unpacked: 6635
Number of files scanned: 146153
Number of files not scanned: 55
Number of files skipped due to exclude list: 8
Number of infections found: 1
Number of infected files repaired/deleted: 0
Total scanning time: 24 minutes 27 seconds
0
Réponse 16 / 36
darktemplar242
4 avril 2008 à 14:08
ese que jdoi supprimer

root.img

moi meme en lenvoyant a la corbeille?
0
Réponse 17 / 36
darktemplar242
4 avril 2008 à 14:17
ton affaire en utilisant cmd jai dla misere,tu pourrai mieu expliquer avant les 30 prochaines minutes?

il est 8:16 ici et a 9:00 je pars jusqua 4:30
0
Réponse 18 / 36
darktemplar242
4 avril 2008 à 14:24
tu peut me faire une exemple de la cmd?
0
Réponse 19 / 36
Utilisateur anonyme
4 avril 2008 à 14:24
ce n'est pas tres complexe

Ensuite ouvre le menu demarrer


va dans ""exécuter" copie et colle ceci:

cmd /c dir /a /s "F:\Perso">>"%userprofile%\bureau\snif.txt"

et tu valide.
Sur ton bureau tu trouvera un fichier nommé snif.txt, poste aussi son contenu.
0
Réponse 20 / 36
darktemplar242
4 avril 2008 à 14:38
Le volume dans le lecteur F s'appelle BW2_DISC1
Le num‚ro de s‚rie du volume est C044-ED7E


sa sert a quoi?sa dit juste que jai black&white 2 dans le lecteur
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses