Infecter aider moi svp
Résolu
rokseb
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,je suis infecter par des spyware et des trogens aider moi s.v.p.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 095437, on 2008-06-25
Platform Windows XP SP2 (WinNT 5.01.2600)
MSIE Internet Explorer v7.00 (7.00.6000.16674)
Boot mode Normal
Running processes
CWINDOWSSystem32smss.exe
CWINDOWSsystem32winlogon.exe
CWINDOWSsystem32services.exe
CWINDOWSsystem32lsass.exe
CWINDOWSsystem32svchost.exe
CWINDOWSSystem32svchost.exe
CWINDOWSsystem32spoolsv.exe
CWINDOWSsystem32iftuyszv.exe
CWINDOWSExplorer.EXE
CProgram FilesULi5287ULi5287.exe
CProgram FilesAnalog DevicesCoresmax4pnp.exe
CProgram FilesAnalog DevicesSoundMAXSmax4.exe
CProgram FilesMcAfee.comAgentmcagent.exe
CProgram FilesJavajre1.6.0_06binjusched.exe
CWINDOWSsystem32RUNDLL32.EXE
CWINDOWSsystem32rundll32.exe
CWINDOWSsystem32ctfmon.exe
CProgram FilesGoogleGoogle UpdaterGoogleUpdater.exe
CProgram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
CPROGRA~1McAfeeMSCmcmscsvc.exe
cPROGRA~1FICHIE~1mcafeemnamcnasvc.exe
cPROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
CPROGRA~1McAfeeVIRUSS~1mcshield.exe
CProgram FilesMcAfeeMPFMPFSrv.exe
CWINDOWS444.471
CProgram FilesNVIDIA CorporationnTunenTuneService.exe
CWINDOWSsystem32nvsvc32.exe
CProgram FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe
CWINDOWSsystem32wscntfy.exe
CWINDOWSsystem32wbemwmiapsrv.exe
CPROGRA~1McAfeeVIRUSS~1mcsysmon.exe
CProgram FilesMalwarebytes' Anti-Malwarembam.exe
CProgram FilesFichiers communsMicrosoft SharedWindows LiveWLLoginProxy.exe
CProgram FilesInternet Exploreriexplore.exe
Dsupprimeur de virusHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = httprunonce.msn.comv=msgrv75
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = httpgo.microsoft.comfwlinkLinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = httpgo.microsoft.comfwlinkLinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = httpgo.microsoft.comfwlinkLinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = httpgo.microsoft.comfwlinkLinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
F2 - REGsystem.ini UserInit=CWINDOWSsystem32userinit.exe,CWINDOWSsystem32iftuyszv.exe,
O2 - BHO (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO (no name) - {00E6EBAE-FF51-477A-A6C5-D046EA3C338A} - CWINDOWSsystem32fccyaAPi.dll
O2 - BHO AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CProgram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - CWINDOWSsystem32opnliIAq.dll
O2 - BHO (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre1.6.0_06binssv.dll
O2 - BHO (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - CProgram FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - CProgram FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - cprogram filesgooglegoogletoolbar1.dll
O2 - BHO Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - CProgram FilesGoogleGoogleToolbarNotifier2.1.1119.1736swg.dll
O2 - BHO (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - cprogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run [ULiRaid] CProgram FilesULi5287ULi5287.exe
O4 - HKLM..Run [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run [SoundMAXPnP] CProgram FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run [SoundMAX] CProgram FilesAnalog DevicesSoundMAXSmax4.exe tray
O4 - HKLM..Run [mcagent_exe] CProgram FilesMcAfee.comAgentmcagent.exe runkey
O4 - HKLM..Run [SunJavaUpdateSched] CProgram FilesJavajre1.6.0_06binjusched.exe
O4 - HKLM..Run [NeroFilterCheck] CWINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run [NvCplDaemon] RUNDLL32.EXE CWINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run [nwiz] nwiz.exe install
O4 - HKLM..Run [NvMediaCenter] RUNDLL32.EXE CWINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run [cc333533] rundll32.exe CWINDOWSsystem32wmhellcg.dll,b
O4 - HKCU..Run [swg] CProgram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run [ctfmon.exe] CWINDOWSsystem32ctfmon.exe
O4 - HKCU..Run [NVIDIA nTune] CProgram FilesNVIDIA CorporationnTunenTuneCmd.exe boot CDocuments and SettingssilenceBureaugraphics speedosbootpf.nsu
O4 - HKUSS-1-5-19..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-18..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup Outil de mise à jour Google.lnk = CProgram FilesGoogleGoogle UpdaterGoogleUpdater.exe
O9 - Extra button (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.6.0_06binssv.dll
O9 - Extra 'Tools' menuitem Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.6.0_06binssv.dll
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O16 - DPF {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - httpwww.nvidia.comcontentDriverDownloadsrl2.0.0.1sysreqlab2.cab
O16 - DPF {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - httpfpdownload2.macromedia.comgetshockwavecabsflashswflash.cab
O20 - Winlogon Notify opnliIAq - CWINDOWSSYSTEM32opnliIAq.dll
O21 - SSODL kbkzgbml - {40e47d71-a4a7-41e6-9d33-8dc7c0c3bd7a} - CDocuments and SettingsAll UsersApplication Datakbkzgbml.dll
O23 - Service Google Updater Service (gusvc) - Google - CProgram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service McAfee Services (mcmscsvc) - McAfee, Inc. - CPROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service McAfee Network Agent (McNASvc) - McAfee, Inc. - cPROGRA~1FICHIE~1mcafeemnamcnasvc.exe
O23 - Service McAfee Scanner (McODS) - McAfee, Inc. - CPROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service McAfee Proxy Service (McProxy) - McAfee, Inc. - cPROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
O23 - Service McAfee Real-time Scanner (McShield) - McAfee, Inc. - CPROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service McAfee SystemGuards (McSysmon) - McAfee, Inc. - CPROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - CProgram FilesMcAfeeMPFMPFSrv.exe
O23 - Service MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - CWINDOWS444.471.exe (file missing)
O23 - Service Performance Service (nTuneService) - NVIDIA - CProgram FilesNVIDIA CorporationnTunenTuneService.exe
O23 - Service NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - CWINDOWSsystem32nvsvc32.exe
O23 - Service Update Center Service (UpdateCenterService) - NVIDIA - CProgram FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 095437, on 2008-06-25
Platform Windows XP SP2 (WinNT 5.01.2600)
MSIE Internet Explorer v7.00 (7.00.6000.16674)
Boot mode Normal
Running processes
CWINDOWSSystem32smss.exe
CWINDOWSsystem32winlogon.exe
CWINDOWSsystem32services.exe
CWINDOWSsystem32lsass.exe
CWINDOWSsystem32svchost.exe
CWINDOWSSystem32svchost.exe
CWINDOWSsystem32spoolsv.exe
CWINDOWSsystem32iftuyszv.exe
CWINDOWSExplorer.EXE
CProgram FilesULi5287ULi5287.exe
CProgram FilesAnalog DevicesCoresmax4pnp.exe
CProgram FilesAnalog DevicesSoundMAXSmax4.exe
CProgram FilesMcAfee.comAgentmcagent.exe
CProgram FilesJavajre1.6.0_06binjusched.exe
CWINDOWSsystem32RUNDLL32.EXE
CWINDOWSsystem32rundll32.exe
CWINDOWSsystem32ctfmon.exe
CProgram FilesGoogleGoogle UpdaterGoogleUpdater.exe
CProgram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
CPROGRA~1McAfeeMSCmcmscsvc.exe
cPROGRA~1FICHIE~1mcafeemnamcnasvc.exe
cPROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
CPROGRA~1McAfeeVIRUSS~1mcshield.exe
CProgram FilesMcAfeeMPFMPFSrv.exe
CWINDOWS444.471
CProgram FilesNVIDIA CorporationnTunenTuneService.exe
CWINDOWSsystem32nvsvc32.exe
CProgram FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe
CWINDOWSsystem32wscntfy.exe
CWINDOWSsystem32wbemwmiapsrv.exe
CPROGRA~1McAfeeVIRUSS~1mcsysmon.exe
CProgram FilesMalwarebytes' Anti-Malwarembam.exe
CProgram FilesFichiers communsMicrosoft SharedWindows LiveWLLoginProxy.exe
CProgram FilesInternet Exploreriexplore.exe
Dsupprimeur de virusHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = httprunonce.msn.comv=msgrv75
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = httpgo.microsoft.comfwlinkLinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = httpgo.microsoft.comfwlinkLinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = httpgo.microsoft.comfwlinkLinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = httpgo.microsoft.comfwlinkLinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
F2 - REGsystem.ini UserInit=CWINDOWSsystem32userinit.exe,CWINDOWSsystem32iftuyszv.exe,
O2 - BHO (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO (no name) - {00E6EBAE-FF51-477A-A6C5-D046EA3C338A} - CWINDOWSsystem32fccyaAPi.dll
O2 - BHO AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CProgram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - CWINDOWSsystem32opnliIAq.dll
O2 - BHO (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre1.6.0_06binssv.dll
O2 - BHO (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - CProgram FilesMcAfeeVirusScanscriptsn.dll
O2 - BHO (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - CProgram FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - cprogram filesgooglegoogletoolbar1.dll
O2 - BHO Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - CProgram FilesGoogleGoogleToolbarNotifier2.1.1119.1736swg.dll
O2 - BHO (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - cprogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run [ULiRaid] CProgram FilesULi5287ULi5287.exe
O4 - HKLM..Run [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run [SoundMAXPnP] CProgram FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run [SoundMAX] CProgram FilesAnalog DevicesSoundMAXSmax4.exe tray
O4 - HKLM..Run [mcagent_exe] CProgram FilesMcAfee.comAgentmcagent.exe runkey
O4 - HKLM..Run [SunJavaUpdateSched] CProgram FilesJavajre1.6.0_06binjusched.exe
O4 - HKLM..Run [NeroFilterCheck] CWINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run [NvCplDaemon] RUNDLL32.EXE CWINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run [nwiz] nwiz.exe install
O4 - HKLM..Run [NvMediaCenter] RUNDLL32.EXE CWINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run [cc333533] rundll32.exe CWINDOWSsystem32wmhellcg.dll,b
O4 - HKCU..Run [swg] CProgram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run [ctfmon.exe] CWINDOWSsystem32ctfmon.exe
O4 - HKCU..Run [NVIDIA nTune] CProgram FilesNVIDIA CorporationnTunenTuneCmd.exe boot CDocuments and SettingssilenceBureaugraphics speedosbootpf.nsu
O4 - HKUSS-1-5-19..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-18..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run [CTFMON.EXE] CWINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup Outil de mise à jour Google.lnk = CProgram FilesGoogleGoogle UpdaterGoogleUpdater.exe
O9 - Extra button (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.6.0_06binssv.dll
O9 - Extra 'Tools' menuitem Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - CProgram FilesJavajre1.6.0_06binssv.dll
O9 - Extra button Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - CProgram FilesMessengermsmsgs.exe
O16 - DPF {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - httpwww.nvidia.comcontentDriverDownloadsrl2.0.0.1sysreqlab2.cab
O16 - DPF {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - httpfpdownload2.macromedia.comgetshockwavecabsflashswflash.cab
O20 - Winlogon Notify opnliIAq - CWINDOWSSYSTEM32opnliIAq.dll
O21 - SSODL kbkzgbml - {40e47d71-a4a7-41e6-9d33-8dc7c0c3bd7a} - CDocuments and SettingsAll UsersApplication Datakbkzgbml.dll
O23 - Service Google Updater Service (gusvc) - Google - CProgram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service McAfee Services (mcmscsvc) - McAfee, Inc. - CPROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service McAfee Network Agent (McNASvc) - McAfee, Inc. - cPROGRA~1FICHIE~1mcafeemnamcnasvc.exe
O23 - Service McAfee Scanner (McODS) - McAfee, Inc. - CPROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service McAfee Proxy Service (McProxy) - McAfee, Inc. - cPROGRA~1FICHIE~1mcafeemcproxymcproxy.exe
O23 - Service McAfee Real-time Scanner (McShield) - McAfee, Inc. - CPROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service McAfee SystemGuards (McSysmon) - McAfee, Inc. - CPROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - CProgram FilesMcAfeeMPFMPFSrv.exe
O23 - Service MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - CWINDOWS444.471.exe (file missing)
O23 - Service Performance Service (nTuneService) - NVIDIA - CProgram FilesNVIDIA CorporationnTunenTuneService.exe
O23 - Service NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - CWINDOWSsystem32nvsvc32.exe
O23 - Service Update Center Service (UpdateCenterService) - NVIDIA - CProgram FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe
7 réponses
Salut,
T'es infecté par Vundo, le plus simple, c'est d'utiliser ComboFix mais l'outil étant très puissant, une mauvaise utilisation pourrait causer des dommages à ta machine.
- Télécharge ComboFix.exe (de sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Enregistre ce fichier sur le bureau
- Redémarre en mode sans échec :
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
- Double-clique sur ComboFix.exe, tape 1, valide par Entrée pour lancer le scan
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/Colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
* Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"
** N'en tiens pas compte, continue la procédure.
T'es infecté par Vundo, le plus simple, c'est d'utiliser ComboFix mais l'outil étant très puissant, une mauvaise utilisation pourrait causer des dommages à ta machine.
- Télécharge ComboFix.exe (de sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Enregistre ce fichier sur le bureau
- Redémarre en mode sans échec :
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
- Double-clique sur ComboFix.exe, tape 1, valide par Entrée pour lancer le scan
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/Colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
* Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"
** N'en tiens pas compte, continue la procédure.
Exactement destrio5 =)
Merci du coup de main :P
Veuillez mettre le probleme résolù svp mr ...
---> ????????
Merci du coup de main :P
Veuillez mettre le probleme résolù svp mr ...
---> ????????
voici le rapport,
ComboFix 08-06-20.4 - silence 2008-06-25 101903.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 200]
Endroit CDocuments and SettingssilenceBureauComboFix.exe
Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![b][color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
CWINDOWSaccesss.exe
CWINDOWSastctl32.ocx
CWINDOWSavpcc.dll
CWINDOWSclrssn.exe
CWINDOWScpan.dll
CWINDOWSctfmon32.exe
CWINDOWSctrlpan.dll
CWINDOWSdefault.htm
CWINDOWSdirectx32.exe
CWINDOWSdnsrelay.dll
CWINDOWSeditpad.exe
CWINDOWSexplore.exe
CWINDOWSexplorer32.exe
CWINDOWSfunniest.exe
CWINDOWSfunny.exe
CWINDOWSgfmnaaa.dll
CWINDOWShelpcvs.exe
CWINDOWSiedll.exe
CWINDOWSiexplorer.exe
CWINDOWSinetinf.exe
CWINDOWSinternet.exe
CWINDOWSloader.exe
CWINDOWSmsconfd.dll
CWINDOWSmsspi.dll
CWINDOWSmssys.exe
CWINDOWSmsupdate.exe
CWINDOWSmswsc10.dll
CWINDOWSmswsc20.dll
CWINDOWSmtwirl32.dll
CWINDOWSnotepad32.exe
CWINDOWSolehelp.exe
CWINDOWSqttasks.exe
CWINDOWSquicken.exe
CWINDOWSrundll16.exe
CWINDOWSrundll32.vbe
CWINDOWSsearchword.dll
CWINDOWSsistem.exe
CWINDOWSsvchost32.exe
CWINDOWSsvcinit.exe
CWINDOWSsysteem.exe
CWINDOWSsystemcritical.exe
CWINDOWStime.exe
CWINDOWSusers32.exe
CWINDOWSwaol.exe
CWINDOWSwin32e.exe
CWINDOWSwin64.exe
CWINDOWSwinajbm.dll
CWINDOWSwindow.exe
CWINDOWSwinmgnt.exe
CWINDOWSx.exe
CWINDOWSxplugin.dll
CWINDOWSxxxvideo.hta
CWINDOWSy.exe
.
((((((((((((((((((((((((((((((((((((((( DriversServices )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------Legacy_MSSECURITY1.209.4
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))
.
2008-06-25 1016 . 2008-06-25 1022 354 ---hs---- CWINDOWSsystem32gcllehmw.ini
2008-06-25 1002 . 2008-06-23 2334 82,432 --a------ CWINDOWSsystem32IEDFix.C.exe
2008-06-25 1002 . 2008-06-25 1002 2,186 --a------ CWINDOWSsystem32tmp.reg
2008-06-25 0959 . 2007-09-06 0022 289,144 --a------ CWINDOWSsystem32VCCLSID.exe
2008-06-25 0959 . 2006-04-27 1749 288,417 --a------ CWINDOWSsystem32SrchSTS.exe
2008-06-25 0959 . 2008-05-29 0935 86,528 --a------ CWINDOWSsystem32VACFix.exe
2008-06-25 0959 . 2008-05-18 2140 82,944 --a------ CWINDOWSsystem32IEDFix.exe
2008-06-25 0959 . 2008-05-18 2140 82,944 --a------ CWINDOWSsystem32404Fix.exe
2008-06-25 0959 . 2003-06-05 2113 53,248 --a------ CWINDOWSsystem32Process.exe
2008-06-25 0959 . 2004-07-31 1850 51,200 --a------ CWINDOWSsystem32dumphive.exe
2008-06-25 0959 . 2007-10-04 0036 25,600 --a------ CWINDOWSsystem32WS2Fix.exe
2008-06-25 0949 . 2007-01-18 1400 3,968 --a------ CWINDOWSsystem32driversAvgArCln.sys
2008-06-25 0946 . 2008-06-25 0953 REP d-------- CProgram FilesNavilog1
2008-06-25 0939 . 2008-06-25 0945 REP d-------- CProgram FilesMalwarebytes' Anti-Malware
2008-06-25 0939 . 2008-06-25 0939 REP d-------- CDocuments and SettingssilenceApplication DataMalwarebytes
2008-06-25 0939 . 2008-06-25 0939 REP d-------- CDocuments and SettingsAll UsersApplication DataMalwarebytes
2008-06-25 0939 . 2008-06-19 1748 34,296 --a------ CWINDOWSsystem32driversmbamcatchme.sys
2008-06-25 0939 . 2008-06-19 1747 17,144 --a------ CWINDOWSsystem32driversmbam.sys
2008-06-25 0931 . 2008-06-25 0931 REP d-------- CProgram FilesMSXML 4.0
2008-06-25 0921 . 2008-06-25 0921 114,688 --a------ CDocuments and SettingsAll UsersApplication Datakbkzgbml.dll
2008-06-25 0920 . 2008-06-25 0920 REP dr------- CDocuments and SettingsLocalServiceFavoris
2008-06-25 0920 . 2008-06-25 0920 88,537 --a------ CWINDOWSsystem32iftuyszv.exe
2008-06-25 0907 . 2008-06-25 0907 81,920 --a------ CWINDOWSsystem32wmhellcg.dll
2008-06-25 0730 . 2008-06-25 0738 REP d-------- CProgram FilesuTorrent
2008-06-25 0729 . 2008-06-25 0923 REP d-------- CDocuments and SettingssilenceApplication DatauTorrent
2008-06-24 1858 . 2008-06-24 1858 REP d-------- CDocuments and SettingsAll UsersApplication DatanView_Profiles
2008-06-24 1852 . 2008-04-30 1727 442,368 --a------ CWINDOWSsystem32NVUNINST.EXE
2008-06-24 1646 . 2008-06-24 1646 REP d-------- CProgram FilesVideoLAN
2008-06-24 1606 . 2008-06-24 1609 REP d-------- CWINDOWSNV25723296.TMP
2008-06-24 1549 . 2008-06-24 1549 REP d-------- CProgram FilesASUS
2008-06-24 1528 . 2008-06-24 1651 23,392 --a------ CWINDOWSsystem32nscompat.tlb
2008-06-24 1528 . 2008-06-24 1651 16,832 --a------ CWINDOWSsystem32amcompat.tlb
2008-06-24 1226 . 2008-06-24 1226 REP d-------- CProgram FilesAquaMark3
2008-06-24 1226 . 1999-10-21 1112 20,400 --a------ CWINDOWSsystem32driversentech.sys
2008-06-23 1025 . 2008-06-23 1027 REP d-------- CWINDOWSNV2196668.TMP
2008-06-22 1440 . 2008-06-22 1440 REP d-------- CDocuments and SettingssilenceApplication DataAhead
2008-06-22 1429 . 2008-06-22 1431 REP d-------- CProgram FilesNVIDIA Corporation
2008-06-22 1424 . 2008-06-22 1424 REP d-------- CProgram FilesSystemRequirementsLab
2008-06-22 1424 . 2008-06-22 1424 664 --a------ CWINDOWSsystem32d3d9caps.dat
2008-06-22 1424 . 2008-06-22 1424 552 --a------ CWINDOWSsystem32d3d8caps.dat
2008-06-22 1421 . 2008-06-22 1421 REP d-------- CProgram FilesFichiers communsAdobe
2008-06-22 1421 . 2008-06-22 1421 REP d-------- CDocuments and SettingssilenceApplication DataAdobeUM
2008-06-22 1405 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSTHEWILL.BMP
2008-06-22 1405 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSCORLANMCD.BMP
2008-06-22 1404 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSCIPHER.BMP
2008-06-22 1403 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSVITELIO.BMP
2008-06-22 1403 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSFENDERLTD.BMP
2008-06-22 1402 . 2008-06-22 1402 REP d-------- CWINDOWSCache
2008-06-21 1922 . 2008-06-25 0854 REP d-------- CDocuments and SettingssilenceShared
2008-06-21 1922 . 2008-06-24 1116 REP d-------- CDocuments and SettingssilenceIncomplete
2008-06-21 1919 . 2008-06-23 1552 REP d-------- CDocuments and SettingssilenceApplication DataFrostWire
2008-06-21 1918 . 2008-06-24 1124 REP d-------- CDocuments and SettingssilenceApplication DataLimeWire
2008-06-21 1800 . 2008-06-25 0914 116 --a------ CWINDOWSNeroDigital.ini
2008-06-21 1617 . 2001-07-09 1150 155,648 --a------ CWINDOWSsystem32NeroCheck.exe
2008-06-21 1615 . 2008-06-21 1615 REP d-------- CProgram FilesFichiers communsNero
2008-06-21 1614 . 2005-06-17 1808 2,932,736 --------- CWINDOWSUNNeroVision.exe
2008-06-21 1614 . 2005-07-20 1045 177,511 --------- CWINDOWSUNNeroVision.cfg
2008-06-21 1614 . 2001-03-08 1930 24,064 --------- CWINDOWSsystem32msxml3a.dll
2008-06-21 1613 . 2008-06-21 1613 REP d-------- CProgram FilesFichiers communsAhead
2008-06-21 1613 . 2008-06-21 1617 REP d-------- CProgram FilesAhead
2008-06-21 1613 . 2008-06-21 1613 REP d-------- CDocuments and SettingsAll UsersApplication DataAhead
2008-06-21 1613 . 2004-07-26 1716 1,568,768 --------- CWINDOWSsystem32ImagX7.dll
2008-06-21 1613 . 2004-07-26 1716 476,320 --------- CWINDOWSsystem32ImagXpr7.dll
2008-06-21 1613 . 2004-07-26 1716 471,040 --------- CWINDOWSsystem32ImagXRA7.dll
2008-06-21 1613 . 2004-07-09 0943 364,544 --------- CWINDOWSsystem32TwnLib4.dll
2008-06-21 1613 . 2004-07-26 1716 262,144 --------- CWINDOWSsystem32ImagXR7.dll
2008-06-21 1613 . 2000-06-26 1145 106,496 --a------ CWINDOWSsystem32TwnLib20.dll
2008-06-21 1613 . 2001-06-26 0815 38,912 --------- CWINDOWSsystem32picn20.dll
2008-06-21 1438 . 2004-08-05 1400 221,184 --a------ CWINDOWSsystem32wmpns.dll
2008-06-21 1412 . 2008-04-23 0616 6,066,176 -----c--- CWINDOWSsystem32dllcacheieframe.dll
2008-06-21 1412 . 2007-04-17 1132 2,455,488 -----c--- CWINDOWSsystem32dllcacheieapfltr.dat
2008-06-21 1412 . 2007-03-08 0710 1,048,576 -----c--- CWINDOWSsystem32dllcacheieframe.dll.mui
2008-06-21 1412 . 2008-04-23 0616 459,264 -----c--- CWINDOWSsystem32dllcachemsfeeds.dll
2008-06-21 1412 . 2008-04-23 0616 383,488 -----c--- CWINDOWSsystem32dllcacheieapfltr.dll
2008-06-21 1412 . 2008-04-23 0616 267,776 -----c--- CWINDOWSsystem32dllcacheiertutil.dll
2008-06-21 1412 . 2008-04-23 0616 63,488 -----c--- CWINDOWSsystem32dllcacheicardie.dll
2008-06-21 1412 . 2008-04-23 0616 52,224 -----c--- CWINDOWSsystem32dllcachemsfeedsbs.dll
2008-06-21 1412 . 2008-04-22 0939 13,824 -----c--- CWINDOWSsystem32dllcacheieudinit.exe
2008-06-21 0916 . 2008-06-21 0916 REP dr-h----- CDocuments and SettingssilenceApplication DataSecuROM
2008-06-21 0858 . 2008-06-21 0858 REP d-------- CProgram FilesUbisoft
2008-06-21 0858 . 2008-06-21 0858 REP d-------- CDocuments and SettingssilenceApplication DataInstallShield
2008-06-21 0822 . 2008-06-21 0822 REP d-------- CProgram FilesDVDFab HD Decrypter 4
2008-06-21 0756 . 2008-06-25 1022 10,061 --a------ CWINDOWSsystem32Config.MPF
2008-06-21 0755 . 2008-06-21 0755 REP d-------- CProgram FilesIZArc
2008-06-21 0752 . 2008-06-21 0752 REP d-------- CProgram FilesFrostWire
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CWINDOWSSun
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CProgram FilesSun
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CProgram FilesDVD Shrink
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CDocuments and SettingsAll UsersApplication DataDVD Shrink
2008-06-21 0747 . 2008-06-21 0753 REP d-------- CProgram FilesJava
2008-06-21 0747 . 2008-06-21 0747 REP d-------- CProgram FilesFichiers communsJava
2008-06-21 0747 . 2008-03-25 0237 69,632 --a------ CWINDOWSsystem32javacpl.cpl
2008-06-21 0745 . 2008-06-21 0746 REP d-------- CProgram FilesLimeWire
2008-06-21 0741 . 2008-06-21 0741 REP d-------- CProgram FilesMcAfee.com
2008-06-21 0741 . 2008-06-21 0918 REP d-------- CProgram FilesMcAfee
2008-06-21 0741 . 2008-06-21 0741 REP d-------- CProgram FilesFichiers communsMcAfee
2008-06-21 0741 . 2008-06-21 0741 REP d-------- Cmcafee_mcpr
2008-06-21 0741 . 2007-11-22 0644 201,320 --a------ CWINDOWSsystem32driversmfehidk.sys
2008-06-21 0741 . 2007-07-13 0620 113,952 --a------ CWINDOWSsystem32driversMpfp.sys
2008-06-21 0741 . 2007-11-22 0644 79,304 --a------ CWINDOWSsystem32driversmfeavfk.sys
2008-06-21 0741 . 2007-12-02 1251 40,488 --a------ CWINDOWSsystem32driversmfesmfk.sys
2008-06-21 0741 . 2007-11-22 0644 35,240 --a------ CWINDOWSsystem32driversmfebopk.sys
2008-06-21 0741 . 2007-11-22 0644 33,832 --a------ CWINDOWSsystem32driversmferkdk.sys
2008-06-20 1939 . 2008-06-21 0916 107,888 --a------ CWINDOWSsystem32CmdLineExt.dll
2008-06-20 1918 . 2008-06-20 1918 REP d-------- CProgram FilesSierra
2008-06-20 1909 . 2008-06-20 1909 268 --ah----- Csqmdata00.sqm
2008-06-20 1909 . 2008-06-20 1909 244 --ah----- Csqmnoopt00.sqm
2008-06-20 1906 . 2008-06-20 1906 REP d-------- CWINDOWSsystem32LogFiles
2008-06-20 1906 . 2008-06-20 1906 REP d-------- CWINDOWSsystem32driversUMDF
2008-06-20 1906 . 2008-06-24 1651 REP d-------- CProgram FilesWindows Media Connect 2
2008-06-20 1906 . 2008-06-20 1906 REP d-------- Cd7b0fe6b25835451af483aa864d97ce2
2008-06-20 1751 . 2008-06-21 1441 REP d-------- CWINDOWSsystem32fr-fr
2008-06-20 1746 . 2008-06-20 1746 REP d----c--- CWINDOWSsystem32DRVSTORE
2008-06-20 1746 . 2008-06-20 1746 REP d-------- CProgram FilesMSN Messenger
2008-06-20 1743 . 2008-06-24 2343 REP d-------- CDocuments and SettingsAll UsersApplication DataGoogle Updater
2008-06-20 1742 . 2008-06-20 1743 REP d-------- CProgram FilesGoogle
2008-06-20 1736 . 2008-06-21 0756 REP d-------- CDocuments and SettingsAll UsersApplication DataMcAfee
2008-06-20 1732 . 2008-06-24 1859 8 --a------ CWINDOWSsystem32nvModes.dat
2008-06-20 1730 . 2008-06-24 1856 REP d-------- CWINDOWSnvidia icons
2008-06-20 1727 . 2008-06-22 1426 REP d-------- CNVIDIA
2008-06-20 1718 . 2008-06-14 1959 272,768 --------- CWINDOWSsystem32driversbthport.sys
2008-06-20 1718 . 2008-06-14 1959 272,768 -----c--- CWINDOWSsystem32dllcachebthport.sys
2008-06-20 1708 . 2008-06-21 1440 REP d--h----- CWINDOWS$hf_mig$
2008-06-20 1708 . 2008-06-20 1708 13,692 --a------ CWINDOWSsystem32wpa.bak
2008-06-20 1700 . 2005-04-27 0915 35,587 --------- CWINDOWSsystem32rmlan.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 1349 --------- d--h--w CProgram FilesInstallShield Installation Information
2008-06-20 1457 --------- d-----w CProgram FilesAnalog Devices
2008-06-20 1455 --------- d-----w CProgram FilesFichiers communsInstallShield
2008-06-20 1453 --------- d-----w CProgram FilesULi5287
2008-06-20 1444 --------- d-----w CProgram Filesmicrosoft frontpage
2008-06-20 1443 --------- d-----w CProgram FilesServices en ligne
2008-05-23 0911 36,640 ----a-w CWINDOWSnvflash.sys
2008-05-08 1228 202,752 ----a-w CWINDOWSsystem32driversrmcast.sys
2008-05-07 0515 1,293,824 ----a-w CWINDOWSsystem32quartz.dll
2008-04-23 0416 826,368 ----a-w CWINDOWSsystem32wininet.dll
2008-03-25 0451 621,344 ----a-w CWINDOWSsystem32mswstr10.dll
2008-03-25 0451 194,144 ----a-w CWINDOWSsystem32msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-25_10.17.32.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 081554 2,048 --s-a-w CWINDOWSbootstat.dat
+ 2008-06-25 082144 2,048 --s-a-w CWINDOWSbootstat.dat
- 2008-06-25 081656 16,384 --sha-w CWINDOWSTempCookiesindex.dat
+ 2008-06-25 082230 16,384 --sha-w CWINDOWSTempCookiesindex.dat
- 2008-06-25 081656 32,768 --sha-w CWINDOWSTempFichiers Internet temporairesContent.IE5index.dat
+ 2008-06-25 082230 32,768 --sha-w CWINDOWSTempFichiers Internet temporairesContent.IE5index.dat
- 2008-06-25 081656 16,384 --sha-w CWINDOWSTempHistoryHistory.IE5index.dat
+ 2008-06-25 082230 16,384 --sha-w CWINDOWSTempHistoryHistory.IE5index.dat
+ 2008-06-25 082232 16,384 ----atw CWINDOWSTempPerflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
swg=CProgram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-06-20 1843 68856]
ctfmon.exe=CWINDOWSsystem32ctfmon.exe [2004-08-05 1400 15360]
NVIDIA nTune=CProgram FilesNVIDIA CorporationnTunenTuneCmd.exe [2008-06-06 1225 114688]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
ULiRaid=CProgram FilesULi5287ULi5287.exe [2005-08-23 2059 409600]
High Definition Audio Property Page Shortcut=HDAShCut.exe [2004-10-27 1521 61952 CWINDOWSsystem32HdAShCut.exe]
SoundMAXPnP=CProgram FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 0311 925696]
mcagent_exe=CProgram FilesMcAfee.comAgentmcagent.exe [2007-11-01 1912 582992]
SunJavaUpdateSched=CProgram FilesJavajre1.6.0_06binjusched.exe [2008-03-25 0428 144784]
NeroFilterCheck=CWINDOWSsystem32NeroCheck.exe [2001-07-09 1150 155648]
NvCplDaemon=CWINDOWSsystem32NvCpl.dll [2008-05-03 0546 13529088]
nwiz=nwiz.exe [2008-05-03 0546 1630208 CWINDOWSsystem32nwiz.exe]
NvMediaCenter=CWINDOWSsystem32NvMcTray.dll [2008-05-03 0546 86016]
cc333533=CWINDOWSsystem32wmhellcg.dll [2008-06-25 0907 81920]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
CTFMON.EXE=CWINDOWSsystem32CTFMON.EXE [2004-08-05 1400 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
DisableTaskMgr= 1 (0x1)
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
DisableTaskMgr= 1 (0x1)
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
kbkzgbml= {40e47d71-a4a7-41e6-9d33-8dc7c0c3bd7a} - CDocuments and SettingsAll UsersApplication Datakbkzgbml.dll [2008-06-25 0921 114688]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
Userinit=CWINDOWSsystem32userinit.exe,CWINDOWSsystem32iftuyszv.exe,
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
AntiVirusDisableNotify=dword00000001
AntiVirusOverride=dword00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
DisableMonitoring=dword00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
DisableMonitoring=dword00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
EnableFirewall= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
%windir%system32sessmgr.exe=
CProgram FilesMSN Messengermsnmsgr.exe=
CProgram FilesMSN Messengerlivecall.exe=
CProgram FilesSierraFEARCombatFEARMP.exe=
CProgram FilesFichiers communsMcAfeeMNAMcNASvc.exe=
CProgram FilesUbisoftTom Clancy's Rainbow Six VegasBinariesR6Vegas_Game.exe=
CProgram FilesUbisoftTom Clancy's Rainbow Six VegasBinariesR6Vegas_Launcher.exe=
CProgram FilesFrostWireFrostWire.exe=
CProgram FilesuTorrentuTorrent.exe=
R0 m5287;m5287;CWINDOWSsystem32driversm5287.sys [2005-08-19 1018]
R2 NVR0FLASHDev;NVR0FLASHDev;CWINDOWSnvflash.sys [2008-05-23 1111]
R2 UpdateCenterService;Update Center Service;CProgram FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe [2008-05-23 1114]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;CWINDOWSsystem32DRIVERSULILAN51.SYS [2005-03-22 2036]
S3 MBAMCatchMe;MBAMCatchMe;CWINDOWSsystem32driversmbamcatchme.sys [2008-06-19 1748]
.
Contenu du dossier 'Scheduled TasksTƒches planifi‚es'
2008-06-21 054115 CWINDOWSTasksMcDefragTask.job
- cPROGRA~1mcafeemqcQcConsol.exe'
2008-06-21 054114 CWINDOWSTasksMcQcTask.job
- cPROGRA~1mcafeemqcQcConsol.exe
.
catchme 0.3.1361 W2KXPVista - rootkitstealth malware detector by Gmer, httpwww.gmer.net
Rootkit scan 2008-06-25 102156
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s 0
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS CWINDOWSexplorer.exe
- CWINDOWSsystem32wmhellcg.dll
.
------------------------ Other Running Processes ------------------------
.
CWINDOWSsystem32iftuyszv.exe
CWINDOWSsystem32rundll32.exe
CWINDOWSsystem32rundll32.exe
CProgram FilesGoogleGoogle UpdaterGoogleUpdater.exe
CProgram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
CPROGRA~1McAfeeMSCmcmscsvc.exe
CPROGRA~1FICHIE~1McAfeeMNAMcNASvc.exe
CPROGRA~1FICHIE~1McAfeeMcProxyMcProxy.exe
CPROGRA~1McAfeeVIRUSS~1Mcshield.exe
CProgram FilesMcAfeeMPFMpfSrv.exe
CProgram FilesNVIDIA CorporationnTunenTuneService.exe
CWINDOWSsystem32nvsvc32.exe
CWINDOWSsystem32wbemwmiapsrv.exe
.
.
Temps d'accomplissement 2008-06-25 102321 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-25 082318
ComboFix2.txt 2008-06-25 081751
Pre-Run 7,164,334,080 octets libres
Post-Run 7,165,796,352 octets libres
319 --- E O F --- 2008-06-24 170408
ComboFix 08-06-20.4 - silence 2008-06-25 101903.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 200]
Endroit CDocuments and SettingssilenceBureauComboFix.exe
Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![b][color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
CWINDOWSaccesss.exe
CWINDOWSastctl32.ocx
CWINDOWSavpcc.dll
CWINDOWSclrssn.exe
CWINDOWScpan.dll
CWINDOWSctfmon32.exe
CWINDOWSctrlpan.dll
CWINDOWSdefault.htm
CWINDOWSdirectx32.exe
CWINDOWSdnsrelay.dll
CWINDOWSeditpad.exe
CWINDOWSexplore.exe
CWINDOWSexplorer32.exe
CWINDOWSfunniest.exe
CWINDOWSfunny.exe
CWINDOWSgfmnaaa.dll
CWINDOWShelpcvs.exe
CWINDOWSiedll.exe
CWINDOWSiexplorer.exe
CWINDOWSinetinf.exe
CWINDOWSinternet.exe
CWINDOWSloader.exe
CWINDOWSmsconfd.dll
CWINDOWSmsspi.dll
CWINDOWSmssys.exe
CWINDOWSmsupdate.exe
CWINDOWSmswsc10.dll
CWINDOWSmswsc20.dll
CWINDOWSmtwirl32.dll
CWINDOWSnotepad32.exe
CWINDOWSolehelp.exe
CWINDOWSqttasks.exe
CWINDOWSquicken.exe
CWINDOWSrundll16.exe
CWINDOWSrundll32.vbe
CWINDOWSsearchword.dll
CWINDOWSsistem.exe
CWINDOWSsvchost32.exe
CWINDOWSsvcinit.exe
CWINDOWSsysteem.exe
CWINDOWSsystemcritical.exe
CWINDOWStime.exe
CWINDOWSusers32.exe
CWINDOWSwaol.exe
CWINDOWSwin32e.exe
CWINDOWSwin64.exe
CWINDOWSwinajbm.dll
CWINDOWSwindow.exe
CWINDOWSwinmgnt.exe
CWINDOWSx.exe
CWINDOWSxplugin.dll
CWINDOWSxxxvideo.hta
CWINDOWSy.exe
.
((((((((((((((((((((((((((((((((((((((( DriversServices )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------Legacy_MSSECURITY1.209.4
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))
.
2008-06-25 1016 . 2008-06-25 1022 354 ---hs---- CWINDOWSsystem32gcllehmw.ini
2008-06-25 1002 . 2008-06-23 2334 82,432 --a------ CWINDOWSsystem32IEDFix.C.exe
2008-06-25 1002 . 2008-06-25 1002 2,186 --a------ CWINDOWSsystem32tmp.reg
2008-06-25 0959 . 2007-09-06 0022 289,144 --a------ CWINDOWSsystem32VCCLSID.exe
2008-06-25 0959 . 2006-04-27 1749 288,417 --a------ CWINDOWSsystem32SrchSTS.exe
2008-06-25 0959 . 2008-05-29 0935 86,528 --a------ CWINDOWSsystem32VACFix.exe
2008-06-25 0959 . 2008-05-18 2140 82,944 --a------ CWINDOWSsystem32IEDFix.exe
2008-06-25 0959 . 2008-05-18 2140 82,944 --a------ CWINDOWSsystem32404Fix.exe
2008-06-25 0959 . 2003-06-05 2113 53,248 --a------ CWINDOWSsystem32Process.exe
2008-06-25 0959 . 2004-07-31 1850 51,200 --a------ CWINDOWSsystem32dumphive.exe
2008-06-25 0959 . 2007-10-04 0036 25,600 --a------ CWINDOWSsystem32WS2Fix.exe
2008-06-25 0949 . 2007-01-18 1400 3,968 --a------ CWINDOWSsystem32driversAvgArCln.sys
2008-06-25 0946 . 2008-06-25 0953 REP d-------- CProgram FilesNavilog1
2008-06-25 0939 . 2008-06-25 0945 REP d-------- CProgram FilesMalwarebytes' Anti-Malware
2008-06-25 0939 . 2008-06-25 0939 REP d-------- CDocuments and SettingssilenceApplication DataMalwarebytes
2008-06-25 0939 . 2008-06-25 0939 REP d-------- CDocuments and SettingsAll UsersApplication DataMalwarebytes
2008-06-25 0939 . 2008-06-19 1748 34,296 --a------ CWINDOWSsystem32driversmbamcatchme.sys
2008-06-25 0939 . 2008-06-19 1747 17,144 --a------ CWINDOWSsystem32driversmbam.sys
2008-06-25 0931 . 2008-06-25 0931 REP d-------- CProgram FilesMSXML 4.0
2008-06-25 0921 . 2008-06-25 0921 114,688 --a------ CDocuments and SettingsAll UsersApplication Datakbkzgbml.dll
2008-06-25 0920 . 2008-06-25 0920 REP dr------- CDocuments and SettingsLocalServiceFavoris
2008-06-25 0920 . 2008-06-25 0920 88,537 --a------ CWINDOWSsystem32iftuyszv.exe
2008-06-25 0907 . 2008-06-25 0907 81,920 --a------ CWINDOWSsystem32wmhellcg.dll
2008-06-25 0730 . 2008-06-25 0738 REP d-------- CProgram FilesuTorrent
2008-06-25 0729 . 2008-06-25 0923 REP d-------- CDocuments and SettingssilenceApplication DatauTorrent
2008-06-24 1858 . 2008-06-24 1858 REP d-------- CDocuments and SettingsAll UsersApplication DatanView_Profiles
2008-06-24 1852 . 2008-04-30 1727 442,368 --a------ CWINDOWSsystem32NVUNINST.EXE
2008-06-24 1646 . 2008-06-24 1646 REP d-------- CProgram FilesVideoLAN
2008-06-24 1606 . 2008-06-24 1609 REP d-------- CWINDOWSNV25723296.TMP
2008-06-24 1549 . 2008-06-24 1549 REP d-------- CProgram FilesASUS
2008-06-24 1528 . 2008-06-24 1651 23,392 --a------ CWINDOWSsystem32nscompat.tlb
2008-06-24 1528 . 2008-06-24 1651 16,832 --a------ CWINDOWSsystem32amcompat.tlb
2008-06-24 1226 . 2008-06-24 1226 REP d-------- CProgram FilesAquaMark3
2008-06-24 1226 . 1999-10-21 1112 20,400 --a------ CWINDOWSsystem32driversentech.sys
2008-06-23 1025 . 2008-06-23 1027 REP d-------- CWINDOWSNV2196668.TMP
2008-06-22 1440 . 2008-06-22 1440 REP d-------- CDocuments and SettingssilenceApplication DataAhead
2008-06-22 1429 . 2008-06-22 1431 REP d-------- CProgram FilesNVIDIA Corporation
2008-06-22 1424 . 2008-06-22 1424 REP d-------- CProgram FilesSystemRequirementsLab
2008-06-22 1424 . 2008-06-22 1424 664 --a------ CWINDOWSsystem32d3d9caps.dat
2008-06-22 1424 . 2008-06-22 1424 552 --a------ CWINDOWSsystem32d3d8caps.dat
2008-06-22 1421 . 2008-06-22 1421 REP d-------- CProgram FilesFichiers communsAdobe
2008-06-22 1421 . 2008-06-22 1421 REP d-------- CDocuments and SettingssilenceApplication DataAdobeUM
2008-06-22 1405 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSTHEWILL.BMP
2008-06-22 1405 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSCORLANMCD.BMP
2008-06-22 1404 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSCIPHER.BMP
2008-06-22 1403 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSVITELIO.BMP
2008-06-22 1403 . 2007-12-27 0034 3,686,454 -ra------ CWINDOWSFENDERLTD.BMP
2008-06-22 1402 . 2008-06-22 1402 REP d-------- CWINDOWSCache
2008-06-21 1922 . 2008-06-25 0854 REP d-------- CDocuments and SettingssilenceShared
2008-06-21 1922 . 2008-06-24 1116 REP d-------- CDocuments and SettingssilenceIncomplete
2008-06-21 1919 . 2008-06-23 1552 REP d-------- CDocuments and SettingssilenceApplication DataFrostWire
2008-06-21 1918 . 2008-06-24 1124 REP d-------- CDocuments and SettingssilenceApplication DataLimeWire
2008-06-21 1800 . 2008-06-25 0914 116 --a------ CWINDOWSNeroDigital.ini
2008-06-21 1617 . 2001-07-09 1150 155,648 --a------ CWINDOWSsystem32NeroCheck.exe
2008-06-21 1615 . 2008-06-21 1615 REP d-------- CProgram FilesFichiers communsNero
2008-06-21 1614 . 2005-06-17 1808 2,932,736 --------- CWINDOWSUNNeroVision.exe
2008-06-21 1614 . 2005-07-20 1045 177,511 --------- CWINDOWSUNNeroVision.cfg
2008-06-21 1614 . 2001-03-08 1930 24,064 --------- CWINDOWSsystem32msxml3a.dll
2008-06-21 1613 . 2008-06-21 1613 REP d-------- CProgram FilesFichiers communsAhead
2008-06-21 1613 . 2008-06-21 1617 REP d-------- CProgram FilesAhead
2008-06-21 1613 . 2008-06-21 1613 REP d-------- CDocuments and SettingsAll UsersApplication DataAhead
2008-06-21 1613 . 2004-07-26 1716 1,568,768 --------- CWINDOWSsystem32ImagX7.dll
2008-06-21 1613 . 2004-07-26 1716 476,320 --------- CWINDOWSsystem32ImagXpr7.dll
2008-06-21 1613 . 2004-07-26 1716 471,040 --------- CWINDOWSsystem32ImagXRA7.dll
2008-06-21 1613 . 2004-07-09 0943 364,544 --------- CWINDOWSsystem32TwnLib4.dll
2008-06-21 1613 . 2004-07-26 1716 262,144 --------- CWINDOWSsystem32ImagXR7.dll
2008-06-21 1613 . 2000-06-26 1145 106,496 --a------ CWINDOWSsystem32TwnLib20.dll
2008-06-21 1613 . 2001-06-26 0815 38,912 --------- CWINDOWSsystem32picn20.dll
2008-06-21 1438 . 2004-08-05 1400 221,184 --a------ CWINDOWSsystem32wmpns.dll
2008-06-21 1412 . 2008-04-23 0616 6,066,176 -----c--- CWINDOWSsystem32dllcacheieframe.dll
2008-06-21 1412 . 2007-04-17 1132 2,455,488 -----c--- CWINDOWSsystem32dllcacheieapfltr.dat
2008-06-21 1412 . 2007-03-08 0710 1,048,576 -----c--- CWINDOWSsystem32dllcacheieframe.dll.mui
2008-06-21 1412 . 2008-04-23 0616 459,264 -----c--- CWINDOWSsystem32dllcachemsfeeds.dll
2008-06-21 1412 . 2008-04-23 0616 383,488 -----c--- CWINDOWSsystem32dllcacheieapfltr.dll
2008-06-21 1412 . 2008-04-23 0616 267,776 -----c--- CWINDOWSsystem32dllcacheiertutil.dll
2008-06-21 1412 . 2008-04-23 0616 63,488 -----c--- CWINDOWSsystem32dllcacheicardie.dll
2008-06-21 1412 . 2008-04-23 0616 52,224 -----c--- CWINDOWSsystem32dllcachemsfeedsbs.dll
2008-06-21 1412 . 2008-04-22 0939 13,824 -----c--- CWINDOWSsystem32dllcacheieudinit.exe
2008-06-21 0916 . 2008-06-21 0916 REP dr-h----- CDocuments and SettingssilenceApplication DataSecuROM
2008-06-21 0858 . 2008-06-21 0858 REP d-------- CProgram FilesUbisoft
2008-06-21 0858 . 2008-06-21 0858 REP d-------- CDocuments and SettingssilenceApplication DataInstallShield
2008-06-21 0822 . 2008-06-21 0822 REP d-------- CProgram FilesDVDFab HD Decrypter 4
2008-06-21 0756 . 2008-06-25 1022 10,061 --a------ CWINDOWSsystem32Config.MPF
2008-06-21 0755 . 2008-06-21 0755 REP d-------- CProgram FilesIZArc
2008-06-21 0752 . 2008-06-21 0752 REP d-------- CProgram FilesFrostWire
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CWINDOWSSun
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CProgram FilesSun
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CProgram FilesDVD Shrink
2008-06-21 0748 . 2008-06-21 0748 REP d-------- CDocuments and SettingsAll UsersApplication DataDVD Shrink
2008-06-21 0747 . 2008-06-21 0753 REP d-------- CProgram FilesJava
2008-06-21 0747 . 2008-06-21 0747 REP d-------- CProgram FilesFichiers communsJava
2008-06-21 0747 . 2008-03-25 0237 69,632 --a------ CWINDOWSsystem32javacpl.cpl
2008-06-21 0745 . 2008-06-21 0746 REP d-------- CProgram FilesLimeWire
2008-06-21 0741 . 2008-06-21 0741 REP d-------- CProgram FilesMcAfee.com
2008-06-21 0741 . 2008-06-21 0918 REP d-------- CProgram FilesMcAfee
2008-06-21 0741 . 2008-06-21 0741 REP d-------- CProgram FilesFichiers communsMcAfee
2008-06-21 0741 . 2008-06-21 0741 REP d-------- Cmcafee_mcpr
2008-06-21 0741 . 2007-11-22 0644 201,320 --a------ CWINDOWSsystem32driversmfehidk.sys
2008-06-21 0741 . 2007-07-13 0620 113,952 --a------ CWINDOWSsystem32driversMpfp.sys
2008-06-21 0741 . 2007-11-22 0644 79,304 --a------ CWINDOWSsystem32driversmfeavfk.sys
2008-06-21 0741 . 2007-12-02 1251 40,488 --a------ CWINDOWSsystem32driversmfesmfk.sys
2008-06-21 0741 . 2007-11-22 0644 35,240 --a------ CWINDOWSsystem32driversmfebopk.sys
2008-06-21 0741 . 2007-11-22 0644 33,832 --a------ CWINDOWSsystem32driversmferkdk.sys
2008-06-20 1939 . 2008-06-21 0916 107,888 --a------ CWINDOWSsystem32CmdLineExt.dll
2008-06-20 1918 . 2008-06-20 1918 REP d-------- CProgram FilesSierra
2008-06-20 1909 . 2008-06-20 1909 268 --ah----- Csqmdata00.sqm
2008-06-20 1909 . 2008-06-20 1909 244 --ah----- Csqmnoopt00.sqm
2008-06-20 1906 . 2008-06-20 1906 REP d-------- CWINDOWSsystem32LogFiles
2008-06-20 1906 . 2008-06-20 1906 REP d-------- CWINDOWSsystem32driversUMDF
2008-06-20 1906 . 2008-06-24 1651 REP d-------- CProgram FilesWindows Media Connect 2
2008-06-20 1906 . 2008-06-20 1906 REP d-------- Cd7b0fe6b25835451af483aa864d97ce2
2008-06-20 1751 . 2008-06-21 1441 REP d-------- CWINDOWSsystem32fr-fr
2008-06-20 1746 . 2008-06-20 1746 REP d----c--- CWINDOWSsystem32DRVSTORE
2008-06-20 1746 . 2008-06-20 1746 REP d-------- CProgram FilesMSN Messenger
2008-06-20 1743 . 2008-06-24 2343 REP d-------- CDocuments and SettingsAll UsersApplication DataGoogle Updater
2008-06-20 1742 . 2008-06-20 1743 REP d-------- CProgram FilesGoogle
2008-06-20 1736 . 2008-06-21 0756 REP d-------- CDocuments and SettingsAll UsersApplication DataMcAfee
2008-06-20 1732 . 2008-06-24 1859 8 --a------ CWINDOWSsystem32nvModes.dat
2008-06-20 1730 . 2008-06-24 1856 REP d-------- CWINDOWSnvidia icons
2008-06-20 1727 . 2008-06-22 1426 REP d-------- CNVIDIA
2008-06-20 1718 . 2008-06-14 1959 272,768 --------- CWINDOWSsystem32driversbthport.sys
2008-06-20 1718 . 2008-06-14 1959 272,768 -----c--- CWINDOWSsystem32dllcachebthport.sys
2008-06-20 1708 . 2008-06-21 1440 REP d--h----- CWINDOWS$hf_mig$
2008-06-20 1708 . 2008-06-20 1708 13,692 --a------ CWINDOWSsystem32wpa.bak
2008-06-20 1700 . 2005-04-27 0915 35,587 --------- CWINDOWSsystem32rmlan.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 1349 --------- d--h--w CProgram FilesInstallShield Installation Information
2008-06-20 1457 --------- d-----w CProgram FilesAnalog Devices
2008-06-20 1455 --------- d-----w CProgram FilesFichiers communsInstallShield
2008-06-20 1453 --------- d-----w CProgram FilesULi5287
2008-06-20 1444 --------- d-----w CProgram Filesmicrosoft frontpage
2008-06-20 1443 --------- d-----w CProgram FilesServices en ligne
2008-05-23 0911 36,640 ----a-w CWINDOWSnvflash.sys
2008-05-08 1228 202,752 ----a-w CWINDOWSsystem32driversrmcast.sys
2008-05-07 0515 1,293,824 ----a-w CWINDOWSsystem32quartz.dll
2008-04-23 0416 826,368 ----a-w CWINDOWSsystem32wininet.dll
2008-03-25 0451 621,344 ----a-w CWINDOWSsystem32mswstr10.dll
2008-03-25 0451 194,144 ----a-w CWINDOWSsystem32msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-25_10.17.32.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 081554 2,048 --s-a-w CWINDOWSbootstat.dat
+ 2008-06-25 082144 2,048 --s-a-w CWINDOWSbootstat.dat
- 2008-06-25 081656 16,384 --sha-w CWINDOWSTempCookiesindex.dat
+ 2008-06-25 082230 16,384 --sha-w CWINDOWSTempCookiesindex.dat
- 2008-06-25 081656 32,768 --sha-w CWINDOWSTempFichiers Internet temporairesContent.IE5index.dat
+ 2008-06-25 082230 32,768 --sha-w CWINDOWSTempFichiers Internet temporairesContent.IE5index.dat
- 2008-06-25 081656 16,384 --sha-w CWINDOWSTempHistoryHistory.IE5index.dat
+ 2008-06-25 082230 16,384 --sha-w CWINDOWSTempHistoryHistory.IE5index.dat
+ 2008-06-25 082232 16,384 ----atw CWINDOWSTempPerflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
swg=CProgram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-06-20 1843 68856]
ctfmon.exe=CWINDOWSsystem32ctfmon.exe [2004-08-05 1400 15360]
NVIDIA nTune=CProgram FilesNVIDIA CorporationnTunenTuneCmd.exe [2008-06-06 1225 114688]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
ULiRaid=CProgram FilesULi5287ULi5287.exe [2005-08-23 2059 409600]
High Definition Audio Property Page Shortcut=HDAShCut.exe [2004-10-27 1521 61952 CWINDOWSsystem32HdAShCut.exe]
SoundMAXPnP=CProgram FilesAnalog DevicesCoresmax4pnp.exe [2005-05-20 0311 925696]
mcagent_exe=CProgram FilesMcAfee.comAgentmcagent.exe [2007-11-01 1912 582992]
SunJavaUpdateSched=CProgram FilesJavajre1.6.0_06binjusched.exe [2008-03-25 0428 144784]
NeroFilterCheck=CWINDOWSsystem32NeroCheck.exe [2001-07-09 1150 155648]
NvCplDaemon=CWINDOWSsystem32NvCpl.dll [2008-05-03 0546 13529088]
nwiz=nwiz.exe [2008-05-03 0546 1630208 CWINDOWSsystem32nwiz.exe]
NvMediaCenter=CWINDOWSsystem32NvMcTray.dll [2008-05-03 0546 86016]
cc333533=CWINDOWSsystem32wmhellcg.dll [2008-06-25 0907 81920]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
CTFMON.EXE=CWINDOWSsystem32CTFMON.EXE [2004-08-05 1400 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
DisableTaskMgr= 1 (0x1)
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
DisableTaskMgr= 1 (0x1)
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
kbkzgbml= {40e47d71-a4a7-41e6-9d33-8dc7c0c3bd7a} - CDocuments and SettingsAll UsersApplication Datakbkzgbml.dll [2008-06-25 0921 114688]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
Userinit=CWINDOWSsystem32userinit.exe,CWINDOWSsystem32iftuyszv.exe,
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
AntiVirusDisableNotify=dword00000001
AntiVirusOverride=dword00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiVirus]
DisableMonitoring=dword00000001
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeFirewall]
DisableMonitoring=dword00000001
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
EnableFirewall= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
%windir%system32sessmgr.exe=
CProgram FilesMSN Messengermsnmsgr.exe=
CProgram FilesMSN Messengerlivecall.exe=
CProgram FilesSierraFEARCombatFEARMP.exe=
CProgram FilesFichiers communsMcAfeeMNAMcNASvc.exe=
CProgram FilesUbisoftTom Clancy's Rainbow Six VegasBinariesR6Vegas_Game.exe=
CProgram FilesUbisoftTom Clancy's Rainbow Six VegasBinariesR6Vegas_Launcher.exe=
CProgram FilesFrostWireFrostWire.exe=
CProgram FilesuTorrentuTorrent.exe=
R0 m5287;m5287;CWINDOWSsystem32driversm5287.sys [2005-08-19 1018]
R2 NVR0FLASHDev;NVR0FLASHDev;CWINDOWSnvflash.sys [2008-05-23 1111]
R2 UpdateCenterService;Update Center Service;CProgram FilesNVIDIA CorporationSystem UpdateUpdateCenterService.exe [2008-05-23 1114]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;CWINDOWSsystem32DRIVERSULILAN51.SYS [2005-03-22 2036]
S3 MBAMCatchMe;MBAMCatchMe;CWINDOWSsystem32driversmbamcatchme.sys [2008-06-19 1748]
.
Contenu du dossier 'Scheduled TasksTƒches planifi‚es'
2008-06-21 054115 CWINDOWSTasksMcDefragTask.job
- cPROGRA~1mcafeemqcQcConsol.exe'
2008-06-21 054114 CWINDOWSTasksMcQcTask.job
- cPROGRA~1mcafeemqcQcConsol.exe
.
catchme 0.3.1361 W2KXPVista - rootkitstealth malware detector by Gmer, httpwww.gmer.net
Rootkit scan 2008-06-25 102156
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s 0
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS CWINDOWSexplorer.exe
- CWINDOWSsystem32wmhellcg.dll
.
------------------------ Other Running Processes ------------------------
.
CWINDOWSsystem32iftuyszv.exe
CWINDOWSsystem32rundll32.exe
CWINDOWSsystem32rundll32.exe
CProgram FilesGoogleGoogle UpdaterGoogleUpdater.exe
CProgram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
CPROGRA~1McAfeeMSCmcmscsvc.exe
CPROGRA~1FICHIE~1McAfeeMNAMcNASvc.exe
CPROGRA~1FICHIE~1McAfeeMcProxyMcProxy.exe
CPROGRA~1McAfeeVIRUSS~1Mcshield.exe
CProgram FilesMcAfeeMPFMpfSrv.exe
CProgram FilesNVIDIA CorporationnTunenTuneService.exe
CWINDOWSsystem32nvsvc32.exe
CWINDOWSsystem32wbemwmiapsrv.exe
.
.
Temps d'accomplissement 2008-06-25 102321 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-25 082318
ComboFix2.txt 2008-06-25 081751
Pre-Run 7,164,334,080 octets libres
Post-Run 7,165,796,352 octets libres
319 --- E O F --- 2008-06-24 170408
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
