Rapport hijack this ! merci !
Résolu
neodu50
Messages postés
404
Statut
Membre
-
neodu50 Messages postés 404 Statut Membre -
neodu50 Messages postés 404 Statut Membre -
Bonjour,
Voila je vous explique un petit peu ce qui ce passe , une copine a moi a choper une merde et elle ne sait pas comment se debrouiller donc a l'aide de sparkangel j'ai reussi a lui faire une analyse hijack this mais je ne sais pas les "déchiffrer "
Merci de votre aides !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:08, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lace\Local Settings\Temporary Internet Files\Content.IE5\76PVJ5FK\HiJackThis[1].exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/site_errors/1_error.html
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Voila je vous explique un petit peu ce qui ce passe , une copine a moi a choper une merde et elle ne sait pas comment se debrouiller donc a l'aide de sparkangel j'ai reussi a lui faire une analyse hijack this mais je ne sais pas les "déchiffrer "
Merci de votre aides !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:08, on 29/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\lace\Local Settings\Temporary Internet Files\Content.IE5\76PVJ5FK\HiJackThis[1].exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - https://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://assets.photobox.com/assets/site_errors/1_error.html
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
A voir également:
- Rapport hijack this ! merci !
- Hijack this - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Sorry this video can not be played. please try again or pick another video iptv traduction - Forum Téléviseurs
- Your browser sent a request that this server could not understand ✓ - Forum Réseaux sociaux
66 réponses
Il faudrait finir un truc sur le PC de ta copine.
Ton PC est infecté par Bagle :
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
Ton PC est infecté par Bagle :
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
---> Télécharge EliBaglA.exe :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
[*] Clique en bas de la page sur le bouton Descargar Elibagla.
Enregistre ce fichier sur le bureau.
---> Double-clique sur EliBaglA.exe pour l'ouvrir.
---> Assure-toi que dans le menu déroulant Unidad qu'il y ait bien C:\
Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée.
---> Clique sur le bouton Explorar pour lancer l'analyse.
---> L'analyse finie, redémarre, poste le rapport d'EliBaglA qui se trouve ici C:\InfoSat.txt
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
[*] Clique en bas de la page sur le bouton Descargar Elibagla.
Enregistre ce fichier sur le bureau.
---> Double-clique sur EliBaglA.exe pour l'ouvrir.
---> Assure-toi que dans le menu déroulant Unidad qu'il y ait bien C:\
Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée.
---> Clique sur le bouton Explorar pour lancer l'analyse.
---> L'analyse finie, redémarre, poste le rapport d'EliBaglA qui se trouve ici C:\InfoSat.txt
Thu Jul 03 18:12:17 2008
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"
Thu Jul 03 18:12:45 2008
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 1818338479
Nº Total de Ficheros: 1769337263
Nº de Ficheros Analizados: 1281137305
Nº de Ficheros Infectados: -399368095
Nº de Ficheros Limpiados: 1948280173
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"
Thu Jul 03 18:12:45 2008
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 1818338479
Nº Total de Ficheros: 1769337263
Nº de Ficheros Analizados: 1281137305
Nº de Ficheros Infectados: -399368095
Nº de Ficheros Limpiados: 1948280173
Nº Total de Directorios: 1818338479
Nº Total de Ficheros: 1769337263
Nº de Ficheros Analizados: 1281137305
Nº de Ficheros Infectados: -399368095
Nº de Ficheros Limpiados: 1948280173
---> C'est quoi cette blague. xD
Nº Total de Ficheros: 1769337263
Nº de Ficheros Analizados: 1281137305
Nº de Ficheros Infectados: -399368095
Nº de Ficheros Limpiados: 1948280173
---> C'est quoi cette blague. xD
G rien touché et je retrouve sa :
Thu Jul 03 19:20:51 2008
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jul 03 19:20:53 2008
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 1818338481
Nº Total de Ficheros: 1769337292
Nº de Ficheros Analizados: 1281137305
Nº de Ficheros Infectados: -399368095
Nº de Ficheros Limpiados: 1948280173
Thu Jul 03 19:20:51 2008
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Jul 03 19:20:53 2008
EliBagle v11.54 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 1818338481
Nº Total de Ficheros: 1769337292
Nº de Ficheros Analizados: 1281137305
Nº de Ficheros Infectados: -399368095
Nº de Ficheros Limpiados: 1948280173
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ok.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisée à vos risques et avec aucune garantie..".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisée à vos risques et avec aucune garantie..".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
ComboFix 08-07-02.5 - sebastien 2008-07-03 20:07:57.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.152 [GMT 2:00]
Endroit: C:\Documents and Settings\sebastien\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMf37f4390.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\155000.exe
C:\WINDOWS\system32\drivers\downld\202968.exe
C:\WINDOWS\system32\drivers\downld\215296.exe
C:\WINDOWS\system32\drivers\downld\233062.exe
C:\WINDOWS\system32\drivers\downld\241187.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:28 . 2008-07-03 19:28 <REP> d-------- C:\WINDOWS\LastGood
2008-07-03 11:20 . 2008-07-03 11:20 <REP> d-------- C:\Documents and Settings\sebastien\Application Data\Canneverbe_Limited
2008-07-03 11:18 . 2008-07-03 11:18 <REP> d-------- C:\Program Files\CDBurnerXP
2008-07-03 11:02 . 2008-07-03 11:02 <REP> d-------- C:\1f0683fe51786165981f4b97f5cc91cc
2008-07-03 01:33 . 2008-07-03 01:33 <REP> d-------- C:\Program Files\Windows Journal Viewer
2008-06-29 21:07 . 2008-06-29 21:07 <REP> d-------- C:\Documents and Settings\sebastien\SparkAngelsPro_Designer
2008-06-29 19:28 . 2008-07-03 19:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-06-29 17:41 . 2008-06-29 17:41 <REP> d-------- C:\Documents and Settings\sebastien\SparkAngels
2008-06-29 17:20 . 2008-06-29 17:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-29 17:20 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-29 17:20 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-29 17:20 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-29 17:19 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-29 17:19 . 2008-06-29 17:19 1,024 --a------ C:\.rnd
2008-06-29 17:18 . 2008-07-03 07:43 <REP> d-------- C:\Program Files\LogMeIn
2008-06-29 15:12 . 2008-06-30 21:56 <REP> d-------- C:\Program Files\KM Remote
2008-06-27 19:04 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-27 19:04 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-21 19:01 . 2008-06-21 19:01 <REP> d-------- C:\Program Files\Raw Modders Union
2008-06-15 22:07 . 2004-05-27 16:46 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-06-15 22:07 . 2004-05-19 10:01 364,544 --a------ C:\WINDOWS\system32\Xfpx.dll
2008-06-15 22:07 . 2004-02-04 06:33 307,200 --a------ C:\WINDOWS\system32\libmng.dll
2008-06-15 22:07 . 2004-05-19 10:02 225,280 --a------ C:\WINDOWS\system32\Xjp2.dll
2008-06-15 22:07 . 2004-05-19 10:02 114,688 --a------ C:\WINDOWS\system32\Xjpegls.dll
2008-06-15 22:07 . 2004-05-19 10:01 81,920 --a------ C:\WINDOWS\system32\Xjbig.dll
2008-06-15 22:07 . 2004-05-19 10:02 49,152 --a------ C:\WINDOWS\system32\Xsusie.dll
2008-06-15 22:07 . 2004-05-19 10:01 49,152 --a------ C:\WINDOWS\system32\Xjng.dll
2008-06-15 21:54 . 2008-06-15 21:54 268 --ah----- C:\sqmdata14.sqm
2008-06-15 21:54 . 2008-06-15 21:54 244 --ah----- C:\sqmnoopt14.sqm
2008-06-14 20:14 . 2003-11-04 15:11 53,248 --a------ C:\WINDOWS\system32\lftga13n.dll
2008-06-08 17:08 . 2008-06-08 17:27 <REP> d-------- C:\Program Files\ScoreReadMidi
2008-06-08 17:08 . 2008-06-08 17:24 135 --a------ C:\WINDOWS\ODBC.INI
2008-06-08 17:00 . 2008-06-08 17:02 12,205 --a------ C:\sn2444.dat
2008-06-08 17:00 . 2008-06-08 17:01 4 --ahs---- C:\s2443.dat
2008-06-08 16:59 . 2008-06-08 17:01 <REP> d-------- C:\Program Files\PianoTrainer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 05:17 --------- d-----w C:\Program Files\eMule
2008-07-03 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-01 22:18 --------- d-----w C:\Documents and Settings\sebastien\Application Data\OpenOffice.org2
2008-06-27 20:50 --------- d-----w C:\Documents and Settings\sebastien\Application Data\gtk-2.0
2008-06-27 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-01 12:08 --------- d-----w C:\Documents and Settings\sebastien\Application Data\CasaPortale.de
2008-05-31 20:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 19:18 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Soft-R Research
2008-05-28 10:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-24 18:59 --------- d-----w C:\Program Files\RayV
2008-05-24 18:45 --------- d-----w C:\Program Files\MobeeSoft
2008-05-23 21:01 --------- d-----w C:\Program Files\Gimp
2008-05-23 20:57 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-23 17:54 --------- d-----w C:\Program Files\Digital Image Recovery
2008-05-21 19:42 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-05-21 19:42 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-21 19:41 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-21 19:22 --------- d-----w C:\Program Files\DScaler5
2008-05-21 18:01 --------- d-----w C:\Program Files\NewTech Infosystems
2008-05-21 17:59 --------- d-----w C:\Program Files\Fichiers communs\NewTech Infosystems
2008-05-21 17:59 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-05-21 17:58 6,144 ----a-w C:\WINDOWS\system32\drivers\NTIDrvr.sys
2008-05-18 12:09 --------- d-----w C:\Program Files\Ahead
2008-05-18 11:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-12 22:03 --------- d-----w C:\Program Files\Trend Micro
2008-05-12 18:13 --------- d-----w C:\Program Files\Avira
2008-05-12 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-12 17:53 --------- d-----w C:\Program Files\MSN Messenger
2008-05-12 16:08 --------- d-----w C:\Program Files\Panda Security
2008-05-11 20:00 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 20:00 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Malwarebytes
2008-05-11 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 09:39 --------- d-----w C:\Documents and Settings\sebastien\Application Data\vlc
2008-05-10 23:41 --------- d-----w C:\Program Files\RM-X Player V5.0
2008-05-10 23:40 --------- d-----w C:\Program Files\Emoticons-plus.com
2008-05-10 23:36 --------- d-----w C:\Program Files\Google
2008-05-10 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 23:23 --------- d-----w C:\Program Files\CCleaner
2008-05-10 21:10 --------- d-----w C:\Program Files\MP3Gain
2008-05-10 18:36 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-05-10 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 17:32 --------- d-----w C:\Program Files\Lavasoft
2008-05-10 17:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 17:06 --------- d-----w C:\Program Files\Uniblue
2008-05-10 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 17:02 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Uniblue
2008-05-09 20:39 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-09 20:39 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-09 20:39 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-09 20:39 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-09 20:37 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-05-09 20:37 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-05-09 20:37 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-05-09 18:33 --------- d-----w C:\Program Files\INS
2008-05-09 13:51 --------- d-----w C:\Program Files\Macromedia
2008-05-09 13:51 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-05-09 13:50 --------- d-----w C:\Program Files\HP
2008-05-09 13:46 --------- d-----w C:\Program Files\ElcomSoft
2008-05-09 13:45 --------- d-----w C:\Program Files\Windows Live
2008-05-09 13:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-09 13:30 --------- d-----w C:\Program Files\DivX
2008-05-09 13:28 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Nero
2008-05-09 13:24 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2008-05-08 21:44 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Media Player Classic
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 09:23 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Simple Star
2008-05-08 08:56 --------- d-----w C:\Program Files\Fichiers communs\Simple Star Shared
2008-05-07 17:10 --------- d-----w C:\Documents and Settings\sebastien\Application Data\ArcSoft
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 18:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-03 16:26 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2008-05-03 16:23 --------- d-----w C:\Program Files\Hercules
2008-04-30 17:39 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-30 17:39 253,952 ------w C:\WINDOWS\Setup1.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 09:17 20,670 ----a-w C:\WINDOWS\system32\vavjclyu.dll
2008-04-13 12:32 87,608 ----a-w C:\Documents and Settings\sebastien\Application Data\inst.exe
2008-04-13 12:32 47,360 ----a-w C:\Documents and Settings\sebastien\Application Data\pcouffin.sys
2007-08-01 08:11 1 ----a-w C:\Documents and Settings\sebastien\SI.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-23 16:14 1032192]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2002-01-28 12:48 885760]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-21 21:41 185896]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-11 01:36:41 124400]
SMC USB Wireless Client Utility.lnk - C:\Program Files\SMC\SMC USB Wireless Client Utility\UMCCfg.exe [2008-04-21 21:22:01 2757120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^sebastien^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
backup=C:\WINDOWS\pss\MaxTV.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf37f4390
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f04c700c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-08-29 18:33 190024 C:\Program Files\Windows Live\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2005-12-13 09:51 1951976 C:\Program Files\Registry Mechanic\RegMech.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2006-09-13 18:41]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 NICSer_WUB370L;NICSer_WUB370L;C:\Program Files\SMC\SMC USB Wireless Client Utility\NICServ.exe [2006-07-06 11:30]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 10:05]
S3 rt2870;802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 14:50]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-09 01:54]
*Newly Created Service* - NMSACCESSU
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-18 15:22:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-19 15:22:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-18 15:53:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-19 15:53:37 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-AlcoholAutomount - C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe
MSConfigStartUp-RegistryBooster 2 d’Uniblue - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
MSConfigStartUp-Uniblue SpyEraser - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 20:12:10
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSNDIS08]
.
Temps d'accomplissement: 2008-07-03 20:17:57
ComboFix-quarantined-files.txt 2008-07-03 18:16:54
Pre-Run: 18,923,704,320 octets libres
Post-Run: 18,974,003,200 octets libres
236 --- E O F --- 2008-06-28 01:03:59
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.152 [GMT 2:00]
Endroit: C:\Documents and Settings\sebastien\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMf37f4390.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\155000.exe
C:\WINDOWS\system32\drivers\downld\202968.exe
C:\WINDOWS\system32\drivers\downld\215296.exe
C:\WINDOWS\system32\drivers\downld\233062.exe
C:\WINDOWS\system32\drivers\downld\241187.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:28 . 2008-07-03 19:28 <REP> d-------- C:\WINDOWS\LastGood
2008-07-03 11:20 . 2008-07-03 11:20 <REP> d-------- C:\Documents and Settings\sebastien\Application Data\Canneverbe_Limited
2008-07-03 11:18 . 2008-07-03 11:18 <REP> d-------- C:\Program Files\CDBurnerXP
2008-07-03 11:02 . 2008-07-03 11:02 <REP> d-------- C:\1f0683fe51786165981f4b97f5cc91cc
2008-07-03 01:33 . 2008-07-03 01:33 <REP> d-------- C:\Program Files\Windows Journal Viewer
2008-06-29 21:07 . 2008-06-29 21:07 <REP> d-------- C:\Documents and Settings\sebastien\SparkAngelsPro_Designer
2008-06-29 19:28 . 2008-07-03 19:29 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-06-29 17:41 . 2008-06-29 17:41 <REP> d-------- C:\Documents and Settings\sebastien\SparkAngels
2008-06-29 17:20 . 2008-06-29 17:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-29 17:20 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-29 17:20 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-29 17:20 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-29 17:19 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-29 17:19 . 2008-06-29 17:19 1,024 --a------ C:\.rnd
2008-06-29 17:18 . 2008-07-03 07:43 <REP> d-------- C:\Program Files\LogMeIn
2008-06-29 15:12 . 2008-06-30 21:56 <REP> d-------- C:\Program Files\KM Remote
2008-06-27 19:04 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-27 19:04 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-21 19:01 . 2008-06-21 19:01 <REP> d-------- C:\Program Files\Raw Modders Union
2008-06-15 22:07 . 2004-05-27 16:46 872,448 --a------ C:\WINDOWS\system32\libgfl211.dll
2008-06-15 22:07 . 2004-05-19 10:01 364,544 --a------ C:\WINDOWS\system32\Xfpx.dll
2008-06-15 22:07 . 2004-02-04 06:33 307,200 --a------ C:\WINDOWS\system32\libmng.dll
2008-06-15 22:07 . 2004-05-19 10:02 225,280 --a------ C:\WINDOWS\system32\Xjp2.dll
2008-06-15 22:07 . 2004-05-19 10:02 114,688 --a------ C:\WINDOWS\system32\Xjpegls.dll
2008-06-15 22:07 . 2004-05-19 10:01 81,920 --a------ C:\WINDOWS\system32\Xjbig.dll
2008-06-15 22:07 . 2004-05-19 10:02 49,152 --a------ C:\WINDOWS\system32\Xsusie.dll
2008-06-15 22:07 . 2004-05-19 10:01 49,152 --a------ C:\WINDOWS\system32\Xjng.dll
2008-06-15 21:54 . 2008-06-15 21:54 268 --ah----- C:\sqmdata14.sqm
2008-06-15 21:54 . 2008-06-15 21:54 244 --ah----- C:\sqmnoopt14.sqm
2008-06-14 20:14 . 2003-11-04 15:11 53,248 --a------ C:\WINDOWS\system32\lftga13n.dll
2008-06-08 17:08 . 2008-06-08 17:27 <REP> d-------- C:\Program Files\ScoreReadMidi
2008-06-08 17:08 . 2008-06-08 17:24 135 --a------ C:\WINDOWS\ODBC.INI
2008-06-08 17:00 . 2008-06-08 17:02 12,205 --a------ C:\sn2444.dat
2008-06-08 17:00 . 2008-06-08 17:01 4 --ahs---- C:\s2443.dat
2008-06-08 16:59 . 2008-06-08 17:01 <REP> d-------- C:\Program Files\PianoTrainer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 05:17 --------- d-----w C:\Program Files\eMule
2008-07-03 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-01 22:18 --------- d-----w C:\Documents and Settings\sebastien\Application Data\OpenOffice.org2
2008-06-27 20:50 --------- d-----w C:\Documents and Settings\sebastien\Application Data\gtk-2.0
2008-06-27 16:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-01 12:08 --------- d-----w C:\Documents and Settings\sebastien\Application Data\CasaPortale.de
2008-05-31 20:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 19:18 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Soft-R Research
2008-05-28 10:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-24 18:59 --------- d-----w C:\Program Files\RayV
2008-05-24 18:45 --------- d-----w C:\Program Files\MobeeSoft
2008-05-23 21:01 --------- d-----w C:\Program Files\Gimp
2008-05-23 20:57 --------- d-----w C:\Program Files\GIMP-2.0
2008-05-23 17:54 --------- d-----w C:\Program Files\Digital Image Recovery
2008-05-21 19:42 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-05-21 19:42 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-21 19:41 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-21 19:22 --------- d-----w C:\Program Files\DScaler5
2008-05-21 18:01 --------- d-----w C:\Program Files\NewTech Infosystems
2008-05-21 17:59 --------- d-----w C:\Program Files\Fichiers communs\NewTech Infosystems
2008-05-21 17:59 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2008-05-21 17:58 6,144 ----a-w C:\WINDOWS\system32\drivers\NTIDrvr.sys
2008-05-18 12:09 --------- d-----w C:\Program Files\Ahead
2008-05-18 11:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-12 22:03 --------- d-----w C:\Program Files\Trend Micro
2008-05-12 18:13 --------- d-----w C:\Program Files\Avira
2008-05-12 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-12 17:53 --------- d-----w C:\Program Files\MSN Messenger
2008-05-12 16:08 --------- d-----w C:\Program Files\Panda Security
2008-05-11 20:00 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 20:00 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Malwarebytes
2008-05-11 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 09:39 --------- d-----w C:\Documents and Settings\sebastien\Application Data\vlc
2008-05-10 23:41 --------- d-----w C:\Program Files\RM-X Player V5.0
2008-05-10 23:40 --------- d-----w C:\Program Files\Emoticons-plus.com
2008-05-10 23:36 --------- d-----w C:\Program Files\Google
2008-05-10 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 23:23 --------- d-----w C:\Program Files\CCleaner
2008-05-10 21:10 --------- d-----w C:\Program Files\MP3Gain
2008-05-10 18:36 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-05-10 17:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-10 17:32 --------- d-----w C:\Program Files\Lavasoft
2008-05-10 17:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 17:06 --------- d-----w C:\Program Files\Uniblue
2008-05-10 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-10 17:02 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Uniblue
2008-05-09 20:39 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-09 20:39 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-09 20:39 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-09 20:39 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-09 20:37 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-05-09 20:37 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-05-09 20:37 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-05-09 18:33 --------- d-----w C:\Program Files\INS
2008-05-09 13:51 --------- d-----w C:\Program Files\Macromedia
2008-05-09 13:51 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-05-09 13:50 --------- d-----w C:\Program Files\HP
2008-05-09 13:46 --------- d-----w C:\Program Files\ElcomSoft
2008-05-09 13:45 --------- d-----w C:\Program Files\Windows Live
2008-05-09 13:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-05-09 13:30 --------- d-----w C:\Program Files\DivX
2008-05-09 13:28 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Nero
2008-05-09 13:24 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2008-05-08 21:44 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Media Player Classic
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 09:23 --------- d-----w C:\Documents and Settings\sebastien\Application Data\Simple Star
2008-05-08 08:56 --------- d-----w C:\Program Files\Fichiers communs\Simple Star Shared
2008-05-07 17:10 --------- d-----w C:\Documents and Settings\sebastien\Application Data\ArcSoft
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 18:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-03 16:26 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2008-05-03 16:23 --------- d-----w C:\Program Files\Hercules
2008-04-30 17:39 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-30 17:39 253,952 ------w C:\WINDOWS\Setup1.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 09:17 20,670 ----a-w C:\WINDOWS\system32\vavjclyu.dll
2008-04-13 12:32 87,608 ----a-w C:\Documents and Settings\sebastien\Application Data\inst.exe
2008-04-13 12:32 47,360 ----a-w C:\Documents and Settings\sebastien\Application Data\pcouffin.sys
2007-08-01 08:11 1 ----a-w C:\Documents and Settings\sebastien\SI.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-23 16:14 1032192]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2002-01-28 12:48 885760]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-21 21:41 185896]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-11 01:36:41 124400]
SMC USB Wireless Client Utility.lnk - C:\Program Files\SMC\SMC USB Wireless Client Utility\UMCCfg.exe [2008-04-21 21:22:01 2757120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^sebastien^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
backup=C:\WINDOWS\pss\MaxTV.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf37f4390
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f04c700c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-08-29 18:33 190024 C:\Program Files\Windows Live\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2005-12-13 09:51 1951976 C:\Program Files\Registry Mechanic\RegMech.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2006-09-13 18:41]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 NICSer_WUB370L;NICSer_WUB370L;C:\Program Files\SMC\SMC USB Wireless Client Utility\NICServ.exe [2006-07-06 11:30]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 17:04]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 10:05]
S3 rt2870;802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 14:50]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-09 01:54]
*Newly Created Service* - NMSACCESSU
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-18 15:22:02 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-19 15:22:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-18 15:53:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-04-19 15:53:37 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-AlcoholAutomount - C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe
MSConfigStartUp-RegistryBooster 2 d’Uniblue - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
MSConfigStartUp-Uniblue SpyEraser - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 20:12:10
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSNDIS08]
.
Temps d'accomplissement: 2008-07-03 20:17:57
ComboFix-quarantined-files.txt 2008-07-03 18:16:54
Pre-Run: 18,923,704,320 octets libres
Post-Run: 18,974,003,200 octets libres
236 --- E O F --- 2008-06-28 01:03:59
Ça s'améliore ?
---> Télécharge clean.zip de Malekal :
http://www.malekal.com/download/clean.zip
---> Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
---> Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean.cmd
Une fenêtre noire va apparaître pendant un instant, laisse-la ouverte.
---> Choisis l'option 1 puis patiente
---> Poste le rapport obtenu (situé dans C:\rapport_clean.txt)
Ne passe pas à l'option 2 sans notre avis !
---> Télécharge clean.zip de Malekal :
http://www.malekal.com/download/clean.zip
---> Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
---> Ouvre le dossier clean qui se trouve sur ton bureau, et double-clique sur clean.cmd
Une fenêtre noire va apparaître pendant un instant, laisse-la ouverte.
---> Choisis l'option 1 puis patiente
---> Poste le rapport obtenu (situé dans C:\rapport_clean.txt)
Ne passe pas à l'option 2 sans notre avis !
03/07/2008 a 20:54:11,39
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\kernel???.exe FOUND
C:\WINDOWS\system32\kernel??.exe FOUND
C:\WINDOWS\system32\kernel?.exe FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GameHouse\" FOUND
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\kernel???.exe FOUND
C:\WINDOWS\system32\kernel??.exe FOUND
C:\WINDOWS\system32\kernel?.exe FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\GameHouse\" FOUND
*** Fin du rapport !
prefere tu
que j'essaie en mode sans echec ...
Quoi que la derniere fois sa buger ( ecran bleu signalement d'erreur ... ) ??
que j'essaie en mode sans echec ...
Quoi que la derniere fois sa buger ( ecran bleu signalement d'erreur ... ) ??
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 03/07/2008 a 21:24:58,78
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\kernel???.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\GameHouse\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Script execute en mode sans echec 03/07/2008 a 21:24:58,78
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\kernel???.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\GameHouse\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
03/07/2008 a 21:32:25,40
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:22, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SMC\SMC USB Wireless Client Utility\NICServ.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SMC\SMC USB Wireless Client Utility\UMCCfg.exe
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\sebastien\Local Settings\Temporary Internet Files\Content.IE5\3IYQMZ4U\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/go/inproductreg?v=3&product=Dreamweaver&loc=fr_fr&country=fr&platform=2&givenName=quelqu%27un&familyName=de%20paris&email=smabire9@hotmail.com&optin=1&serialNumber=WPD800-58834-46532-77738
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Windows Live\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: SMC USB Wireless Client Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NICSer_WUB370L - Unknown owner - C:\Program Files\SMC\SMC USB Wireless Client Utility\NICServ.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Scan saved at 21:37:22, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\SMC\SMC USB Wireless Client Utility\NICServ.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SMC\SMC USB Wireless Client Utility\UMCCfg.exe
C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\sebastien\Local Settings\Temporary Internet Files\Content.IE5\3IYQMZ4U\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/go/inproductreg?v=3&product=Dreamweaver&loc=fr_fr&country=fr&platform=2&givenName=quelqu%27un&familyName=de%20paris&email=smabire9@hotmail.com&optin=1&serialNumber=WPD800-58834-46532-77738
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Windows Live\MsgPlus.exe" /WinStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: SMC USB Wireless Client Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NICSer_WUB370L - Unknown owner - C:\Program Files\SMC\SMC USB Wireless Client Utility\NICServ.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
( ce que Moi j'ai fait pour le mien j'ai fait pareil il a trouvé 3 truc que j'ai supprimé et voila le rapport a la fin :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 740
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 159597
Temps écoulé: 2 hour(s), 15 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\AutoUpdateWin31.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\AutoUpdateWin33.exe (Adware.Agent) -> Quarantined and deleted successfully.
)
Il est encore la ?