Hacker dans mon PC ??? Résolu/Fermé

Question

Bonjour,

j'ai eu un message dans mon msn via mon courrier qu'il y a ue une tentive de hacker dans mon pc mon courrier me donne les info du hack mes je ces pas ci il a reuci a me hacker car le message que j'ai eu dit ceci --->>> Quelqu'un avec l'adresse IP XXXXXXXXXXXXXX a tenté de changer le mot de passe de l'administrateur principal. 

j'aimerais savoir doux ça proviens merci de m'aider @+

ludsfa · Answer

salut,


désactive l'uac

https://forum.malekal.com/viewtopic.php?f=59&t=6517


Téléchargez MSNFix.zip (de !aur3n7) sur ton bureau:

    * http://sosvirus.changelog.fr/MSNFix.zip


Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).
Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.


Note :
-Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt


poste le rapport.

Serial - Killer · Answer

salut voici ce que tu ma demander loll

MSNFix 1.717  
 
C:\MSNFix 
Fix exécuté le Sat 05/24/2008 - 10:59:22.84 By JockeR 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\Users\JockeR\AppData\Local\Tempemovalfile.bat 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\Users\JockeR\AppData\Local\Tempemovalfile.bat  
 
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
Aucun Fichier trouvé 
 
 
 
************************ Fichiers suspects 
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention 
 
[C:\Windows\system32\wininit.exe] 101BA3EA053480BB5D957EF37C06B5ED 
[C:\Windows\system32\winload.exe] BB82A604FCC5A930696962A27F1C9760 
[C:\Windows\system32\winresume.exe] E3770E54B0864B93DF82C2E35F5AB20D 
[C:\Windows\system32\winrs.exe] 24AB1404A479AFEEC112079D9AF12A0D 
[C:\Windows\system32\winrshost.exe] 8F26CCF26436315033192266A7135FF5 
[C:\Windows\system32\WinSAT.exe] 550E83EEE739D1C25A49E70F038EC816 
[C:\Windows\system32
vvsvc.exe] F397A6FA4B83D243AD25A1DC401237A0 

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier  [b] C:\Users\JockeR\Desktop\Upload_Me.zip /b sur http://upload.changelog.fr

 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier Sat 05242008_111305.52.zip
 
************************ HKLM\...\Winlogon\Userinit 
 
Userinit = C:\Windows\system32\userinit.exe, 

------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

ludsfa · Answer

on continue,


Téléchargez HijackThis sur votre bureau:

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Faîtes un clic droit sur HijackThis.exe et choisissez Renommer puis renommez-le Sanner.exe.

Ceci est très important car cette infection assez coriace peut être masquée sous HijackThis si l'outil n'est pas renommé avant tout scan !

Ensuite double-cliquez sur Scanner.exe puis sur OK sur le message qu'HijackThis va vous envoyer.

Dans HijackThis, cliquez sur "Do a system scan and save a Logfile" : cela va scanner puis ouvrir un rapport dans le bloc-notes.


poste ce rapport.

Serial - Killer · Answer

re salut 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:40 AM, on 5/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JockeR\Desktop\Sanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {2ECA87E3-FAC2-471B-B474-41EDE6AAAB88} - C:\Windows\system32\ssqOEUNF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcDtRLd.dll,#1
O4 - HKLM\..\Run: [d21d4a0a] rundll32.exe "C:\Windows\system32\cwwabpms.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcAppFlt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

ludsfa · Answer

on continue,



1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».
 
2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !
 
Télécharge Combofix de sUBs: http://download.bleepingcomputer.com/sUBs/ComboFix.exe  
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
 
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt
 
3) Copie/colle un nouveau rapport HiJackThis avec.

Serial - Killer · Answer

re salut voici un compte rendu du log de combofix et de hijackthis ComboFix 08-05-21.3 - JockeR 2008-05-24 11:55:44.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.2.1036.18.1706 [GMT -4:00] Endroit: C:\Users\JockeR\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\cmnhiaai.ini C:\Windows\system32\ddcDtRLd.dll C:\Windows\System32\FNUEOqss.ini C:\Windows\System32\FNUEOqss.ini2 C:\Windows\system32\lgrvpbyu.exe C:\Windows\System32\qnoejdtj.ini C:\Windows\system32\qoMgfDWm.dll C:\Windows\System32\smpbawwc.ini C:\Windows\system32\ssqOEUNF.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . 2008-05-24 11:00 . 2008-05-24 11:00 115,200 --a------ C:\Windows\System32\cwwabpms.dll 2008-05-24 10:57 . 2008-05-24 11:13 d-------- C:\MSNFix 2008-05-24 08:47 . 2008-05-24 08:47 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-24 08:47 . 2008-05-24 08:47 1,409 --a------ C:\Windows\QTFont.for 2008-05-23 22:54 . 2008-05-23 22:54 d-------- C:\Program Files\MagicDVDRipper 2008-05-23 21:16 . 2008-05-23 21:17 38 --a------ C:\Windows\avisplitter.INI 2008-05-23 20:23 . 2008-05-23 21:10 d-------- C:\Temp\E-- 2008-05-23 19:33 . 2008-05-23 19:35 d-------- C:\Users\All Users\DVD Shrink 2008-05-23 19:33 . 2008-05-23 19:35 d-------- C:\ProgramData\DVD Shrink 2008-05-23 19:11 . 2008-05-23 19:11 d-------- C:\Program Files\AVSMedia 2008-05-23 19:10 . 2008-05-23 19:26 d-------- C:\Program Files\Common Files\AVSMedia 2008-05-23 14:58 . 2008-05-23 15:36 d-------- C:\Program Files\DVDFab Platinum 4 2008-05-22 16:47 . 2008-05-22 16:47 d-------- C:\Program Files\Stardock 2008-05-22 16:32 . 2008-05-22 16:33 d-------- C:\Program Files\Unlocker 2008-05-22 16:14 . 2008-05-22 16:14 0 --------- C:\Windows\WB.ini 2008-05-22 16:12 . 2008-04-26 16:14 58,792 --------- C:\Windows\System32\wbload.dll 2008-05-22 16:12 . 2008-04-26 16:14 42,672 --------- C:\Windows\System32\wbsys.dll 2008-05-22 10:34 . 2008-05-22 10:53 d-------- C:\Program Files\Astonsoft 2008-05-22 07:04 . 2008-05-22 07:04 d-------- C:\Program Files\K-Lite Codec Pack 2008-05-21 10:45 . 2008-05-23 20:23 d-------- C:\Temp 2008-05-21 10:42 . 2008-05-21 10:42 d-------- C:\Program Files\Xilisoft 2008-05-21 08:35 . 2008-05-21 08:35 d-------- C:\Program Files\eRightSoft 2008-05-21 08:35 . 2008-05-21 08:35 d-------- C:\Program Files\AviSynth 2.5 2008-05-20 23:02 . 2008-05-20 23:02 d-------- C:\Users\All Users\Ubisoft 2008-05-20 23:02 . 2008-05-20 23:02 d-------- C:\ProgramData\Ubisoft 2008-05-20 23:01 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll 2008-05-20 23:01 . 2008-05-20 23:01 2,337,865 --a------ C:\Windows\System32\pbsvc.exe 2008-05-20 23:01 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll 2008-05-20 23:01 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll 2008-05-20 23:01 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll 2008-05-20 23:01 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll 2008-05-20 23:01 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll 2008-05-20 23:01 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll 2008-05-20 22:51 . 2008-05-20 22:51 d-------- C:\Program Files\Ubisoft 2008-05-20 19:41 . 2008-05-20 19:41 d-------- C:\Windows vidia icons 2008-05-20 19:27 . 2008-05-20 19:27 d-------- C:\Program Files\Marvell 2008-05-20 17:35 . 2008-05-20 17:35 d-------- C:\Windows\PCHEALTH 2008-05-20 17:10 . 2008-05-20 17:11 d-------- C:\Program Files\vLite 2008-05-20 17:10 . 2008-01-19 00:43 131,000 --a------ C:\Windows\System32\drivers\WimFltr.sys 2008-05-20 12:37 . 2008-05-20 12:37 d-------- C:\Program Files\Common Files\Steam 2008-05-20 12:32 . 2008-05-20 21:10 d-------- C:\Program Files\Steam 2008-05-20 12:16 . 2008-05-20 12:26 d-------- C:\Users\All Users\Xfire 2008-05-20 12:16 . 2008-05-20 12:26 d-------- C:\ProgramData\Xfire 2008-05-20 12:16 . 2008-05-20 12:16 d-------- C:\Program Files\Xfire 2008-05-20 11:40 . 2008-05-20 11:41 d-------- C:\Program Files\Project64 1.6 2008-05-20 11:29 . 2008-05-20 11:29 d-------- C:\Users\All Users\FLEXnet 2008-05-20 11:29 . 2008-05-20 11:29 d-------- C:\ProgramData\FLEXnet 2008-05-20 10:49 . 2008-05-20 10:49 d-------- C:\Program Files\Common Files\Control Panels 2008-05-20 10:48 . 2008-05-20 10:48 d-------- C:\Users\All Users\ALM 2008-05-20 10:48 . 2008-05-20 10:48 d-------- C:\ProgramData\ALM 2008-05-20 10:40 . 2008-05-20 10:40 d-------- C:\Program Files\QuickTime 2008-05-20 10:38 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll 2008-05-20 10:36 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll 2008-05-20 10:36 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe 2008-05-20 10:34 . 2008-05-20 11:29 d-------- C:\Users\All Users\Adobe 2008-05-20 10:31 . 2008-05-20 10:31 d-------- C:\Program Files\Bonjour 2008-05-20 10:28 . 2008-05-20 10:28 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-05-20 10:26 . 2008-05-20 10:50 d-------- C:\Program Files\Common Files\Adobe 2008-05-20 09:53 . 2008-05-20 09:53 d-------- C:\Program Files\FileZilla FTP Client 2008-05-19 03:59 . 2008-05-19 04:01 d-------- C:\Program Files Factor 2008-05-19 01:57 . 2008-05-19 01:57 d-------- C:\Program Files\Ventrilo 2008-05-18 09:22 . 2008-05-18 09:22 d-------- C:\Program Files\Cool Beans NFO Creator 2008-05-18 09:21 . 2008-05-18 09:21 d-------- C:\Program Files\MediaInfo 2008-05-18 09:00 . 2008-05-18 09:00 d-------- C:\Program Files\DAMN NFO Viewer 2008-05-17 15:20 . 2008-05-17 15:20 d-------- C:\Program Files\UltraISO 2008-05-17 15:20 . 2008-05-17 15:20 d-------- C:\Program Files\Common Files\EZB Systems 2008-05-17 13:38 . 2008-05-23 15:30 d-------- C:\Users\All Users\vsosdk 2008-05-17 13:38 . 2008-05-23 15:30 d-------- C:\ProgramData\vsosdk 2008-05-17 13:06 . 2008-05-17 13:06 d-------- C:\Program Files\VSO 2008-05-17 13:06 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll 2008-05-17 13:06 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll 2008-05-17 13:06 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll 2008-05-17 13:06 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll 2008-05-17 13:06 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll 2008-05-17 13:06 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll 2008-05-17 13:06 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll 2008-05-17 13:06 . 2008-05-17 13:06 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys 2008-05-17 12:10 . 2008-05-17 12:10 d-------- C:\Users\All Users\Messenger Plus! 2008-05-17 12:10 . 2008-05-17 12:10 d-------- C:\ProgramData\Messenger Plus! 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\Users\All Users\TechSmith 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\ProgramData\TechSmith 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\Program Files\TechSmith 2008-05-17 11:09 . 2008-05-19 01:57 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 10:46 . 2008-05-17 10:46 d-------- C:\Users\All Users\Apple Computer 2008-05-17 10:46 . 2008-05-17 10:46 d-------- C:\ProgramData\Apple Computer 2008-05-17 10:46 . 2008-05-22 17:01 d-------- C:\Program Files\QuickTime Alternative 2008-05-17 10:46 . 2008-03-28 21:07 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-05-17 10:46 . 2008-03-28 21:07 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-05-17 10:09 . 2008-05-17 10:09 d-------- C:\Program Files\Messenger Plus! Live 2008-05-17 09:38 . 2008-05-17 09:38 d-------- C:\Users\All Users\Google 2008-05-17 09:33 . 2008-05-17 09:33 d-------- C:\Program Files\KC Softwares 2008-05-17 09:27 . 2008-05-17 09:27 d-------- C:\Users\All Users\GRETECH 2008-05-17 09:27 . 2008-05-17 09:27 d-------- C:\ProgramData\GRETECH 2008-05-17 09:24 . 2008-05-17 09:24 d-------- C:\Program Files\GRETECH 2008-05-17 09:18 . 2008-05-17 09:18 d-------- C:\Program Files\GlobalSCAPE 2008-05-17 08:32 . 2008-05-17 08:54 d-------- C:\Program Files\uTorrent 2008-05-16 22:39 . 2008-05-16 22:39 d-------- C:\Program Files\CCleaner 2008-05-16 21:00 . 2008-05-16 21:01 d-------- C:\Program Files\RivaTuner v2.07 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\Users\All Users\SonicFocus 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\ProgramData\SonicFocus 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\Program Files\Creative 2008-05-16 20:29 . 2007-02-26 13:57 1,495,040 --------- C:\Windows\System32\adi_oal.dll 2008-05-16 20:29 . 2008-05-16 20:29 409,600 --a------ C:\Windows\System32\wrap_oal.dll 2008-05-16 20:29 . 2008-05-16 20:29 114,688 --a------ C:\Windows\System32\OpenAL32.dll 2008-05-16 20:28 . 2008-05-16 20:29 d-------- C:\Program Files\Analog Devices 2008-05-16 20:25 . 2008-05-16 20:25 d-------- C:\Program Files\TeamSpeak3 2008-05-16 17:48 . 2008-05-16 17:49 d-------- C:\Program Files\OpenOffice.org 2.4 2008-05-16 16:38 . 2008-05-16 16:38 268 --ah----- C:\sqmdata00.sqm 2008-05-16 16:38 . 2008-05-16 16:38 244 --ah----- C:\sqmnoopt00.sqm 2008-05-16 16:33 . 2008-05-16 16:34 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-16 16:32 . 2008-05-16 16:32 d-------- C:\Windows\System32\Macromed 2008-05-16 16:32 . 2008-05-20 17:32 d-------- C:\Users\All Users\WLInstaller 2008-05-16 16:32 . 2008-05-20 17:32 d-------- C:\ProgramData\WLInstaller 2008-05-16 16:32 . 2008-05-20 17:36 d-------- C:\Program Files\Windows Live 2008-05-16 16:30 . 2008-05-16 16:30 d-------- C:\Windows\Sun 2008-05-16 16:29 . 2008-05-16 16:30 d-------- C:\Program Files\Java 2008-05-16 16:29 . 2008-05-16 16:29 d-------- C:\Program Files\Common Files\Java 2008-05-16 14:41 . 2008-05-16 14:41 d-------- C:\PerfLogs 2008-05-16 14:32 . 2008-05-16 14:16 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-05-16 14:32 . 2008-05-16 14:16 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-05-16 14:19 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-05-16 14:19 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32 ecdisc.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 18:50 174 --sha-w C:\Program Files\desktop.ini 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Mail 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Journal 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Calendar 2008-05-16 18:43 --------- d-----w C:\Program Files\Windows Defender 2008-05-16 16:40 --------- d-----w C:\Program Files\Microsoft Games 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Modèles 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Favoris 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Bureau 2008-05-16 14:10 --------- d-sh--w C:\Program Files\Fichiers communs 2008-05-03 09:46 7,460,320 ----a-w C:\Windows\system32\drivers vlddmkm.sys 2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll 2007-12-17 12:43 27,648 --sh--w C:\Windows\System32\Smab0.dll . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 14:35 1261568] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704] "d21d4a0a"="C:\Windows\system32\cwwabpms.dll" [2008-05-24 11:00 115200] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/05/2008 12:23:16 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\Windows\system32\ddcDtRLd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.divxa32"= msaud32_divx.acm "VIDC.XFR1"= xfcodec.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2997138340-1022646316-1929679594-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C8CD5254-DEFD-4D1A-970F-6B6FE9D91F54}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{576AAA20-FE94-4823-A8A9-E2324C5813B6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E0F018B3-FFB0-43F6-9117-5ADC38EF8524}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{65FC2579-C8C9-48C4-BDEE-1367955D5D83}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F64DB2C3-342B-4590-BB39-092CD71AF1FF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{0619A9E4-D784-4745-8264-D1AED4DEC2AD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{7384CA2C-75D3-471B-9977-B49C856FE84D}C:\program files\hlsw\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application "UDP Query User{ED773FE5-48A5-4208-9E33-FFD636230A84}C:\program files\hlsw\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application "{30DBA507-68D8-4E19-B483-D297240E962C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{D6CDC10E-C931-4D89-B8E6-A8F278852FDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{6BC89D51-1E47-49EB-99F5-9DD2BBEAD9F9}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe"= UDP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine "UDP Query User{7E776437-2262-43FB-8184-3713DD0A2FE0}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe"= TCP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine "{42FBC8DF-826A-481B-8F9E-63BF06E4ECF8}"= UDP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe "{94D51C92-BB8F-49BF-861B-F65BF7976987}"= TCP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe "TCP Query User{8E5581EF-3E1C-4F79-9920-314FC480D9FB}C:\program files\rfactor\rfactor.exe"= UDP:C:\program files factor factor.exe:rFactor "UDP Query User{D2540E1F-EC10-4E93-92AF-8E8D1F1222A1}C:\program files\rfactor\rfactor.exe"= TCP:C:\program files factor factor.exe:rFactor "{59CB7524-6317-4B3C-B7FA-F3229F776EC2}"= UDP:3703:Adobe Version Cue CS3 Server "{A68218A4-8097-4826-8FBC-9D9A3F59ECA5}"= UDP:3704:Adobe Version Cue CS3 Server "{EFC767DE-0A8E-45CF-B30C-D1A6E32D4E36}"= UDP:50900:Adobe Version Cue CS3 Server "{BB37AD3F-152F-4D29-9141-DCF103A2829A}"= UDP:50901:Adobe Version Cue CS3 Server "{0EC44F04-BAD6-4FA8-B8C9-618D7178B509}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{299E6CA6-2C60-49FD-B1E7-CBA114C92F3D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{38731B1B-7875-47ED-AFF4-9EE84DA16DC6}C:\program files\xfire\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{9E2F476B-0144-4552-A774-8C75F1B5BE99}C:\program files\xfire\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{58233186-4C51-4141-B305-3E4D1EAFF84A}C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2 "UDP Query User{0782E032-9BB1-4C91-A910-18DAB8306499}C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2 "{FE031A15-AEA0-4D34-AFEA-C05BE0FC89DC}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone) "{C4A642A0-D16F-4946-A236-40762F9424CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{8857FBB6-8E02-496C-82D4-A86F7F96B869}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{09EBD0D5-7CB7-4E00-91E0-0EE1DC4CD32E}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{A7ACFF30-6AA4-4505-ACDA-735144BCCA2B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{806DF4FF-2E8C-49AD-AED7-FB4988FA00F3}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "TCP Query User{18BD902E-F7F5-4A67-B0D4-EA65F9D1E821}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DFD2BBD2-F3B8-42DF-8F8F-8149A9B8DEFF}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{943AB690-82C9-40EA-8D3C-B940E0EBAFC3}F:\liberkey\apps\hfs\hfs.exe"= UDP:F:\liberkey\apps\hfs\hfs.exe:hfs "UDP Query User{42EBFF02-E7C2-42D4-9D95-B970C7718828}F:\liberkey\apps\hfs\hfs.exe"= TCP:F:\liberkey\apps\hfs\hfs.exe:hfs R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [2007-06-15 03:52] R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 07:41] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-20 12:37] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 12:02:24 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32 vvsvc.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\PnkBstrA.exe C:\Windows\System32\PnkBstrB.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32 SvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32 SvcIp.exe C:\Windows\System32 undll32.exe C:\Windows\System32\conime.exe C:\Windows\System32 undll32.exe C:\Windows\System32 undll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-24 12:07:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-24 16:06:41 Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Post-Run: 188,524,060,672 octets libres 286 --- E O F --- 2008-05-23 12:24:40 ---------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:19 PM, on 5/24/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32 askeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Windows\System32 undll32.exe C:\Windows\System32 undll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\JockeR\Desktop\Sanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [d21d4a0a] rundll32.exe "C:\Windows\system32\cwwabpms.dll",b O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32 SvcAppFlt.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32 SvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32 vvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

ludsfa · Answer

on continue



Désactive toute protection résidente ( antivirus…) !
 
Copie le texte se situanten gras ci-dessous:


file::
C:\Windows\WB.ini 
C:\Windows\avisplitter.INI 
C:\Windows\system32\ddcDtRLd.dll 

registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] 
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= 



Ouvre le Bloc-Notes puis colle le texte copié.  
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)  
Sauvegarde ce fichier sous le nom de CFScript.txt.  
 
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :  clic sur le lien pour voir comment on fait:
 
http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif
 
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.  
S'il n'y a pas de redémarrage, poste quand même les rapports.

Serial - Killer · Answer

Re voici les 2 rapport ComboFix 08-05-21.3 - JockeR 2008-05-24 12:29:15.2 - NTFSx86 Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.2.1036.18.1212 [GMT -4:00] Endroit: C:\Users\JockeR\Desktop\ComboFix.exe Command switches used :: C:\Users\JockeR\Desktop\CFScript..txt * Création d'un nouveau point de restauration FILE :: C:\Windows\avisplitter.INI C:\Windows\system32\ddcDtRLd.dll C:\Windows\WB.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\avisplitter.INI C:\Windows\WB.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . 2008-05-24 12:02 . 2008-05-24 12:07 354 ---hs---- C:\Windows\System32\smpbawwc.ini 2008-05-24 11:00 . 2008-05-24 11:00 115,200 --a------ C:\Windows\System32\cwwabpms.dll 2008-05-24 10:57 . 2008-05-24 11:13 d-------- C:\MSNFix 2008-05-24 08:47 . 2008-05-24 08:47 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-24 08:47 . 2008-05-24 08:47 1,409 --a------ C:\Windows\QTFont.for 2008-05-23 22:54 . 2008-05-23 22:54 d-------- C:\Program Files\MagicDVDRipper 2008-05-23 20:23 . 2008-05-23 21:10 d-------- C:\Temp\E-- 2008-05-23 19:33 . 2008-05-23 19:35 d-------- C:\Users\All Users\DVD Shrink 2008-05-23 19:33 . 2008-05-23 19:35 d-------- C:\ProgramData\DVD Shrink 2008-05-23 19:11 . 2008-05-23 19:11 d-------- C:\Program Files\AVSMedia 2008-05-23 19:10 . 2008-05-23 19:26 d-------- C:\Program Files\Common Files\AVSMedia 2008-05-23 14:58 . 2008-05-23 15:36 d-------- C:\Program Files\DVDFab Platinum 4 2008-05-22 16:47 . 2008-05-22 16:47 d-------- C:\Program Files\Stardock 2008-05-22 16:32 . 2008-05-22 16:33 d-------- C:\Program Files\Unlocker 2008-05-22 16:12 . 2008-04-26 16:14 58,792 --------- C:\Windows\System32\wbload.dll 2008-05-22 16:12 . 2008-04-26 16:14 42,672 --------- C:\Windows\System32\wbsys.dll 2008-05-22 10:34 . 2008-05-22 10:53 d-------- C:\Program Files\Astonsoft 2008-05-22 07:04 . 2008-05-22 07:04 d-------- C:\Program Files\K-Lite Codec Pack 2008-05-21 10:45 . 2008-05-23 20:23 d-------- C:\Temp 2008-05-21 10:42 . 2008-05-21 10:42 d-------- C:\Program Files\Xilisoft 2008-05-21 08:35 . 2008-05-21 08:35 d-------- C:\Program Files\eRightSoft 2008-05-21 08:35 . 2008-05-21 08:35 d-------- C:\Program Files\AviSynth 2.5 2008-05-20 23:02 . 2008-05-20 23:02 d-------- C:\Users\All Users\Ubisoft 2008-05-20 23:02 . 2008-05-20 23:02 d-------- C:\ProgramData\Ubisoft 2008-05-20 23:01 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll 2008-05-20 23:01 . 2008-05-20 23:01 2,337,865 --a------ C:\Windows\System32\pbsvc.exe 2008-05-20 23:01 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll 2008-05-20 23:01 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll 2008-05-20 23:01 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll 2008-05-20 23:01 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll 2008-05-20 23:01 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll 2008-05-20 23:01 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll 2008-05-20 22:51 . 2008-05-20 22:51 d-------- C:\Program Files\Ubisoft 2008-05-20 19:41 . 2008-05-20 19:41 d-------- C:\Windows vidia icons 2008-05-20 19:27 . 2008-05-20 19:27 d-------- C:\Program Files\Marvell 2008-05-20 17:35 . 2008-05-20 17:35 d-------- C:\Windows\PCHEALTH 2008-05-20 17:10 . 2008-05-20 17:11 d-------- C:\Program Files\vLite 2008-05-20 17:10 . 2008-01-19 00:43 131,000 --a------ C:\Windows\System32\drivers\WimFltr.sys 2008-05-20 12:37 . 2008-05-20 12:37 d-------- C:\Program Files\Common Files\Steam 2008-05-20 12:32 . 2008-05-20 21:10 d-------- C:\Program Files\Steam 2008-05-20 12:16 . 2008-05-20 12:26 d-------- C:\Users\All Users\Xfire 2008-05-20 12:16 . 2008-05-20 12:26 d-------- C:\ProgramData\Xfire 2008-05-20 12:16 . 2008-05-20 12:16 d-------- C:\Program Files\Xfire 2008-05-20 11:40 . 2008-05-20 11:41 d-------- C:\Program Files\Project64 1.6 2008-05-20 11:29 . 2008-05-20 11:29 d-------- C:\Users\All Users\FLEXnet 2008-05-20 11:29 . 2008-05-20 11:29 d-------- C:\ProgramData\FLEXnet 2008-05-20 10:49 . 2008-05-20 10:49 d-------- C:\Program Files\Common Files\Control Panels 2008-05-20 10:48 . 2008-05-20 10:48 d-------- C:\Users\All Users\ALM 2008-05-20 10:48 . 2008-05-20 10:48 d-------- C:\ProgramData\ALM 2008-05-20 10:40 . 2008-05-20 10:40 d-------- C:\Program Files\QuickTime 2008-05-20 10:38 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll 2008-05-20 10:36 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll 2008-05-20 10:36 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe 2008-05-20 10:34 . 2008-05-20 11:29 d-------- C:\Users\All Users\Adobe 2008-05-20 10:31 . 2008-05-20 10:31 d-------- C:\Program Files\Bonjour 2008-05-20 10:28 . 2008-05-20 10:28 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-05-20 10:26 . 2008-05-20 10:50 d-------- C:\Program Files\Common Files\Adobe 2008-05-20 09:53 . 2008-05-20 09:53 d-------- C:\Program Files\FileZilla FTP Client 2008-05-19 03:59 . 2008-05-19 04:01 d-------- C:\Program Files Factor 2008-05-19 01:57 . 2008-05-19 01:57 d-------- C:\Program Files\Ventrilo 2008-05-18 09:22 . 2008-05-18 09:22 d-------- C:\Program Files\Cool Beans NFO Creator 2008-05-18 09:21 . 2008-05-18 09:21 d-------- C:\Program Files\MediaInfo 2008-05-18 09:00 . 2008-05-18 09:00 d-------- C:\Program Files\DAMN NFO Viewer 2008-05-17 15:20 . 2008-05-17 15:20 d-------- C:\Program Files\UltraISO 2008-05-17 15:20 . 2008-05-17 15:20 d-------- C:\Program Files\Common Files\EZB Systems 2008-05-17 13:38 . 2008-05-23 15:30 d-------- C:\Users\All Users\vsosdk 2008-05-17 13:38 . 2008-05-23 15:30 d-------- C:\ProgramData\vsosdk 2008-05-17 13:06 . 2008-05-17 13:06 d-------- C:\Program Files\VSO 2008-05-17 13:06 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll 2008-05-17 13:06 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll 2008-05-17 13:06 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll 2008-05-17 13:06 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll 2008-05-17 13:06 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll 2008-05-17 13:06 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll 2008-05-17 13:06 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll 2008-05-17 13:06 . 2008-05-17 13:06 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys 2008-05-17 12:10 . 2008-05-17 12:10 d-------- C:\Users\All Users\Messenger Plus! 2008-05-17 12:10 . 2008-05-17 12:10 d-------- C:\ProgramData\Messenger Plus! 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\Users\All Users\TechSmith 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\ProgramData\TechSmith 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\Program Files\TechSmith 2008-05-17 11:09 . 2008-05-19 01:57 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 10:46 . 2008-05-17 10:46 d-------- C:\Users\All Users\Apple Computer 2008-05-17 10:46 . 2008-05-17 10:46 d-------- C:\ProgramData\Apple Computer 2008-05-17 10:46 . 2008-05-22 17:01 d-------- C:\Program Files\QuickTime Alternative 2008-05-17 10:46 . 2008-03-28 21:07 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-05-17 10:46 . 2008-03-28 21:07 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-05-17 10:09 . 2008-05-17 10:09 d-------- C:\Program Files\Messenger Plus! Live 2008-05-17 09:38 . 2008-05-17 09:38 d-------- C:\Users\All Users\Google 2008-05-17 09:33 . 2008-05-17 09:33 d-------- C:\Program Files\KC Softwares 2008-05-17 09:27 . 2008-05-17 09:27 d-------- C:\Users\All Users\GRETECH 2008-05-17 09:27 . 2008-05-17 09:27 d-------- C:\ProgramData\GRETECH 2008-05-17 09:24 . 2008-05-17 09:24 d-------- C:\Program Files\GRETECH 2008-05-17 09:18 . 2008-05-17 09:18 d-------- C:\Program Files\GlobalSCAPE 2008-05-17 08:32 . 2008-05-17 08:54 d-------- C:\Program Files\uTorrent 2008-05-16 22:39 . 2008-05-16 22:39 d-------- C:\Program Files\CCleaner 2008-05-16 21:00 . 2008-05-16 21:01 d-------- C:\Program Files\RivaTuner v2.07 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\Users\All Users\SonicFocus 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\ProgramData\SonicFocus 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\Program Files\Creative 2008-05-16 20:29 . 2007-02-26 13:57 1,495,040 --------- C:\Windows\System32\adi_oal.dll 2008-05-16 20:29 . 2008-05-16 20:29 409,600 --a------ C:\Windows\System32\wrap_oal.dll 2008-05-16 20:29 . 2008-05-16 20:29 114,688 --a------ C:\Windows\System32\OpenAL32.dll 2008-05-16 20:28 . 2008-05-16 20:29 d-------- C:\Program Files\Analog Devices 2008-05-16 20:25 . 2008-05-16 20:25 d-------- C:\Program Files\TeamSpeak3 2008-05-16 17:48 . 2008-05-16 17:49 d-------- C:\Program Files\OpenOffice.org 2.4 2008-05-16 16:38 . 2008-05-16 16:38 268 --ah----- C:\sqmdata00.sqm 2008-05-16 16:38 . 2008-05-16 16:38 244 --ah----- C:\sqmnoopt00.sqm 2008-05-16 16:33 . 2008-05-16 16:34 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-16 16:32 . 2008-05-16 16:32 d-------- C:\Windows\System32\Macromed 2008-05-16 16:32 . 2008-05-20 17:32 d-------- C:\Users\All Users\WLInstaller 2008-05-16 16:32 . 2008-05-20 17:32 d-------- C:\ProgramData\WLInstaller 2008-05-16 16:32 . 2008-05-20 17:36 d-------- C:\Program Files\Windows Live 2008-05-16 16:30 . 2008-05-16 16:30 d-------- C:\Windows\Sun 2008-05-16 16:29 . 2008-05-16 16:30 d-------- C:\Program Files\Java 2008-05-16 16:29 . 2008-05-16 16:29 d-------- C:\Program Files\Common Files\Java 2008-05-16 14:41 . 2008-05-16 14:41 d-------- C:\PerfLogs 2008-05-16 14:32 . 2008-05-16 14:16 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-05-16 14:32 . 2008-05-16 14:16 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-05-16 14:19 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-05-16 14:19 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32 ecdisc.exe 2008-05-16 14:19 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 18:50 174 --sha-w C:\Program Files\desktop.ini 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Mail 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Journal 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Calendar 2008-05-16 18:43 --------- d-----w C:\Program Files\Windows Defender 2008-05-16 18:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-16 18:36 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-16 16:40 --------- d-----w C:\Program Files\Microsoft Games 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Modèles 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Favoris 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Bureau 2008-05-16 14:10 --------- d-sh--w C:\Program Files\Fichiers communs 2008-04-11 21:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll 2007-12-17 12:43 27,648 --sh--w C:\Windows\System32\Smab0.dll . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-24_12.06.17.69 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-24 16:01:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-05-24 16:01:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-05-24 16:02:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-24 16:03:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-24 16:28:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-24 16:02:25 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-24 16:28:53 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-24 16:28:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-24 16:00:32 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-05-24 16:09:32 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-05-24 16:00:32 123,350 ----a-w C:\Windows\System32\perfc00C.dat + 2008-05-24 16:09:32 123,350 ----a-w C:\Windows\System32\perfc00C.dat - 2008-05-24 16:00:32 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-05-24 16:09:32 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-05-24 16:00:32 669,340 ----a-w C:\Windows\System32\perfh00C.dat + 2008-05-24 16:09:32 669,340 ----a-w C:\Windows\System32\perfh00C.dat - 2008-05-24 15:13:58 5,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin + 2008-05-24 16:04:00 5,868 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin - 2008-05-24 15:13:58 61,124 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-24 16:03:59 61,296 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 14:35 1261568] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704] "d21d4a0a"="C:\Windows\system32\cwwabpms.dll" [2008-05-24 11:00 115200] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/05/2008 12:23:16 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\Windows\system32\ddcDtRLd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.divxa32"= msaud32_divx.acm "VIDC.XFR1"= xfcodec.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2997138340-1022646316-1929679594-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C8CD5254-DEFD-4D1A-970F-6B6FE9D91F54}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{576AAA20-FE94-4823-A8A9-E2324C5813B6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E0F018B3-FFB0-43F6-9117-5ADC38EF8524}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{65FC2579-C8C9-48C4-BDEE-1367955D5D83}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F64DB2C3-342B-4590-BB39-092CD71AF1FF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{0619A9E4-D784-4745-8264-D1AED4DEC2AD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{7384CA2C-75D3-471B-9977-B49C856FE84D}C:\program files\hlsw\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application "UDP Query User{ED773FE5-48A5-4208-9E33-FFD636230A84}C:\program files\hlsw\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application "{30DBA507-68D8-4E19-B483-D297240E962C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{D6CDC10E-C931-4D89-B8E6-A8F278852FDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{6BC89D51-1E47-49EB-99F5-9DD2BBEAD9F9}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe"= UDP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine "UDP Query User{7E776437-2262-43FB-8184-3713DD0A2FE0}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe"= TCP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine "{42FBC8DF-826A-481B-8F9E-63BF06E4ECF8}"= UDP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe "{94D51C92-BB8F-49BF-861B-F65BF7976987}"= TCP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe "TCP Query User{8E5581EF-3E1C-4F79-9920-314FC480D9FB}C:\program files\rfactor\rfactor.exe"= UDP:C:\program files factor factor.exe:rFactor "UDP Query User{D2540E1F-EC10-4E93-92AF-8E8D1F1222A1}C:\program files\rfactor\rfactor.exe"= TCP:C:\program files factor factor.exe:rFactor "{59CB7524-6317-4B3C-B7FA-F3229F776EC2}"= UDP:3703:Adobe Version Cue CS3 Server "{A68218A4-8097-4826-8FBC-9D9A3F59ECA5}"= UDP:3704:Adobe Version Cue CS3 Server "{EFC767DE-0A8E-45CF-B30C-D1A6E32D4E36}"= UDP:50900:Adobe Version Cue CS3 Server "{BB37AD3F-152F-4D29-9141-DCF103A2829A}"= UDP:50901:Adobe Version Cue CS3 Server "{0EC44F04-BAD6-4FA8-B8C9-618D7178B509}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{299E6CA6-2C60-49FD-B1E7-CBA114C92F3D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{38731B1B-7875-47ED-AFF4-9EE84DA16DC6}C:\program files\xfire\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{9E2F476B-0144-4552-A774-8C75F1B5BE99}C:\program files\xfire\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{58233186-4C51-4141-B305-3E4D1EAFF84A}C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2 "UDP Query User{0782E032-9BB1-4C91-A910-18DAB8306499}C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2 "{FE031A15-AEA0-4D34-AFEA-C05BE0FC89DC}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone) "{C4A642A0-D16F-4946-A236-40762F9424CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{8857FBB6-8E02-496C-82D4-A86F7F96B869}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{09EBD0D5-7CB7-4E00-91E0-0EE1DC4CD32E}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{A7ACFF30-6AA4-4505-ACDA-735144BCCA2B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{806DF4FF-2E8C-49AD-AED7-FB4988FA00F3}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "TCP Query User{18BD902E-F7F5-4A67-B0D4-EA65F9D1E821}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DFD2BBD2-F3B8-42DF-8F8F-8149A9B8DEFF}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{943AB690-82C9-40EA-8D3C-B940E0EBAFC3}F:\liberkey\apps\hfs\hfs.exe"= UDP:F:\liberkey\apps\hfs\hfs.exe:hfs "UDP Query User{42EBFF02-E7C2-42D4-9D95-B970C7718828}F:\liberkey\apps\hfs\hfs.exe"= TCP:F:\liberkey\apps\hfs\hfs.exe:hfs R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [2007-06-15 03:52] R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 07:41] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-20 12:37] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 12:30:40 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-24 12:31:20 ComboFix-quarantined-files.txt 2008-05-24 16:31:17 ComboFix2.txt 2008-05-24 16:07:22 Pre-Run: 193,286,012,928 octets libres Post-Run: 193,253,298,176 octets libres 290 --- E O F --- 2008-05-23 12:24:40 ------------------------------------------------------------------------------------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:28 PM, on 5/24/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32 askeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Windows\System32 undll32.exe C:\Windows\System32 undll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\JockeR\Desktop\Sanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [d21d4a0a] rundll32.exe "C:\Windows\system32\cwwabpms.dll",b O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32 SvcAppFlt.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32 SvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32 vvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

ludsfa · Answer

pas mal  
on continue


Télécharge MalwareByte's Anti-Malware sur ton Bureau:

https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
 

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec :

http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

    *  Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
    * Afin de lancer la recherche, clic sur"Rechercher".
    * Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi : 

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
 
AIDE : Tuto en images sur MBAM:

http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

Serial - Killer · Answer

DSL du retard j'avais des course a faire lolll 

Voici le log  

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 783

Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 264109
Temps écoulé: 34 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d21d4a0a (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\cwwabpms.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\smpbawwc.ini (Trojan.Vundo) -> No action taken.

------------------------------------------------------------------------------------------------------------------------------------------------------------------

ludsfa · Answer

salut il me faut le deuxième rapport


si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

Serial - Killer · Answer

DSL lolll

le voici 

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 783

Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 264109
Temps écoulé: 34 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d21d4a0a (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\cwwabpms.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\smpbawwc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

Serial - Killer · Answer

dsl jpense que je me suis tromper lol je recommence lolll

Serial - Killer · Answer

je ces pas ci ces bon mes je pense que je les mi en quarantaine mes la je vien de les duprimer au complet lolll

et sur lexam du lecteur D: ya rien donc je les pas mi pour aller plus vite lollllll

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 783

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 266449
Temps écoulé: 47 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Serial - Killer · Answer

et voici un autre log apres avoir fais tout ca !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:26 PM, on 5/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\JockeR\Desktop\Sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcAppFlt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

ludsfa · Answer

salut,


désactive ton antivirus et repasse le script ci-dessous:



file::
C:\Windows\WB.ini
C:\Windows\avisplitter.INI
C:\Windows\system32\ddcDtRLd.dll


registry:: 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"=-



ensuite envois moi le rapport.

Serial - Killer · Answer

Re salut voici le rapport ComboFix 08-05-21.3 - JockeR 2008-05-25 10:30:14.3 - NTFSx86 Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.2.1036.18.1090 [GMT -4:00] Endroit: C:\Users\JockeR\Desktop\ComboFix.exe Command switches used :: C:\Users\JockeR\Desktop\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\Windows\avisplitter.INI C:\Windows\system32\ddcDtRLd.dll C:\Windows\WB.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))))))) . 2008-05-25 09:47 . 2008-05-25 09:47 d-------- C:\Users\All Users\PC Drivers HeadQuarters 2008-05-25 09:47 . 2008-05-25 09:47 d-------- C:\ProgramData\PC Drivers HeadQuarters 2008-05-25 09:47 . 2008-05-25 09:47 d-------- C:\Program Files\PC Drivers HeadQuarters 2008-05-24 17:17 . 2008-05-24 17:17 29 --a------ C:\Windows\.wb4 2008-05-24 17:02 . 2008-05-24 17:02 2,560 --a------ C:\Windows\_MSRSTRT.EXE 2008-05-24 12:48 . 2008-05-24 12:48 d-------- C:\Users\All Users\Malwarebytes 2008-05-24 12:48 . 2008-05-24 12:48 d-------- C:\ProgramData\Malwarebytes 2008-05-24 12:48 . 2008-05-24 12:48 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-24 12:48 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-05-24 12:48 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-05-24 10:57 . 2008-05-24 11:13 d-------- C:\MSNFix 2008-05-24 08:47 . 2008-05-24 08:47 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-24 08:47 . 2008-05-24 08:47 1,409 --a------ C:\Windows\QTFont.for 2008-05-23 22:54 . 2008-05-23 22:54 d-------- C:\Program Files\MagicDVDRipper 2008-05-23 20:23 . 2008-05-23 21:10 d-------- C:\Temp\E-- 2008-05-23 19:33 . 2008-05-23 19:35 d-------- C:\Users\All Users\DVD Shrink 2008-05-23 19:33 . 2008-05-23 19:35 d-------- C:\ProgramData\DVD Shrink 2008-05-23 19:11 . 2008-05-23 19:11 d-------- C:\Program Files\AVSMedia 2008-05-23 19:10 . 2008-05-23 19:26 d-------- C:\Program Files\Common Files\AVSMedia 2008-05-23 14:58 . 2008-05-23 15:36 d-------- C:\Program Files\DVDFab Platinum 4 2008-05-22 16:47 . 2008-05-22 16:47 d-------- C:\Program Files\Stardock 2008-05-22 16:32 . 2008-05-22 16:33 d-------- C:\Program Files\Unlocker 2008-05-22 16:12 . 2008-04-26 16:14 58,792 --------- C:\Windows\System32\wbload.dll 2008-05-22 16:12 . 2008-04-26 16:14 42,672 --------- C:\Windows\System32\wbsys.dll 2008-05-22 10:34 . 2008-05-22 10:53 d-------- C:\Program Files\Astonsoft 2008-05-22 07:04 . 2008-05-22 07:04 d-------- C:\Program Files\K-Lite Codec Pack 2008-05-21 10:45 . 2008-05-23 20:23 d-------- C:\Temp 2008-05-21 10:42 . 2008-05-21 10:42 d-------- C:\Program Files\Xilisoft 2008-05-21 08:35 . 2008-05-21 08:35 d-------- C:\Program Files\eRightSoft 2008-05-21 08:35 . 2008-05-21 08:35 d-------- C:\Program Files\AviSynth 2.5 2008-05-20 23:02 . 2008-05-20 23:02 d-------- C:\Users\All Users\Ubisoft 2008-05-20 23:02 . 2008-05-20 23:02 d-------- C:\ProgramData\Ubisoft 2008-05-20 23:01 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll 2008-05-20 23:01 . 2008-05-20 23:01 2,337,865 --a------ C:\Windows\System32\pbsvc.exe 2008-05-20 23:01 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll 2008-05-20 23:01 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll 2008-05-20 23:01 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll 2008-05-20 23:01 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll 2008-05-20 23:01 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll 2008-05-20 23:01 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll 2008-05-20 23:01 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll 2008-05-20 22:51 . 2008-05-20 22:51 d-------- C:\Program Files\Ubisoft 2008-05-20 19:41 . 2008-05-20 19:41 d-------- C:\Windows\nvidia icons 2008-05-20 19:27 . 2008-05-20 19:27 d-------- C:\Program Files\Marvell 2008-05-20 17:35 . 2008-05-20 17:35 d-------- C:\Windows\PCHEALTH 2008-05-20 17:10 . 2008-05-24 20:51 d-------- C:\Program Files\vLite 2008-05-20 17:10 . 2008-01-19 00:43 131,000 --a------ C:\Windows\System32\drivers\WimFltr.sys 2008-05-20 12:37 . 2008-05-20 12:37 d-------- C:\Program Files\Common Files\Steam 2008-05-20 12:32 . 2008-05-20 21:10 d-------- C:\Program Files\Steam 2008-05-20 12:16 . 2008-05-20 12:26 d-------- C:\Users\All Users\Xfire 2008-05-20 12:16 . 2008-05-20 12:26 d-------- C:\ProgramData\Xfire 2008-05-20 12:16 . 2008-05-20 12:16 d-------- C:\Program Files\Xfire 2008-05-20 11:40 . 2008-05-20 11:41 d-------- C:\Program Files\Project64 1.6 2008-05-20 11:29 . 2008-05-20 11:29 d-------- C:\Users\All Users\FLEXnet 2008-05-20 11:29 . 2008-05-20 11:29 d-------- C:\ProgramData\FLEXnet 2008-05-20 10:49 . 2008-05-20 10:49 d-------- C:\Program Files\Common Files\Control Panels 2008-05-20 10:48 . 2008-05-20 10:48 d-------- C:\Users\All Users\ALM 2008-05-20 10:48 . 2008-05-20 10:48 d-------- C:\ProgramData\ALM 2008-05-20 10:40 . 2008-05-20 10:40 d-------- C:\Program Files\QuickTime 2008-05-20 10:38 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll 2008-05-20 10:36 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll 2008-05-20 10:36 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe 2008-05-20 10:34 . 2008-05-20 11:29 d-------- C:\Users\All Users\Adobe 2008-05-20 10:31 . 2008-05-20 10:31 d-------- C:\Program Files\Bonjour 2008-05-20 10:28 . 2008-05-20 10:28 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-05-20 10:26 . 2008-05-20 10:50 d-------- C:\Program Files\Common Files\Adobe 2008-05-20 09:53 . 2008-05-20 09:53 d-------- C:\Program Files\FileZilla FTP Client 2008-05-19 03:59 . 2008-05-19 04:01 d-------- C:\Program Files\rFactor 2008-05-19 01:57 . 2008-05-19 01:57 d-------- C:\Program Files\Ventrilo 2008-05-18 09:22 . 2008-05-18 09:22 d-------- C:\Program Files\Cool Beans NFO Creator 2008-05-18 09:21 . 2008-05-18 09:21 d-------- C:\Program Files\MediaInfo 2008-05-18 09:00 . 2008-05-18 09:00 d-------- C:\Program Files\DAMN NFO Viewer 2008-05-17 15:20 . 2008-05-17 15:20 d-------- C:\Program Files\UltraISO 2008-05-17 15:20 . 2008-05-17 15:20 d-------- C:\Program Files\Common Files\EZB Systems 2008-05-17 13:38 . 2008-05-23 15:30 d-------- C:\Users\All Users\vsosdk 2008-05-17 13:38 . 2008-05-23 15:30 d-------- C:\ProgramData\vsosdk 2008-05-17 13:06 . 2008-05-17 13:06 d-------- C:\Program Files\VSO 2008-05-17 13:06 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll 2008-05-17 13:06 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll 2008-05-17 13:06 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll 2008-05-17 13:06 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll 2008-05-17 13:06 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll 2008-05-17 13:06 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll 2008-05-17 13:06 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll 2008-05-17 13:06 . 2008-05-17 13:06 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys 2008-05-17 12:10 . 2008-05-17 12:10 d-------- C:\Users\All Users\Messenger Plus! 2008-05-17 12:10 . 2008-05-17 12:10 d-------- C:\ProgramData\Messenger Plus! 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\Users\All Users\TechSmith 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\ProgramData\TechSmith 2008-05-17 11:10 . 2008-05-17 11:10 d-------- C:\Program Files\TechSmith 2008-05-17 11:09 . 2008-05-19 01:57 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 10:46 . 2008-05-17 10:46 d-------- C:\Users\All Users\Apple Computer 2008-05-17 10:46 . 2008-05-17 10:46 d-------- C:\ProgramData\Apple Computer 2008-05-17 10:46 . 2008-05-22 17:01 d-------- C:\Program Files\QuickTime Alternative 2008-05-17 10:46 . 2008-03-28 21:07 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-05-17 10:46 . 2008-03-28 21:07 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-05-17 10:09 . 2008-05-17 10:09 d-------- C:\Program Files\Messenger Plus! Live 2008-05-17 09:38 . 2008-05-17 09:38 d-------- C:\Users\All Users\Google 2008-05-17 09:33 . 2008-05-17 09:33 d-------- C:\Program Files\KC Softwares 2008-05-17 09:27 . 2008-05-17 09:27 d-------- C:\Users\All Users\GRETECH 2008-05-17 09:27 . 2008-05-17 09:27 d-------- C:\ProgramData\GRETECH 2008-05-17 09:24 . 2008-05-17 09:24 d-------- C:\Program Files\GRETECH 2008-05-17 09:18 . 2008-05-17 09:18 d-------- C:\Program Files\GlobalSCAPE 2008-05-17 08:32 . 2008-05-17 08:54 d-------- C:\Program Files\uTorrent 2008-05-16 22:39 . 2008-05-16 22:39 d-------- C:\Program Files\CCleaner 2008-05-16 21:00 . 2008-05-16 21:01 d-------- C:\Program Files\RivaTuner v2.07 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\Users\All Users\SonicFocus 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\ProgramData\SonicFocus 2008-05-16 20:29 . 2008-05-16 20:29 d-------- C:\Program Files\Creative 2008-05-16 20:29 . 2007-02-26 13:57 1,495,040 --------- C:\Windows\System32\adi_oal.dll 2008-05-16 20:29 . 2008-05-16 20:29 409,600 --a------ C:\Windows\System32\wrap_oal.dll 2008-05-16 20:29 . 2008-05-16 20:29 114,688 --a------ C:\Windows\System32\OpenAL32.dll 2008-05-16 20:28 . 2008-05-16 20:29 d-------- C:\Program Files\Analog Devices 2008-05-16 20:25 . 2008-05-16 20:25 d-------- C:\Program Files\TeamSpeak3 2008-05-16 17:48 . 2008-05-16 17:49 d-------- C:\Program Files\OpenOffice.org 2.4 2008-05-16 16:38 . 2008-05-16 16:38 268 --ah----- C:\sqmdata00.sqm 2008-05-16 16:38 . 2008-05-16 16:38 244 --ah----- C:\sqmnoopt00.sqm 2008-05-16 16:33 . 2008-05-16 16:34 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-16 16:32 . 2008-05-16 16:32 d-------- C:\Windows\System32\Macromed 2008-05-16 16:32 . 2008-05-20 17:32 d-------- C:\Users\All Users\WLInstaller 2008-05-16 16:32 . 2008-05-20 17:32 d-------- C:\ProgramData\WLInstaller 2008-05-16 16:32 . 2008-05-20 17:36 d-------- C:\Program Files\Windows Live 2008-05-16 16:30 . 2008-05-16 16:30 d-------- C:\Windows\Sun . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 18:50 174 --sha-w C:\Program Files\desktop.ini 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Mail 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Journal 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Calendar 2008-05-16 18:43 --------- d-----w C:\Program Files\Windows Defender 2008-05-16 18:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-16 18:36 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-16 16:40 --------- d-----w C:\Program Files\Microsoft Games 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Modèles 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Favoris 2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Bureau 2008-05-16 14:10 --------- d-sh--w C:\Program Files\Fichiers communs 2008-04-11 21:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll 2007-12-17 12:43 27,648 --sh--w C:\Windows\System32\Smab0.dll . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-24_12.06.17.69 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-24 21:02:25 2,560 ----a-w C:\Windows\_MSRSTRT.EXE + 2008-05-25 13:48:36 225,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\5a545089c69330bf87b2c2502d637aa1\DriversHQ.DriverDetective.Client.Communication.ni.dll + 2008-05-25 13:48:40 57,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\93878911394786488281c5ba999499fd\DriversHQ.DriverDetective.ExceptionLogging.ni.dll + 2008-05-25 13:48:35 2,236,416 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\ac70b2a9cdfcf8bbb2ad98c797bab325\DriversHQ.DriverDetective.Client.ni.exe + 2008-05-25 13:48:38 184,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\ebb9fbcf5a053033cab508a83b2d27c0\DriversHQ.DriverDetective.Common.ni.dll + 2008-05-25 13:48:41 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\9429624cf02a941f7137d7ece314f8c4\Microsoft.ApplicationBlocks.Updater.ni.dll + 2008-05-25 13:48:42 368,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\[u]0/ud45e0c9a16d441ae499bad5f4e40029\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll + 2008-05-25 13:48:44 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\3ffc8085c9c723c4382990540b3fbce5\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll + 2008-05-25 13:48:42 356,352 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\9a1366f21e0c7b2a03ee60421e923686\Microsoft.Practices.ObjectBuilder.ni.dll + 2008-05-25 13:48:45 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\3393663113829afc15a43db90e749c5b\XPBurnComponent.ni.dll - 2008-05-24 16:01:50 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-25 13:18:39 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-25 13:47:55 26,694 ----a-r C:\Windows\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\ARPPRODUCTICON.exe + 2008-05-25 13:47:55 69,632 ----a-r C:\Windows\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.DriverDe_212B77217E284373BD0AA155B0932A89.exe + 2008-05-25 13:47:55 69,632 ----a-r C:\Windows\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.DriverDe_212B77217E284373BD0AA155B0932A89_1.exe + 2008-05-25 13:18:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-05-25 13:18:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-05-24 16:02:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-25 13:20:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-25 13:20:07 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-05-24 16:02:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-25 13:20:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-25 13:20:02 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-25 02:25:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-24 16:02:25 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-25 02:25:04 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-25 02:25:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-24 03:15:22 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys + 2008-05-25 01:08:50 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys - 2008-05-24 16:00:32 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-05-25 13:26:05 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-05-24 16:00:32 123,350 ----a-w C:\Windows\System32\perfc00C.dat + 2008-05-25 13:26:05 123,350 ----a-w C:\Windows\System32\perfc00C.dat - 2008-05-24 16:00:32 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-05-25 13:26:05 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-05-24 16:00:32 669,340 ----a-w C:\Windows\System32\perfh00C.dat + 2008-05-25 13:26:05 669,340 ----a-w C:\Windows\System32\perfh00C.dat - 2008-05-24 03:15:15 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe + 2008-05-25 01:08:43 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe - 2008-05-24 15:13:58 5,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin + 2008-05-25 13:20:43 5,964 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin - 2008-05-24 15:13:58 61,124 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-25 13:20:43 61,368 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-05-24 15:13:57 29,626 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-05-25 13:20:43 30,704 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-05-24 21:18:33 66,774 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 14:35 1261568] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/05/2008 12:23:16 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-05-24 17:06 197912 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.divxa32"= msaud32_divx.acm "VIDC.XFR1"= xfcodec.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2997138340-1022646316-1929679594-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C8CD5254-DEFD-4D1A-970F-6B6FE9D91F54}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{576AAA20-FE94-4823-A8A9-E2324C5813B6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{E0F018B3-FFB0-43F6-9117-5ADC38EF8524}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{65FC2579-C8C9-48C4-BDEE-1367955D5D83}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F64DB2C3-342B-4590-BB39-092CD71AF1FF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{0619A9E4-D784-4745-8264-D1AED4DEC2AD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{7384CA2C-75D3-471B-9977-B49C856FE84D}C:\program files\hlsw\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application "UDP Query User{ED773FE5-48A5-4208-9E33-FFD636230A84}C:\program files\hlsw\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application "{30DBA507-68D8-4E19-B483-D297240E962C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{D6CDC10E-C931-4D89-B8E6-A8F278852FDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{6BC89D51-1E47-49EB-99F5-9DD2BBEAD9F9}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe"= UDP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine "UDP Query User{7E776437-2262-43FB-8184-3713DD0A2FE0}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe"= TCP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine "{42FBC8DF-826A-481B-8F9E-63BF06E4ECF8}"= UDP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe "{94D51C92-BB8F-49BF-861B-F65BF7976987}"= TCP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe "TCP Query User{8E5581EF-3E1C-4F79-9920-314FC480D9FB}C:\program files\rfactor\rfactor.exe"= UDP:C:\program files\rfactor\rfactor.exe:rFactor "UDP Query User{D2540E1F-EC10-4E93-92AF-8E8D1F1222A1}C:\program files\rfactor\rfactor.exe"= TCP:C:\program files\rfactor\rfactor.exe:rFactor "{59CB7524-6317-4B3C-B7FA-F3229F776EC2}"= UDP:3703:Adobe Version Cue CS3 Server "{A68218A4-8097-4826-8FBC-9D9A3F59ECA5}"= UDP:3704:Adobe Version Cue CS3 Server "{EFC767DE-0A8E-45CF-B30C-D1A6E32D4E36}"= UDP:50900:Adobe Version Cue CS3 Server "{BB37AD3F-152F-4D29-9141-DCF103A2829A}"= UDP:50901:Adobe Version Cue CS3 Server "{0EC44F04-BAD6-4FA8-B8C9-618D7178B509}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{299E6CA6-2C60-49FD-B1E7-CBA114C92F3D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{38731B1B-7875-47ED-AFF4-9EE84DA16DC6}C:\program files\xfire\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{9E2F476B-0144-4552-A774-8C75F1B5BE99}C:\program files\xfire\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{58233186-4C51-4141-B305-3E4D1EAFF84A}C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2 "UDP Query User{0782E032-9BB1-4C91-A910-18DAB8306499}C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2 "{FE031A15-AEA0-4D34-AFEA-C05BE0FC89DC}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone) "{C4A642A0-D16F-4946-A236-40762F9424CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{8857FBB6-8E02-496C-82D4-A86F7F96B869}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{09EBD0D5-7CB7-4E00-91E0-0EE1DC4CD32E}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{A7ACFF30-6AA4-4505-ACDA-735144BCCA2B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{806DF4FF-2E8C-49AD-AED7-FB4988FA00F3}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "TCP Query User{18BD902E-F7F5-4A67-B0D4-EA65F9D1E821}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DFD2BBD2-F3B8-42DF-8F8F-8149A9B8DEFF}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{943AB690-82C9-40EA-8D3C-B940E0EBAFC3}F:\liberkey\apps\hfs\hfs.exe"= UDP:F:\liberkey\apps\hfs\hfs.exe:hfs "UDP Query User{42EBFF02-E7C2-42D4-9D95-B970C7718828}F:\liberkey\apps\hfs\hfs.exe"= TCP:F:\liberkey\apps\hfs\hfs.exe:hfs R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [2007-06-15 03:52] R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 07:41] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-20 12:37] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{688b46e3-2350-11dd-882c-806e6f6e6963}] \shell\AutoRun\command - E:\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 10:33:44 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-25 10:35:03 ComboFix-quarantined-files.txt 2008-05-25 14:34:50 ComboFix2.txt 2008-05-24 16:31:20 ComboFix3.txt 2008-05-24 16:07:22 Pre-Run: 185,565,016,064 octets libres Post-Run: 185,534,464,000 octets libres 315 --- E O F --- 2008-05-23 12:24:40

Serial - Killer · Answer

En pasant j'ai besoin de conseille pour un firewall qui est bon sous vista "compatible "

svp lolll

ludsfa · Answer

on continue,


désactive ton anti virus


Télécharge Lop S&D.exe sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    *  Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt) 

                       
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Serial - Killer · Answer

Re , rapport -----------------------[ Lop S&D 4.2.0-9 XP/Vista ]--------------------- [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ] [ USER : JockeR ] [ "C:\Lop SD" ] [ Selection : 1 ] [ Sun 05/25/2008 | 11:29:18.51 ] [ PC : PC-DE-JOCKER ] [ MAJ : 16-05-2008 | 23:35 ] [ UAC => 0 ] -------------[ Listing des dossiers dans Application Data ]------------ [05/24/2008|05:19] C:\Users\JockeR\AppData\Roaming\Adobe\ Workflow [05/23/2008|11:04] C:\Users\JockeR\AppData\Roaming\Adobe\ Fireworks CS3 [05/22/2008|01:38] C:\Users\JockeR\AppData\Roaming\Adobe\ Common [05/22/2008|01:38] C:\Users\JockeR\AppData\Roaming\Adobe\ Dreamweaver 9 [05/22/2008|01:23] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe Photoshop CS3 [05/20/2008|04:02] C:\Users\JockeR\AppData\Roaming\Adobe\ PatcherLogs [05/20/2008|12:01] C:\Users\JockeR\AppData\Roaming\Adobe\ Acrobat [05/20/2008|12:01] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe PDF [05/20/2008|11:29] C:\Users\JockeR\AppData\Roaming\Adobe\ Color [05/20/2008|10:48] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe Illustrator CS3 Settings [05/20/2008|10:48] C:\Users\JockeR\AppData\Roaming\Adobe\ After Effects [05/20/2008|10:47] C:\Users\JockeR\AppData\Roaming\Adobe\ PremierePro [05/20/2008|10:47] C:\Users\JockeR\AppData\Roaming\Adobe\ Premiere Pro [05/20/2008|10:45] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe DVD [05/20/2008|10:45] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe Encore [05/20/2008|10:44] C:\Users\JockeR\AppData\Roaming\Adobe\ Soundbooth [05/20/2008|10:28] C:\Users\JockeR\AppData\Roaming\Adobe\ Updater5 [05/16/2008|06:42] C:\Users\JockeR\AppData\Roaming\Adobe\ Flash Player [05/23/2008|08:22] C:\Users\JockeR\AppData\Roaming\dvdcss\ 20080523_201421#2008052320144500 [05/23/2008|07:02] C:\Users\JockeR\AppData\Roaming\dvdcss\ DIRTY_DANCING_ULTIMATE_DISC1#2007032811371075 [05/22/2008|09:53] C:\Users\JockeR\AppData\Roaming\dvdcss\ IMMORTEL#2006102307190000 [05/21/2008|10:43] C:\Users\JockeR\AppData\Roaming\dvdcss\ NDG_DISQUE1#2003040623370800 [05/17/2008|09:19] C:\Users\JockeR\AppData\Roaming\GlobalSCAPE\ CuteFTP Pro [05/24/2008|10:34] C:\Users\JockeR\AppData\Roaming\GRETECH\ GomPlayer [05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Identities\ {10812328-81D7-48C5-B1E7-238C4831CF3F} [05/16/2008|10:25] C:\Users\JockeR\AppData\Roaming\InstallShield\ ISEngine12.0 [05/16/2008|12:56] C:\Users\JockeR\AppData\Roaming\Logitech\ SetPoint [05/16/2008|10:40] C:\Users\JockeR\AppData\Roaming\Macromedia\ Flash Player [05/24/2008|12:49] C:\Users\JockeR\AppData\Roaming\Malwarebytes\ Malwarebytes' Anti-Malware [05/25/2008|09:59] C:\Users\JockeR\AppData\Roaming\Microsoft\ CLR Security Config [05/23/2008|11:01] C:\Users\JockeR\AppData\Roaming\Microsoft\ Installer [05/20/2008|07:26] C:\Users\JockeR\AppData\Roaming\Microsoft\ MMC [05/20/2008|12:28] C:\Users\JockeR\AppData\Roaming\Microsoft\ MSN Messenger [05/16/2008|09:01] C:\Users\JockeR\AppData\Roaming\Microsoft\ HTML Help [05/16/2008|04:35] C:\Users\JockeR\AppData\Roaming\Microsoft\ IdentityCRL [05/16/2008|12:49] C:\Users\JockeR\AppData\Roaming\Microsoft\ Internet Explorer [05/16/2008|11:48] C:\Users\JockeR\AppData\Roaming\Microsoft\ Protect [05/16/2008|10:41] C:\Users\JockeR\AppData\Roaming\Microsoft\ Windows [05/16/2008|10:25] C:\Users\JockeR\AppData\Roaming\Microsoft\ Crypto [05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Microsoft\ SystemCertificates [05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Microsoft\ Credentials [05/16/2008|11:48] C:\Users\JockeR\AppData\Roaming\Mozilla\ Firefox [05/23/2008|09:34] C:\Users\JockeR\AppData\Roaming\OpenOffice.org2\ user [05/23/2008|07:31] C:\Users\JockeR\AppData\Roaming\Pegasys Inc\ TMPGEnc4XP [05/16/2008|10:43] C:\Users\JockeR\AppData\Roaming\Talkback\ MozillaOrg [05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\ recordings [05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\ wav [05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\ icons [05/19/2008|01:58] C:\Users\JockeR\AppData\Roaming\Ventrilo\ usereditorprofiles [05/20/2008|12:22] C:\Users\JockeR\AppData\Roaming\Xfire\ chatlog ----------------[ Tâches planifiées dans C:\Windows asks ]--------------- [05/25/2008 10:38 AM][--ah-----] C:\Windows asks\SA.DAT [05/25/2008 10:36 AM][--a------] C:\Windows asks\SCHEDLGU.TXT ------[ Listing des dossiers dans C:\ProgramData ]------ [05/20/2008|11:29] C:\ProgramData\ Adobe [05/20/2008|10:48] C:\ProgramData\ ALM [05/17/2008|10:46] C:\ProgramData\ Apple Computer [11/02/2006|09:00] C:\ProgramData\ Application Data [05/16/2008|10:46] C:\ProgramData\ Avira [05/16/2008|10:10] C:\ProgramData\ Bureau [11/02/2006|09:00] C:\ProgramData\ Desktop [11/02/2006|09:00] C:\ProgramData\ Documents [05/23/2008|07:35] C:\ProgramData\ DVD Shrink [05/16/2008|10:10] C:\ProgramData\ Favoris [11/02/2006|09:00] C:\ProgramData\ Favorites [05/20/2008|11:29] C:\ProgramData\ FLEXnet [05/17/2008|09:38] C:\ProgramData\ Google [05/17/2008|09:27] C:\ProgramData\ GRETECH [05/16/2008|12:25] C:\ProgramData\ LogiShrd [05/16/2008|12:25] C:\ProgramData\ Logitech [05/24/2008|12:48] C:\ProgramData\ Malwarebytes [05/16/2008|10:10] C:\ProgramData\ Menu D‚marrer [05/17/2008|12:10] C:\ProgramData\ Messenger Plus! [05/16/2008|09:01] C:\ProgramData\ Microsoft [05/16/2008|10:10] C:\ProgramData\ ModŠles [05/20/2008|07:43] C:\ProgramData\ NVIDIA [05/25/2008|09:47] C:\ProgramData\ PC Drivers HeadQuarters [05/16/2008|08:29] C:\ProgramData\ SonicFocus [11/02/2006|09:00] C:\ProgramData\ Start Menu [05/17/2008|11:10] C:\ProgramData\ TechSmith [11/02/2006|09:00] C:\ProgramData\ Templates [05/20/2008|11:02] C:\ProgramData\ Ubisoft [05/23/2008|03:30] C:\ProgramData\ vsosdk [05/20/2008|05:32] C:\ProgramData\ WLInstaller [05/20/2008|12:26] C:\ProgramData\ Xfire ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [05/16/2008|01:12] C:\Program Files\ Activision [05/20/2008|10:50] C:\Program Files\ Adobe [05/16/2008|08:29] C:\Program Files\ Analog Devices [05/16/2008|10:41] C:\Program Files\ Anti-Leech [05/22/2008|10:53] C:\Program Files\ Astonsoft [05/16/2008|10:46] C:\Program Files\ Avira [05/21/2008|08:35] C:\Program Files\ AviSynth 2.5 [05/23/2008|07:11] C:\Program Files\ AVSMedia [05/16/2008|12:40] C:\Program Files\ BitLocker [05/20/2008|10:31] C:\Program Files\ Bonjour [05/16/2008|10:39] C:\Program Files\ CCleaner [05/23/2008|07:10] C:\Program Files\ Common Files [05/18/2008|09:22] C:\Program Files\ Cool Beans NFO Creator [05/16/2008|08:29] C:\Program Files\ Creative [05/18/2008|09:00] C:\Program Files\ DAMN NFO Viewer [05/16/2008|02:50] C:\Program Files\174 desktop.ini [05/23/2008|03:36] C:\Program Files\ DVDFab Platinum 4 [05/21/2008|08:35] C:\Program Files\ eRightSoft [05/16/2008|10:10] C:\Program Files\ Fichiers communs [C:\Program Files\Common Files] [05/20/2008|09:53] C:\Program Files\ FileZilla FTP Client [05/17/2008|09:18] C:\Program Files\ GlobalSCAPE [05/17/2008|09:24] C:\Program Files\ GRETECH [05/16/2008|01:54] C:\Program Files\ HLSW [05/25/2008|09:49] C:\Program Files\ InstallShield Installation Information [05/16/2008|02:44] C:\Program Files\ Internet Explorer [05/16/2008|04:30] C:\Program Files\ Java [05/17/2008|09:33] C:\Program Files\ KC Softwares [05/22/2008|07:04] C:\Program Files\ K-Lite Codec Pack [05/16/2008|12:25] C:\Program Files\ Logitech [05/23/2008|10:54] C:\Program Files\ MagicDVDRipper [05/24/2008|12:48] C:\Program Files\ Malwarebytes' Anti-Malware [05/20/2008|07:27] C:\Program Files\ Marvell [05/18/2008|09:21] C:\Program Files\ MediaInfo [05/17/2008|10:09] C:\Program Files\ Messenger Plus! Live [05/16/2008|12:40] C:\Program Files\ Microsoft Games [05/20/2008|08:49] C:\Program Files\ Microsoft Silverlight [05/16/2008|02:44] C:\Program Files\ Movie Maker [05/16/2008|02:29] C:\Program Files\ Mozilla Firefox [11/02/2006|08:35] C:\Program Files\ MSBuild [05/25/2008|11:03] C:\Program Files\ NeoTrace Express [05/16/2008|10:27] C:\Program Files\ NVIDIA Corporation [05/16/2008|05:49] C:\Program Files\ OpenOffice.org 2.4 [05/25/2008|09:47] C:\Program Files\ PC Drivers HeadQuarters [05/20/2008|11:41] C:\Program Files\ Project64 1.6 [05/20/2008|10:40] C:\Program Files\ QuickTime [05/22/2008|05:01] C:\Program Files\ QuickTime Alternative [11/02/2006|08:35] C:\Program Files\ Reference Assemblies [05/19/2008|04:01] C:\Program Files\ rFactor [05/16/2008|09:01] C:\Program Files\ RivaTuner v2.07 [05/22/2008|04:47] C:\Program Files\ Stardock [05/20/2008|09:10] C:\Program Files\ Steam [05/16/2008|08:25] C:\Program Files\ TeamSpeak3 [05/17/2008|11:10] C:\Program Files\ TechSmith [05/20/2008|10:51] C:\Program Files\ Ubisoft [05/17/2008|03:20] C:\Program Files\ UltraISO [11/02/2006|09:00] C:\Program Files\ Uninstall Information [05/22/2008|04:33] C:\Program Files\ Unlocker [05/17/2008|08:54] C:\Program Files\ uTorrent [05/19/2008|01:57] C:\Program Files\ Ventrilo [05/25/2008|10:36] C:\Program Files\ vLite [05/17/2008|01:06] C:\Program Files\ VSO [05/16/2008|02:44] C:\Program Files\ Windows Calendar [05/16/2008|02:44] C:\Program Files\ Windows Collaboration [05/16/2008|02:43] C:\Program Files\ Windows Defender [05/16/2008|02:44] C:\Program Files\ Windows Journal [05/20/2008|05:36] C:\Program Files\ Windows Live [05/16/2008|02:44] C:\Program Files\ Windows Mail [05/16/2008|02:44] C:\Program Files\ Windows Media Player [05/16/2008|10:10] C:\Program Files\ Windows NT [05/16/2008|02:44] C:\Program Files\ Windows Photo Gallery [05/16/2008|02:44] C:\Program Files\ Windows Sidebar [05/16/2008|11:48] C:\Program Files\ WinRAR [05/20/2008|12:16] C:\Program Files\ Xfire [05/21/2008|10:42] C:\Program Files\ Xilisoft ------[ Listing des dossiers dans C:\Program Files\Common Files ]------ [05/20/2008|10:50] C:\Program Files\Common Files\ Adobe [05/23/2008|07:26] C:\Program Files\Common Files\ AVSMedia [05/20/2008|10:49] C:\Program Files\Common Files\ Control Panels [05/17/2008|03:20] C:\Program Files\Common Files\ EZB Systems [05/17/2008|09:18] C:\Program Files\Common Files\ InstallShield [05/16/2008|04:29] C:\Program Files\Common Files\ Java [05/16/2008|12:23] C:\Program Files\Common Files\ Logishrd [05/20/2008|10:28] C:\Program Files\Common Files\ Macrovision Shared [05/20/2008|05:34] C:\Program Files\Common Files\ microsoft shared [11/02/2006|07:18] C:\Program Files\Common Files\ Services [11/02/2006|07:18] C:\Program Files\Common Files\ SpeechEngines [05/20/2008|12:37] C:\Program Files\Common Files\ Steam [05/16/2008|02:43] C:\Program Files\Common Files\ System [05/16/2008|04:34] C:\Program Files\Common Files\ WindowsLiveInstaller [05/19/2008|01:57] C:\Program Files\Common Files\ Wise Installation Wizard ---------------------------[ Process ]-------------------------- ... 66 ... OK ! ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 11:29:47 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- => C:\Users\JockeR\AppData\Roaming\uTorrent\Magic DVD Copier 4.8.0.4 Incl. Keygen.torrent [F:19814][D:3969]-> C:\Users\JockeR\AppData\Local\Temp [F:92][D:1]-> C:\Users\JockeR\AppData\Roaming\MICROS~1\Windows\Cookies [F:1598][D:4]-> C:\Users\JockeR\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:2][D:2]-> C:\$Recycle.Bin [ UAC => 1 ] --------------------[ Fin du rapport a 11:31:08.98 ]----------------------

ludsfa · Answer

désactive à nouveau ton antivirus


Relance Lop S&D
                       


    *  Choisis cette fois ci l'Option 2 (Suppression)
    * Ne ferme pas la fenêtre lors de la suppression !
    * Poste le rapport généré (C:\lopR.txt) 

                     
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Serial - Killer · Answer

-----------------------[ Lop S&D 4.2.0-9 XP/Vista ]--------------------- [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ] [ USER : JockeR ] [ "C:\Lop SD" ] [ Selection : 2 ] [ Sun 05/25/2008 | 11:47:26.17 ] [ PC : PC-DE-JOCKER ] [ MAJ : 16-05-2008 | 23:35 ] [ UAC => 0 ] //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\ -------------[ Listing des dossiers dans Application Data ]------------ [05/24/2008|05:19] C:\Users\JockeR\AppData\Roaming\Adobe\ Workflow [05/23/2008|11:04] C:\Users\JockeR\AppData\Roaming\Adobe\ Fireworks CS3 [05/22/2008|01:38] C:\Users\JockeR\AppData\Roaming\Adobe\ Common [05/22/2008|01:38] C:\Users\JockeR\AppData\Roaming\Adobe\ Dreamweaver 9 [05/22/2008|01:23] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe Photoshop CS3 [05/20/2008|04:02] C:\Users\JockeR\AppData\Roaming\Adobe\ PatcherLogs [05/20/2008|12:01] C:\Users\JockeR\AppData\Roaming\Adobe\ Acrobat [05/20/2008|12:01] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe PDF [05/20/2008|11:29] C:\Users\JockeR\AppData\Roaming\Adobe\ Color [05/20/2008|10:48] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe Illustrator CS3 Settings [05/20/2008|10:48] C:\Users\JockeR\AppData\Roaming\Adobe\ After Effects [05/20/2008|10:47] C:\Users\JockeR\AppData\Roaming\Adobe\ PremierePro [05/20/2008|10:47] C:\Users\JockeR\AppData\Roaming\Adobe\ Premiere Pro [05/20/2008|10:45] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe DVD [05/20/2008|10:45] C:\Users\JockeR\AppData\Roaming\Adobe\ Adobe Encore [05/20/2008|10:44] C:\Users\JockeR\AppData\Roaming\Adobe\ Soundbooth [05/20/2008|10:28] C:\Users\JockeR\AppData\Roaming\Adobe\ Updater5 [05/16/2008|06:42] C:\Users\JockeR\AppData\Roaming\Adobe\ Flash Player [05/23/2008|08:22] C:\Users\JockeR\AppData\Roaming\dvdcss\ 20080523_201421#2008052320144500 [05/23/2008|07:02] C:\Users\JockeR\AppData\Roaming\dvdcss\ DIRTY_DANCING_ULTIMATE_DISC1#2007032811371075 [05/22/2008|09:53] C:\Users\JockeR\AppData\Roaming\dvdcss\ IMMORTEL#2006102307190000 [05/21/2008|10:43] C:\Users\JockeR\AppData\Roaming\dvdcss\ NDG_DISQUE1#2003040623370800 [05/17/2008|09:19] C:\Users\JockeR\AppData\Roaming\GlobalSCAPE\ CuteFTP Pro [05/24/2008|10:34] C:\Users\JockeR\AppData\Roaming\GRETECH\ GomPlayer [05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Identities\ {10812328-81D7-48C5-B1E7-238C4831CF3F} [05/16/2008|10:25] C:\Users\JockeR\AppData\Roaming\InstallShield\ ISEngine12.0 [05/16/2008|12:56] C:\Users\JockeR\AppData\Roaming\Logitech\ SetPoint [05/16/2008|10:40] C:\Users\JockeR\AppData\Roaming\Macromedia\ Flash Player [05/24/2008|12:49] C:\Users\JockeR\AppData\Roaming\Malwarebytes\ Malwarebytes' Anti-Malware [05/25/2008|09:59] C:\Users\JockeR\AppData\Roaming\Microsoft\ CLR Security Config [05/23/2008|11:01] C:\Users\JockeR\AppData\Roaming\Microsoft\ Installer [05/20/2008|07:26] C:\Users\JockeR\AppData\Roaming\Microsoft\ MMC [05/20/2008|12:28] C:\Users\JockeR\AppData\Roaming\Microsoft\ MSN Messenger [05/16/2008|09:01] C:\Users\JockeR\AppData\Roaming\Microsoft\ HTML Help [05/16/2008|04:35] C:\Users\JockeR\AppData\Roaming\Microsoft\ IdentityCRL [05/16/2008|12:49] C:\Users\JockeR\AppData\Roaming\Microsoft\ Internet Explorer [05/16/2008|11:48] C:\Users\JockeR\AppData\Roaming\Microsoft\ Protect [05/16/2008|10:41] C:\Users\JockeR\AppData\Roaming\Microsoft\ Windows [05/16/2008|10:25] C:\Users\JockeR\AppData\Roaming\Microsoft\ Crypto [05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Microsoft\ SystemCertificates [05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Microsoft\ Credentials [05/16/2008|11:48] C:\Users\JockeR\AppData\Roaming\Mozilla\ Firefox [05/23/2008|09:34] C:\Users\JockeR\AppData\Roaming\OpenOffice.org2\ user [05/23/2008|07:31] C:\Users\JockeR\AppData\Roaming\Pegasys Inc\ TMPGEnc4XP [05/16/2008|10:43] C:\Users\JockeR\AppData\Roaming\Talkback\ MozillaOrg [05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\ recordings [05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\ wav [05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\ icons [05/19/2008|01:58] C:\Users\JockeR\AppData\Roaming\Ventrilo\ usereditorprofiles [05/20/2008|12:22] C:\Users\JockeR\AppData\Roaming\Xfire\ chatlog ----------------[ Tâches planifiées dans C:\Windows asks ]--------------- [05/25/2008 11:45 AM][--ah-----] C:\Windows asks\SA.DAT [05/25/2008 11:44 AM][--a------] C:\Windows asks\SCHEDLGU.TXT ------[ Listing des dossiers dans C:\ProgramData ]------ [05/20/2008|11:29] C:\ProgramData\ Adobe [05/20/2008|10:48] C:\ProgramData\ ALM [05/17/2008|10:46] C:\ProgramData\ Apple Computer [11/02/2006|09:00] C:\ProgramData\ Application Data [05/16/2008|10:46] C:\ProgramData\ Avira [05/16/2008|10:10] C:\ProgramData\ Bureau [11/02/2006|09:00] C:\ProgramData\ Desktop [11/02/2006|09:00] C:\ProgramData\ Documents [05/23/2008|07:35] C:\ProgramData\ DVD Shrink [05/16/2008|10:10] C:\ProgramData\ Favoris [11/02/2006|09:00] C:\ProgramData\ Favorites [05/20/2008|11:29] C:\ProgramData\ FLEXnet [05/17/2008|09:38] C:\ProgramData\ Google [05/17/2008|09:27] C:\ProgramData\ GRETECH [05/16/2008|12:25] C:\ProgramData\ LogiShrd [05/16/2008|12:25] C:\ProgramData\ Logitech [05/24/2008|12:48] C:\ProgramData\ Malwarebytes [05/16/2008|10:10] C:\ProgramData\ Menu D‚marrer [05/17/2008|12:10] C:\ProgramData\ Messenger Plus! [05/16/2008|09:01] C:\ProgramData\ Microsoft [05/16/2008|10:10] C:\ProgramData\ ModŠles [05/20/2008|07:43] C:\ProgramData\ NVIDIA [05/25/2008|09:47] C:\ProgramData\ PC Drivers HeadQuarters [05/16/2008|08:29] C:\ProgramData\ SonicFocus [11/02/2006|09:00] C:\ProgramData\ Start Menu [05/17/2008|11:10] C:\ProgramData\ TechSmith [11/02/2006|09:00] C:\ProgramData\ Templates [05/20/2008|11:02] C:\ProgramData\ Ubisoft [05/23/2008|03:30] C:\ProgramData\ vsosdk [05/20/2008|05:32] C:\ProgramData\ WLInstaller [05/20/2008|12:26] C:\ProgramData\ Xfire ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [05/16/2008|01:12] C:\Program Files\ Activision [05/20/2008|10:50] C:\Program Files\ Adobe [05/16/2008|08:29] C:\Program Files\ Analog Devices [05/16/2008|10:41] C:\Program Files\ Anti-Leech [05/22/2008|10:53] C:\Program Files\ Astonsoft [05/16/2008|10:46] C:\Program Files\ Avira [05/21/2008|08:35] C:\Program Files\ AviSynth 2.5 [05/23/2008|07:11] C:\Program Files\ AVSMedia [05/16/2008|12:40] C:\Program Files\ BitLocker [05/20/2008|10:31] C:\Program Files\ Bonjour [05/16/2008|10:39] C:\Program Files\ CCleaner [05/23/2008|07:10] C:\Program Files\ Common Files [05/18/2008|09:22] C:\Program Files\ Cool Beans NFO Creator [05/16/2008|08:29] C:\Program Files\ Creative [05/18/2008|09:00] C:\Program Files\ DAMN NFO Viewer [05/16/2008|02:50] C:\Program Files\174 desktop.ini [05/23/2008|03:36] C:\Program Files\ DVDFab Platinum 4 [05/21/2008|08:35] C:\Program Files\ eRightSoft [05/16/2008|10:10] C:\Program Files\ Fichiers communs [C:\Program Files\Common Files] [05/20/2008|09:53] C:\Program Files\ FileZilla FTP Client [05/17/2008|09:18] C:\Program Files\ GlobalSCAPE [05/17/2008|09:24] C:\Program Files\ GRETECH [05/16/2008|01:54] C:\Program Files\ HLSW [05/25/2008|09:49] C:\Program Files\ InstallShield Installation Information [05/16/2008|02:44] C:\Program Files\ Internet Explorer [05/16/2008|04:30] C:\Program Files\ Java [05/17/2008|09:33] C:\Program Files\ KC Softwares [05/22/2008|07:04] C:\Program Files\ K-Lite Codec Pack [05/16/2008|12:25] C:\Program Files\ Logitech [05/23/2008|10:54] C:\Program Files\ MagicDVDRipper [05/24/2008|12:48] C:\Program Files\ Malwarebytes' Anti-Malware [05/20/2008|07:27] C:\Program Files\ Marvell [05/18/2008|09:21] C:\Program Files\ MediaInfo [05/17/2008|10:09] C:\Program Files\ Messenger Plus! Live [05/16/2008|12:40] C:\Program Files\ Microsoft Games [05/20/2008|08:49] C:\Program Files\ Microsoft Silverlight [05/16/2008|02:44] C:\Program Files\ Movie Maker [05/16/2008|02:29] C:\Program Files\ Mozilla Firefox [11/02/2006|08:35] C:\Program Files\ MSBuild [05/25/2008|11:03] C:\Program Files\ NeoTrace Express [05/16/2008|10:27] C:\Program Files\ NVIDIA Corporation [05/16/2008|05:49] C:\Program Files\ OpenOffice.org 2.4 [05/25/2008|09:47] C:\Program Files\ PC Drivers HeadQuarters [05/20/2008|11:41] C:\Program Files\ Project64 1.6 [05/20/2008|10:40] C:\Program Files\ QuickTime [05/22/2008|05:01] C:\Program Files\ QuickTime Alternative [11/02/2006|08:35] C:\Program Files\ Reference Assemblies [05/19/2008|04:01] C:\Program Files\ rFactor [05/16/2008|09:01] C:\Program Files\ RivaTuner v2.07 [05/22/2008|04:47] C:\Program Files\ Stardock [05/20/2008|09:10] C:\Program Files\ Steam [05/16/2008|08:25] C:\Program Files\ TeamSpeak3 [05/17/2008|11:10] C:\Program Files\ TechSmith [05/20/2008|10:51] C:\Program Files\ Ubisoft [05/17/2008|03:20] C:\Program Files\ UltraISO [11/02/2006|09:00] C:\Program Files\ Uninstall Information [05/22/2008|04:33] C:\Program Files\ Unlocker [05/17/2008|08:54] C:\Program Files\ uTorrent [05/19/2008|01:57] C:\Program Files\ Ventrilo [05/25/2008|11:44] C:\Program Files\ vLite [05/17/2008|01:06] C:\Program Files\ VSO [05/16/2008|02:44] C:\Program Files\ Windows Calendar [05/16/2008|02:44] C:\Program Files\ Windows Collaboration [05/16/2008|02:43] C:\Program Files\ Windows Defender [05/16/2008|02:44] C:\Program Files\ Windows Journal [05/20/2008|05:36] C:\Program Files\ Windows Live [05/16/2008|02:44] C:\Program Files\ Windows Mail [05/16/2008|02:44] C:\Program Files\ Windows Media Player [05/16/2008|10:10] C:\Program Files\ Windows NT [05/16/2008|02:44] C:\Program Files\ Windows Photo Gallery [05/16/2008|02:44] C:\Program Files\ Windows Sidebar [05/16/2008|11:48] C:\Program Files\ WinRAR [05/20/2008|12:16] C:\Program Files\ Xfire [05/21/2008|10:42] C:\Program Files\ Xilisoft ------[ Listing des dossiers dans C:\Program Files\Common Files ]------ [05/20/2008|10:50] C:\Program Files\Common Files\ Adobe [05/23/2008|07:26] C:\Program Files\Common Files\ AVSMedia [05/20/2008|10:49] C:\Program Files\Common Files\ Control Panels [05/17/2008|03:20] C:\Program Files\Common Files\ EZB Systems [05/17/2008|09:18] C:\Program Files\Common Files\ InstallShield [05/16/2008|04:29] C:\Program Files\Common Files\ Java [05/16/2008|12:23] C:\Program Files\Common Files\ Logishrd [05/20/2008|10:28] C:\Program Files\Common Files\ Macrovision Shared [05/20/2008|05:34] C:\Program Files\Common Files\ microsoft shared [11/02/2006|07:18] C:\Program Files\Common Files\ Services [11/02/2006|07:18] C:\Program Files\Common Files\ SpeechEngines [05/20/2008|12:37] C:\Program Files\Common Files\ Steam [05/16/2008|02:43] C:\Program Files\Common Files\ System [05/16/2008|04:34] C:\Program Files\Common Files\ WindowsLiveInstaller [05/19/2008|01:57] C:\Program Files\Common Files\ Wise Installation Wizard ---------------------------[ Process ]-------------------------- ... 59 ... OK ! ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 11:48:39 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- => C:\Users\JockeR\AppData\Roaming\uTorrent\Magic DVD Copier 4.8.0.4 Incl. Keygen.torrent [F:10][D:3]-> C:\Users\JockeR\AppData\Local\Temp [F:92][D:1]-> C:\Users\JockeR\AppData\Roaming\MICROS~1\Windows\Cookies [F:1598][D:4]-> C:\Users\JockeR\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:2][D:2]-> C:\$Recycle.Bin [ UAC => 1 ] --------------------[ Fin du rapport a 11:49:12.37 ]----------------------

ludsfa · Answer

peux tu m'envoyer un nouveau rapport hijackthis .

Serial - Killer · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:00 PM, on 5/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32undll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\JockeR\Desktop\Sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcAppFlt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe

ludsfa · Answer

Comment ce porte ton PC?

Serial - Killer · Answer

Il vas beaucoup mieux a présent un GROS merci a toi , mes ya une chose quelle parefeu je peux avoir sous vista , (compatible) et qui prendra pas beaucoup de ressource dans le (gratuit) """ tanner des HACKERS """ mdrrrr

ludsfa · Answer

attends on finit vite fait après on va voir pour ça.


télécharge ToolsCleaner sur ton bureau.

une fois installé tu fais "recherche" et ensuite tu fais "suppression" .
Un rapport va être généré envois le moi.

ce logiciel sert à supprimé tous les logiciels de désinfections que je t'ai fait utiliser.
Tu peux aussi si tu le souhaites utiliser les options facultative.

Serial - Killer · Answer

-->- Recherche: 

C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\MsnFix: trouvé !
C:\Qoobox: trouvé !
C:\Lop SD\Lop S&D.lnk: trouvé !
C:\Users\JockeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: trouvé !
C:\Users\JockeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: trouvé !
C:\Users\JockeR\Desktop\Lop S&D.lnk: trouvé !
C:\Users\JockeR\Desktop\LopSD.exe: trouvé !
C:\Users\JockeR\Desktop\Msnfix.zip: trouvé !
C:\Users\JockeR\Desktop\ComboFix.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Lop SD\Lop S&D.lnk: supprimé !
C:\Users\JockeR\Desktop\Lop S&D.lnk: supprimé !
C:\Users\JockeR\Desktop\LopSD.exe: supprimé !
C:\Users\JockeR\Desktop\Msnfix.zip: supprimé !
C:\Users\JockeR\Desktop\ComboFix.exe: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: ERREUR DE SUPPRESSION !!
C:\MsnFix: supprimé !
C:\Qoobox: supprimé !
C:\Users\JockeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Lop S&D: ERREUR DE SUPPRESSION !!
C:\Users\JockeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lop S&D: supprimé !

Serial - Killer · Answer

ludsfa es tu encore la lollll

ludsfa · Answer

salut,


excuse moi mais je suis pas la cette semaine .


tu peux  fermer ton sujet mais tu pourra me laisser des messages je répondrait à tes questions.

Serial - Killer · Answer

OK merci encore , mes j'ai des programes qu'il ne fonctionne plus , lolllll cer pas grave je m'arrange avec ca merci 

@+++

ludsfa · Answer

salut helper


tu peux poster ailleurs tes commentaires tu les gardes .
Tous le monde ne veux pas formater.

Je n'utilise pas les tools.

ludsfa · Answer

salut serial killer 
non ce n'est pas à toi du tout ne t'inquiète pas.

c'est à helper que je parlais .

je te souhaites bon surf.