Sujet Précédent Sujet Suivant

Probleme cheval de troie

Fermé
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008 - 12 juin 2008 à 19:53
 Utilisateur anonyme - 22 juin 2008 à 12:37
Bonjour,

Depuis quelque temps mon antivirus Avira me detecte un cheval de troie nommé TR/Mondera.65536.1
L'antivirus me le signal a chaque ouverture de fichiers ou programmes.
J'ai aussi des spam presque toutes les minutes !

je vous colle un hijackthis, merci pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:10, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: The hdtip - {70EC7CA3-2FFC-4E43-97DE-3C91B2F65D36} - C:\WINDOWS\hdtip.dll (file missing)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\JEAN\lsass.exe
O4 - HKLM\..\Run: [04e92ee5] rundll32.exe "C:\WINDOWS\system32\soadtqin.dll",b
O4 - HKLM\..\Run: [BM07da1d79] Rundll32.exe "C:\WINDOWS\system32\aoxqaqyn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ieservicegate.com/redirect.php (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCDB924D-4A0B-435E-9B58-580F69CE4393}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

40 réponses

Précédent
  • 1
  • 2
Réponse 21 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
15 juin 2008 à 13:50
voila le rapport

je vais réessayer combofix

EDIT: combofix me fais la meme erreur: you cannot rename ...

-->- Recherche:

C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\JEAN\Bureau\HijackThis.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\JEAN\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 22 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
15 juin 2008 à 16:09
petit up
0
Utilisateur anonyme
15 juin 2008 à 16:10
Ok maintenant fais ceci:

Défragmenter le disque dur:

*Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.
*Cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.
*Cliquez sur le bouton Afficher le rapport. (enregistre le et poste le moi stp) (que si tu as XP).
*Cliquez sur le bouton Défragmenter.
0
Réponse 23 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
16 juin 2008 à 07:46
Voila le rapport de main.txt:

Deckard's System Scanner v20071014.68
Run by JEAN on 2008-06-16 07:37:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-16 07:39:20
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\JEAN\Local Settings\Temporary Internet Files\Content.IE5\S56VW9AN\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: {07c3a95b-6390-5e58-6364-61ca3f5540f0} - {0f0455f3-ac16-4636-85e5-0936b59a3c70} - C:\WINDOWS\system32\smolkdwf.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} - C:\WINDOWS\system32\ddcDvSlm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {F97B1075-39B7-46AA-8073-74FA82697612} - C:\WINDOWS\system32\khfFUOee.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {70EC7CA3-2FFC-4E43-97DE-3C91B2F65D36} - (no file)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [04e92ee5] rundll32.exe "C:\WINDOWS\system32\aiksqbcv.dll",b
O4 - HKLM\..\Run: [BM07da1d79] Rundll32.exe "C:\WINDOWS\system32\hwuwpjbo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1981365741
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCDB924D-4A0B-435E-9B58-580F69CE4393}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O20 - Winlogon Notify: ddcDvSlm - C:\WINDOWS\system32\ddcDvSlm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe

0
Réponse 24 / 40
Utilisateur anonyme
16 juin 2008 à 11:03
Re ,

alors. 
C:\Documents and Settings\JEAN\Local Settings\Temporary Internet Files\Content.IE5\S56VW9AN\dss[1].exe

Ne télécharge pas DSS dans les fichier temporaires stp ...
tu le changeras de place.

********************************************

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\


1)Télécharge OTMoveIt2 ( de Old Timer )

2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :



C:\WINDOWS\system32\smolkdwf.dll
C:\WINDOWS\system32\ddcDvSlm.dll
C:\WINDOWS\system32\khfFUOee.dll
C:\WINDOWS\system32\aiksqbcv.dll
C:\WINDOWS\system32\hwuwpjbo.dll
C:\WINDOWS\system32\eeOUFfhk.ini2
C:\WINDOWS\system32\wilbirgr.dll
C:\WINDOWS\system32\bsudmsow.dll
C:\WINDOWS\system32\xvdfswxu.dll
C:\WINDOWS\system32\aoxqaqyn.dll
C:\WINDOWS\system32\oytpucvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f0455f3-ac16-4636-85e5-0936b59a3c70}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F97B1075-39B7-46AA-8073-74FA82697612}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04e92ee5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM07da1d79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDvSlm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3
C:\Program Files\PartyGaming
C:\Documents and Settings\JEAN\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Program Files\Malwarebytes' Anti-Malware
Emptytemp





et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.


********************************************

ENSUITE , tu va re-télécharger Malware byte's et me refaire une analyse stp .


fiat500 / Boy / regardez un peu mieux : No action taken.



********************************************


Virtual.be ,, Suis A LA LETTRE ceci :



Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine . ►► FAIT LE

→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

→ Ferme MBAM en cliquant sur Quitter.

Poste le rapport dans ta réponse


Tutorial : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

A+++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
16 juin 2008 à 17:17
J'ai une question : comment on remet la barre bleu du dessus dans le gestionnaire des taches ? elle a disparue un jour et je ne sais plus la remettre.

j'ai le rapport de OTmoveit2

DllUnregisterServer procedure not found in C:\WINDOWS\system32\smolkdwf.dll
C:\WINDOWS\system32\smolkdwf.dll NOT unregistered.
C:\WINDOWS\system32\smolkdwf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcDvSlm.dll
C:\WINDOWS\system32\ddcDvSlm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddcDvSlm.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khfFUOee.dll
C:\WINDOWS\system32\khfFUOee.dll NOT unregistered.
C:\WINDOWS\system32\khfFUOee.dll moved successfully.
File/Folder C:\WINDOWS\system32\aiksqbcv.dll not found.
File/Folder C:\WINDOWS\system32\hwuwpjbo.dll not found.
C:\WINDOWS\system32\eeOUFfhk.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wilbirgr.dll
C:\WINDOWS\system32\wilbirgr.dll NOT unregistered.
C:\WINDOWS\system32\wilbirgr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\bsudmsow.dll
C:\WINDOWS\system32\bsudmsow.dll NOT unregistered.
C:\WINDOWS\system32\bsudmsow.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\xvdfswxu.dll
C:\WINDOWS\system32\xvdfswxu.dll NOT unregistered.
C:\WINDOWS\system32\xvdfswxu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aoxqaqyn.dll
C:\WINDOWS\system32\aoxqaqyn.dll NOT unregistered.
C:\WINDOWS\system32\aoxqaqyn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\oytpucvc.dll
C:\WINDOWS\system32\oytpucvc.dll NOT unregistered.
C:\WINDOWS\system32\oytpucvc.dll moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f0455f3-ac16-4636-85e5-0936b59a3c70} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f0455f3-ac16-4636-85e5-0936b59a3c70} \\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} \\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F97B1075-39B7-46AA-8073-74FA82697612} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F97B1075-39B7-46AA-8073-74FA82697612} \\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04e92ee5 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\04e92ee5 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM07da1d79 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM07da1d79 not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{­A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{­A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{­A1E716C4-D172-4FCB-9C66-21BEF1DD2D44} \ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDvSlm >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcDvSlm \\ not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3 \\ not found.
C:\Program Files\PartyGaming\tmpUpgrade moved successfully.
C:\Program Files\PartyGaming\PartyPoker\tmpUpgrade moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Temp moved successfully.
C:\Program Files\PartyGaming\PartyPoker\PokerTrainer moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR\images moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Images moved successfully.
C:\Program Files\PartyGaming\PartyPoker moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\articles moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language moved successfully.
C:\Program Files\PartyGaming\PartyCasino moved successfully.
C:\Program Files\PartyGaming moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
C:\Documents and Settings\JEAN\Application Data\Malwarebytes moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware\Languages moved successfully.
C:\Program Files\Malwarebytes' Anti-Malware moved successfully.
< Emptytemp >
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_170359
0
Réponse 26 / 40
Utilisateur anonyme
16 juin 2008 à 18:15
Re ,

Redémarre , et fait MBAM.

J'attends le rapport.


quand a la barre bleue on verra ça a la fin ;))

A++
0
Réponse 27 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
16 juin 2008 à 19:20
Voila le rapport MBAM, il en a supprimé mais au redemarrage Avira antivir m'en a trouver d'autres :s

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 861

19:09:19 16/06/2008
mbam-log-6-16-2008 (19-09-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 105788
Temps écoulé: 1 hour(s), 14 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\iifgExxV.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\itpdltrw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\twijbwah.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcDvSlm.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{292064dc-1d48-40aa-9ee7-6bc61142d568} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{292064dc-1d48-40aa-9ee7-6bc61142d568} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1e716c4-d172-4fcb-9c66-21bef1dd2d44} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e716c4-d172-4fcb-9c66-21bef1dd2d44} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcdvslm (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\04e92ee5 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a1e716c4-d172-4fcb-9c66-21bef1dd2d44} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM07da1d79 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
0
Réponse 28 / 40
Utilisateur anonyme
16 juin 2008 à 19:23
Re ,

Vide la quarantaine de Malwarebyte's Anti-Malware: Clique sur le raccourci de Malwarebytes' Anti-Malware , puis sur Quarantaine, sélectionne les divers éléments en cliquant sur Tout puis clique sur Supprime.

*****************************************

+ nouveau rapport DSS.


A+
0
Réponse 29 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
16 juin 2008 à 19:34
Et voila. Mais cette fois je n'ai pas eu de extra.txt juste main.txt

Deckard's System Scanner v20071014.68
Run by JEAN on 2008-06-16 19:29:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-16 19:29:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JEAN\Bureau\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {cb23a599-55f4-7e88-5284-0c292e217717} - {717712e2-92c0-4825-88e7-4f55995a32bc} - C:\WINDOWS\system32\mwlyftod.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {F4736DE3-9437-4BA8-BB71-3556E0376022} - C:\WINDOWS\system32\khfFUOee.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {70EC7CA3-2FFC-4E43-97DE-3C91B2F65D36} - (no file)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1981365741
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{BCDB924D-4A0B-435E-9B58-580F69CE4393}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe

0
Réponse 30 / 40
Utilisateur anonyme
16 juin 2008 à 19:40
Re ,

Va falloir utiliser Combofix là.

Désactive toute tes protections et coupe l'accès à internet durant le scan.

Et fais ceci :

http://www.commentcamarche.net/forum/affich 6864650 probleme cheval de troie#22




A++

0
Réponse 31 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
16 juin 2008 à 20:02
ComboFix 08-06-15.4 - JEAN 2008-06-16 19:41:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.636 [GMT 2:00]
Endroit: C:\Documents and Settings\JEAN\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JEAN\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\JEAN\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\JEAN\Application Data\Adssite Advanced Toolbar\selected.xml
C:\WINDOWS\BM07da1d79.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\chutgmye.ini
C:\WINDOWS\system32\eeOUFfhk.ini
C:\WINDOWS\system32\eeOUFfhk.ini2
C:\WINDOWS\system32\ehykvtkb.ini
C:\WINDOWS\system32\jyikrahk.ini
C:\WINDOWS\system32\klmhadct.dll
C:\WINDOWS\system32\lsfpfgcj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mwlyftod.dll
C:\WINDOWS\system32\mxsbakbx.ini
C:\WINDOWS\system32\niqtdaos.ini
C:\WINDOWS\system32\nyalectu.ini
C:\WINDOWS\system32\qdkcwvwr.ini
C:\WINDOWS\system32\rehyvqet.ini
C:\WINDOWS\system32\rosrkcpe.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))
.

2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Malwarebytes
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 17:04 . 2008-06-16 17:04 <REP> d-------- C:\_OTMoveIt
2008-06-16 07:37 . 2008-06-16 07:37 <REP> d-------- C:\Deckard
2008-06-15 10:39 . 2008-06-16 09:35 2,070 ---hs---- C:\WINDOWS\system32\vcbqskia.ini
2008-06-14 11:29 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 11:29 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 19:20 . 2008-06-12 19:20 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-28 19:20 . 2008-05-28 19:20 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Apple Computer
2008-05-24 14:13 . 2008-05-24 14:13 <REP> d-------- C:\Logs
2008-05-21 13:14 . 2008-05-21 13:29 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Teeworlds
2008-05-17 17:00 . 2006-09-05 19:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys
2008-05-17 17:00 . 2006-09-05 19:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys
2008-05-17 16:41 . 2008-05-17 16:41 <REP> d-------- C:\Program Files\Disc2Phone
2008-05-17 16:38 . 2008-05-17 16:39 <REP> d-------- C:\Program Files\QuickTime
2008-05-17 16:37 . 2008-05-17 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-17 16:36 . 2006-09-05 19:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys
2008-05-17 16:35 . 2008-06-10 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 16:35 . 2008-05-17 16:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 13:42 --------- d-----w C:\Program Files\World of Warcraft
2008-06-15 11:45 --------- d-----w C:\Program Files\Trend Micro
2008-06-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 13:36 2,728 ----a-w C:\Documents and Settings\JEAN\Application Data\wklnhst.dat
2008-06-07 13:25 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\JEAN\Application Data\ATI
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-23 18:33 --------- d-----w C:\Program Files\ATI Technologies
2008-04-23 18:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 12:08 --------- d-----w C:\Program Files\Valve
2007-10-30 13:21 67,040 ----a-w C:\Documents and Settings\JEAN\Application Data\GDIPFONTCACHEV1.DAT
2006-12-08 13:08 0 -c--a-w C:\Program Files\Deployment.xml
2006-12-08 13:03 0 -c----w C:\Program Files\WinBootstrapper.msi
2006-12-08 12:58 0 -c--a-w C:\Program Files\WinBootstrapper1.cab
2006-11-27 20:31 49 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb41.dat
2006-11-27 20:31 382 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb1942.dat
2006-11-26 09:23 20,480 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb4827.dat
2006-11-16 06:32 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb5436.dat
2006-11-11 19:29 9,216 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb8467.dat
2006-11-11 19:29 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb6334.dat
2003-08-14 17:13 40,960 -c--a-w C:\Program Files\Uninstall_PCM.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4736DE3-9437-4BA8-BB71-3556E0376022}]
C:\WINDOWS\system32\khfFUOee.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2003-06-27 15:39 506368 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-06-27 09:36 5798912 C:\WINDOWS\CNYHKey.exe]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 18:31 2269184 C:\WINDOWS\CMICNFG.CPL]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02 860672]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-26 17:30 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-17 16:38 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Morpheus.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
C:\Program Files\DynDNS Updater\DynDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-03-26 06:35 429568 C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-10 18:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2003-06-18 12:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2003-06-24 15:23 61440 C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-17 16:38 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 04:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weflirt]
--a------ 2007-10-12 17:39 6574080 C:\Program Files\Weflirt\weflirt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13660:TCP"= 13660:TCP:BitComet 13660 TCP
"13660:UDP"= 13660:UDP:BitComet 13660 UDP
"8332:TCP"= 8332:TCP:BitComet 8332 TCP
"8332:UDP"= 8332:UDP:BitComet 8332 UDP

R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 16:29]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 16:41]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 16:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 12:43]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-07 16:36]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 19:49:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-16 19:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 17:58:05

Pre-Run: 32,313,667,584 octets libres
Post-Run: 32,288,198,656 octets libres

196 --- E O F --- 2008-05-17 13:23:31
0
Réponse 32 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
17 juin 2008 à 07:58
ComboFix 08-06-15.4 - JEAN 2008-06-17 7:36:44.2 - NTFSx86
Endroit: C:\Documents and Settings\JEAN\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\JEAN\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\vcbqskia.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359.log
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359.res
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Documents and Settings\JEAN\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-6-14-2008 (14-15-09).txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\changes.rtf
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\albanian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\license.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\unins000.dat
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\unins000.msg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\announce.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\INSTALL.LOG
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\format.ini
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\Language\allLangVersion.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\Language\en_US\version.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\Language\version.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\lobbyconfig.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\pc_uninstall.bat
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\ProductVersion.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyCasino\version.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\announce.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Images\but_help.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Images\system_but_bingo.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100152.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100174.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100178.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100180.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100198.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\100202.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\2.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\4.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\54866.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\54870.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\62958.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\63194.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\64759.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\65478.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\75180.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94062.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94148.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94150.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\94360.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\95752.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\articles\99950.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\en_US\images\system_but_gammon.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\100178.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\54870.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\64745.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\75180.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles\94062.atc
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Language\fr_FR\images\system_but_gammon.jpg
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Notes.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\PokerTrainer.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\tmpUpgrade\INSTALL.LOG
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\tmpUpgrade\upgradepp113-114man.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\TourneyDescription.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\Uninstall.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\PartyPoker\usertab.txt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\tmpUpgrade\upgradePG114-115man.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\Program Files\PartyGaming\tmpUpgrade\upgradePG115-116man.exe
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\aoxqaqyn.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\bsudmsow.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\eeOUFfhk.ini2
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\khfFUOee.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\oytpucvc.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\smolkdwf.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\wilbirgr.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6162008_170359\WINDOWS\system32\xvdfswxu.dll
C:\WINDOWS\system32\vcbqskia.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

2008-06-17 07:33 . 2008-06-17 07:34 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Malwarebytes
2008-06-16 17:24 . 2008-06-16 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-16 07:37 . 2008-06-16 07:37 <REP> d-------- C:\Deckard
2008-06-14 11:29 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 11:29 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-12 19:20 . 2008-06-12 19:20 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-05-28 19:20 . 2008-05-28 19:20 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Apple Computer
2008-05-24 14:13 . 2008-05-24 14:13 <REP> d-------- C:\Logs
2008-05-21 13:14 . 2008-05-21 13:29 <REP> d-------- C:\Documents and Settings\JEAN\Application Data\Teeworlds
2008-05-17 17:00 . 2006-09-05 19:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys
2008-05-17 17:00 . 2006-09-05 19:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys
2008-05-17 17:00 . 2006-09-05 20:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys
2008-05-17 16:41 . 2008-05-17 16:41 <REP> d-------- C:\Program Files\Disc2Phone
2008-05-17 16:38 . 2008-05-17 16:39 <REP> d-------- C:\Program Files\QuickTime
2008-05-17 16:37 . 2008-05-17 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-17 16:36 . 2006-09-05 19:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys
2008-05-17 16:36 . 2006-09-05 19:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys
2008-05-17 16:35 . 2008-06-10 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 16:35 . 2008-05-17 16:36 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 13:42 --------- d-----w C:\Program Files\World of Warcraft
2008-06-15 11:45 --------- d-----w C:\Program Files\Trend Micro
2008-06-12 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 13:36 2,728 ----a-w C:\Documents and Settings\JEAN\Application Data\wklnhst.dat
2008-06-07 13:25 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\JEAN\Application Data\ATI
2008-04-23 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-04-23 18:33 --------- d-----w C:\Program Files\ATI Technologies
2008-04-23 18:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 12:08 --------- d-----w C:\Program Files\Valve
2007-10-30 13:21 67,040 ----a-w C:\Documents and Settings\JEAN\Application Data\GDIPFONTCACHEV1.DAT
2006-12-08 13:08 0 -c--a-w C:\Program Files\Deployment.xml
2006-12-08 13:03 0 -c----w C:\Program Files\WinBootstrapper.msi
2006-12-08 12:58 0 -c--a-w C:\Program Files\WinBootstrapper1.cab
2006-11-27 20:31 49 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb41.dat
2006-11-27 20:31 382 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb1942.dat
2006-11-26 09:23 20,480 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb4827.dat
2006-11-16 06:32 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb5436.dat
2006-11-11 19:29 9,216 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb8467.dat
2006-11-11 19:29 0 -c--a-w C:\Documents and Settings\JEAN\Application Data\internaldb6334.dat
2003-08-14 17:13 40,960 -c--a-w C:\Program Files\Uninstall_PCM.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_19.57.44.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:57:16 1,024,512 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:57:16 152,064 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:57:17 1,056,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:57:17 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:57:18 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:57:18 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:57:18 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:57:18 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:57:18 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:57:22 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:57:22 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:57:23 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:57:23 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:57:23 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:57:25 1,499,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:57:26 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru040c.dll
+ 2008-04-21 06:57:26 620,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:57:27 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-21 06:43:36 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:43:36 670,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:30:24 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:30:24 670,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-16 17:47:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 05:43:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:02:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:02:34 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:02:27 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:02:28 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:02:34 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:02:27 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-19 22:55:31 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-04-14 15:52:45 272,768 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-02-16 09:02:34 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:02:27 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:02:34 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:02:28 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:02:28 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:02:29 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:02:29 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:02:34 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:02:35 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:02:38 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:02:40 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-19 22:55:31 274,944 ------w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
- 2008-02-16 09:02:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:02:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:02:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:02:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:02:35 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:02:28 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:02:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:02:29 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:02:35 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:02:29 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:02:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:02:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:32:38 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:02:34 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:02:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:02:34 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:02:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:02:34 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:02:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:02:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:02:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:02:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
- 2008-02-16 09:02:38 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:02:37 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:02:38 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-10 12:10:04 15,664 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:02:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:02:39 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:02:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 23:03:14 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 11:03:45 370,176 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
"CHotkey"="mHotkey.exe" [2003-06-27 15:39 506368 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-06-27 09:36 5798912 C:\WINDOWS\CNYHKey.exe]
"Cmaudio"="cmicnfg.cpl" [2003-10-14 18:31 2269184 C:\WINDOWS\CMICNFG.CPL]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-28 16:37 394240]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 11:02 860672]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-06-29 00:01 2512128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-26 17:30 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-17 16:38 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Morpheus.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEAN^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\JEAN\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
C:\Program Files\DynDNS Updater\DynDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2001-03-26 06:35 429568 C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-10 18:49 50688 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2003-06-18 12:00 204800 C:\Program Files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2003-06-24 15:23 61440 C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-17 16:38 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 04:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weflirt]
--a------ 2007-10-12 17:39 6574080 C:\Program Files\Weflirt\weflirt.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\blatt72\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13660:TCP"= 13660:TCP:BitComet 13660 TCP
"13660:UDP"= 13660:UDP:BitComet 13660 UDP
"8332:TCP"= 8332:TCP:BitComet 8332 TCP
"8332:UDP"= 8332:UDP:BitComet 8332 UDP

R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 16:29]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 08:04]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 08:47]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 16:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 16:41]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 16:06]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 12:43]
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2003-08-07 16:36]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 07:44:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-17 7:54:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 05:54:16
ComboFix2.txt 2008-06-16 17:58:11

Pre-Run: 32,129,511,424 octets libres
Post-Run: 32,113,401,856 octets libres

408 --- E O F --- 2008-06-17 05:39:58
0
Réponse 33 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
17 juin 2008 à 08:02
Deckard's System Scanner v20071014.68
Run by JEAN on 2008-06-17 07:58:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-17 07:58:02
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JEAN\Bureau\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37899.1981365741
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe

0
Réponse 34 / 40
Utilisateur anonyme
17 juin 2008 à 10:38
Re ,

Hijackthis ce trouve ici : C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Renomme le stp.

Au final tu dois avoir ceci : C:\Program Files\Trend Micro\HijackThis\HJT.exe

ok ? :)

*****************************************************

→ Relance hijackthis , en menu principal choisis ' Do a system scan only' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )

R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)






Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.

→ clique sur ' fixchecked '

****************************************************

→ Télécharge clean : http://www.malekal.com/download/clean.zip

→ Dézippe-le ( clique droit , extraire tout)

→ Lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.


Tutorial : http://bibou0007.com/outils-specifiques-f78/tuto-clean-t1007.htm

****************************************************


a++
0
Réponse 35 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
17 juin 2008 à 11:38
il y a un probleme parce que a C:\Program Files\Trend Micro apres je n'ai plus de fichier !
0
Réponse 36 / 40
Utilisateur anonyme
17 juin 2008 à 12:04
Re ,

Télécharge TrendMicro™ HijackThis™
Laisse le s'installer dans son repertoire par défaut.

A+++
0
Réponse 37 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
17 juin 2008 à 16:34
Je n'ai trouver que sa dans C/rapport_clean.txt

mar. 17/06/2008 a 16:22:29,92

*** Recherche des fichiers dans C:
C:\StubInstaller.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
0
Réponse 38 / 40
Utilisateur anonyme
17 juin 2008 à 17:43
Re ,

C'est le bon.

→ Redémarre en MSE

Autre tutorials pour MSE:

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Re-lance clean -> Choisis l'option 2

---Clean va travailler.---

→ Un rapport Va etre généré , poste le moi ;)

( Le rapport est aussi sauvegardé dans C:\Rapport_clean.txt )

*************

+ un nouveau rapport Hijackthis en mode normal .

A+
0
Réponse 39 / 40
virtual.be Messages postés 63 Date d'inscription jeudi 1 novembre 2007 Statut Membre Dernière intervention 14 octobre 2008
19 juin 2008 à 15:25
Et voila, desolé pour le retard !

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec jeu. 19/06/2008 a 15:01:47,06

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:
tentative de suppression de C:\StubInstaller.exe

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
Réponse 40 / 40
Utilisateur anonyme
22 juin 2008 à 12:37
Re !

reposte un rapport Hijackthis stp

A+
0

Discussions similaires

L'antivirus ESET NOD32 bloque UPTOBOX ( HTML/ScrInject.B ).
Logan -
Snoopyx -

10 réponses
Présence ou non de cheval de troie ?
hunter55 -
Malekal_morte- -

14 réponses
windows defender cheval de troie
dplonguet -
Faarid.31 -

3 réponses
Cheval de Troie et ordi bloqué!!!
Bouillouck -
Speed-Air -

3 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses