Rundll.exe

Mimiluic -  
 typster1801 -
Bonjours tout le monde...

Je me suis apercu que de nombreuse personne avait le meme probleme que moi s'agissant du rundll.exe ..

En effet, j'ai un message d'erreur qui me vient a chaque fichier que je souhaite ouvrir et me bloque l'ouverture mais également lorsque j'ouvre une page internet...

En lisant plusieurs topic, il était demander d'installer un logiciel et de poster le rapport que je poste ci dessous...En esperant qu'une personne puisse m'aider...Merci d'avance..

Le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:44, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {000178ED-AE77-4847-92F1-944DFFDDC4Db} - C:\WINDOWS\system32\kprdkrlf.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O2 - BHO: (no name) - {9160B539-1B91-409A-98BA-985C2349FEEB} - C:\WINDOWS\system32\wvUkIYsQ.dll
O2 - BHO: {fbf7f6d1-6474-b259-b334-53821cf8087a} - {a7808fc1-2835-433b-952b-47461d6f7fbf} - C:\WINDOWS\system32\oieepi.dll
O4 - HKLM\..\Run: [BM2304dc9c] Rundll32.exe "C:\WINDOWS\system32\gxoqtsdc.dll",s
O4 - HKLM\..\Run: [2037ef00] rundll32.exe "C:\WINDOWS\system32\rxlsifgw.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O20 - AppInit_DLLs: oieepi.dll
O20 - Winlogon Notify: wvUkIYsQ - C:\WINDOWS\SYSTEM32\wvUkIYsQ.dll

--
End of file - 3090 bytes
Configuration: Windows XP
Firefox 2.0.0.16

8 réponses

  1. IronVI Messages postés 72 Statut Membre 7
     
    Le rapport est minuscule mais remplie d'infections ! et apparemment c'est vrai il y'a un problème avec rundll

    Télécharger sur le bureau https://www.besttechie.com/resources/malwarebytes/

    => double-clic sur mbam-setup pour lancer l'installation
    => Installer simplement sans rien modifier
    => Quand le programme lancé ==> onglet Mise à jour cliquer sur => Recherche de mise à jour
    Onglet Recherche => cocher Exécuter un examen complet
    => Clic Rechercher
    => Eventuellement décocher les disque à ne pas analyser
    => Clic Lancer l'examen
    => En fin de scan , si infection trouvée
    ==> Clic Afficher résultat
    => Fermer vos applications en cours
    => Vérifier si tout est coché et clic Supprimer la sélection

    => un rapport s'ouvre le copier et le coller dans la réponse

    ++++

    Télécharger et enregistrer sur le bureau url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    => Désactive l'antivirus
    => Double-clic sur Combofix
    => Presser 1 quand demandé
    => Attendre la fermeture de l’outil ( 5 à 10 mn)
    => Copier/coller le rapport dans la réponse
    => Un rapport dans C:\Combofix.txt à mettre dans la réponse
    => supprime Qoobox dans c:
    => réactive l'antivirus
    0
  2. Mimiluic
     
    Ok merci je suis en train d'effectuer ces manoeuvres je posterais des que j'ai les resultats...
    0
  3. Mimiluic
     
    Voila ici je presente le 1er rapport...

    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1022
    Windows 5.1.2600 Service Pack 2

    21:03:45 04/08/2008
    mbam-log-8-4-2008 (21-03-25).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 155300
    Temps écoulé: 1 hour(s), 20 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 5
    Clé(s) du Registre infectée(s): 17
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 89

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ljJCvUNE.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\nnnmlLFX.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rxlsifgw.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\oieepi.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wvUkIYsQ.dll (Trojan.Vundo) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7808fc1-2835-433b-952b-47461d6f7fbf} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a7808fc1-2835-433b-952b-47461d6f7fbf} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvukiysq (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a98dc0ea-1a49-4b63-9d7c-47bba44c47f2} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000178ed-ae77-4847-92f1-944dffddc4db} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{000178ed-ae77-4847-92f1-944dffddc4db} (Trojan.BHO) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2037ef00 (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm2304dc9c (Trojan.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\\windows\\system32\\nnnmllfx -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\\windows\\system32\\nnnmllfx -> No action taken.

    Dossier(s) infecté(s):
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\oieepi.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\fnwdampe.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\epmadwnf.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\geBtUonn.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\nnoUtBeg.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\nnoUtBeg.ini2 (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ivkvksii.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\iiskvkvi.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\knkrrtdh.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\hdtrrknk.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ljJCvUNE.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ENUvCJjl.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ENUvCJjl.ini2 (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\nnnmlLFX.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\XFLlmnnn.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\XFLlmnnn.ini2 (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\oewjaryl.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\lyrajweo.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\rxlsifgw.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wgfislxr.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wnvegfbq.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\qbfgevnw.ini (Trojan.Vundo) -> No action taken.
    c:\\WINDOWS\\system32\\nnnmlLFX.dll (Trojan.Vundo) -> No action taken.
    c:\\WINDOWS\\system32\\XFLlmnnn.ini (Trojan.Vundo) -> No action taken.
    c:\\WINDOWS\\system32\\XFLlmnnn.ini2 (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wvUkIYsQ.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\kprdkrlf.dll (Trojan.BHO) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3QW0UTI9\kb671231[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\CF1XCWRI\kb456456[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\CF1XCWRI\kb456456[2] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\CF1XCWRI\kb767887[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\CF1XCWRI\CAXCQ1X7 (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\DHNIDLNT\favicon[1].ico (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\DHNIDLNT\fdc[1].exe (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\OUIE11U4\kb767887[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\OUIE11U4\CAO9A3IN (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin.XPSP2-F23D8B0E7\Local Settings\Temporary Internet Files\Content.IE5\A3Y18X8F\CA6ZCTI7 (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin.XPSP2-F23D8B0E7\Local Settings\Temporary Internet Files\Content.IE5\A3Y18X8F\CANUUDZV (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin.XPSP2-F23D8B0E7\Local Settings\Temporary Internet Files\Content.IE5\A3Y18X8F\2oxu[1].dll (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin.XPSP2-F23D8B0E7\Local Settings\Temporary Internet Files\Content.IE5\GTM5GLWX\kb456456[1] (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin.XPSP2-F23D8B0E7\Local Settings\Temporary Internet Files\Content.IE5\GTM5GLWX\CA6BIFEL (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin.XPSP2-F23D8B0E7\Local Settings\Temporary Internet Files\Content.IE5\GTM5GLWX\CAS9IB85 (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin.XPSP2-F23D8B0E7\Local Settings\Temporary Internet Files\Content.IE5\U1W5ABG9\fdc[1].exe (Trojan.Vundo) -> No action taken.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> No action taken.
    C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\hcxvpdbh.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\jkehrp.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\lfscnb.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wdnfgxgn.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wftpdxng.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\tuvTnNEt.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\affauuyj.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\afriqq.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\akntjact.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\efijatpy.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\emflnuwc.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\hgrdjpkp.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\lodpydcv.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\dvhkupoo.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ngrwktaj.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\sxguesds.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\opnopQjk.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\uucxyrve.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\vdckgpyc.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\veactxqd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\wpcvtrsv.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\snsdyfuc.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\fxmcqsnq.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\geBtQiii.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ynkqjagq.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ywuuwcok.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\nbxblksp.dll (Trojan.Vundo) -> No action taken.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
    C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\ehgwpjeq.dll (Trojan.Agent) -> No action taken.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BM2304dc9c.xml (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\BM2304dc9c.txt (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temp\software.php (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Admin\Local Settings\Temp\lwpwer.exe (Trojan.FakeAlert) -> No action taken.

    Le second est en cours...
    0
  4. Mimiluic
     
    Combofix ne se fonctionne que pour Windows XP et 2000...Donc je peux pas le faire...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. typster1801
     
    j ai un premier rapport avec malware :
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1032
    Windows 5.1.2600 Service Pack 2

    14:11:25 08/08/2008
    mbam-log-8-8-2008 (14-11-25).txt

    Type de recherche: Examen rapide
    Eléments examinés: 42320
    Temps écoulé: 2 minute(s), 13 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    0
  7. typster1801
     
    et le deuxieme message avec combofix :
    ComboFix 08-08-07.05 - Administrateur 2008-08-08 14:13:23.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2286 [GMT 2:00]
    Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .
    [color=purple]The following files were disabled during the run:[/color]
    C:\WINDOWS\system32\HookShield.dll
    C:\WINDOWS\system32\Auxiliary.dll

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\AutoRun.inf
    C:\WINDOWS\system32\MSINET.oca
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-08 14:06 . 2008-08-08 14:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-08 14:06 . 2008-08-08 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-08 14:06 . 2008-08-08 14:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-08-08 14:06 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-08 14:06 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-08 13:56 . 2008-08-08 13:56 <REP> d-------- C:\WINDOWS\LastGood
    2008-08-08 12:35 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
    2008-08-08 12:20 . 2008-08-08 12:22 <REP> d-------- C:\WINDOWS\NV19122968.TMP
    2008-08-06 15:46 . 2008-08-06 15:46 <REP> d-------- C:\Program Files\ePSXe
    2008-08-06 15:46 . 2008-08-06 16:09 1,600 --a------ C:\WINDOWS\kaillera.ini
    2008-08-06 12:25 . 1998-06-24 01:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
    2008-08-06 12:12 . 2008-08-06 12:25 <REP> d-------- C:\Program Files\Ubisoft
    2008-08-05 19:45 . 2008-08-05 19:45 268 --ah----- C:\sqmdata02.sqm
    2008-08-05 19:45 . 2008-08-05 19:45 244 --ah----- C:\sqmnoopt02.sqm
    2008-08-04 22:59 . 2005-07-22 15:01 69,632 --a------ C:\WINDOWS\system32\razer.cpl
    2008-08-04 22:40 . 2005-08-12 10:11 19,020 --------- C:\WINDOWS\system32\drivers\razerlow.sys
    2008-08-02 05:06 . 2008-08-02 05:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
    2008-08-02 00:24 . 2008-08-02 00:24 <REP> d-------- C:\Program Files\ASUS
    2008-08-02 00:24 . 2006-01-10 10:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
    2008-08-02 00:24 . 2007-12-17 11:14 12,400 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
    2008-08-02 00:24 . 2008-01-04 13:34 11,832 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
    2008-08-02 00:24 . 2008-01-04 13:34 10,216 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
    2008-08-02 00:24 . 2008-08-02 00:24 670 --a------ C:\WINDOWS\setup.iss
    2008-08-02 00:22 . 2008-08-02 00:22 <REP> d-------- C:\WINDOWS\system32\Atheros_L1e
    2008-08-02 00:22 . 2008-08-02 00:22 <REP> d-------- C:\Program Files\Marvell
    2008-08-02 00:22 . 2008-02-02 17:54 36,864 -ra------ C:\WINDOWS\system32\drivers\l1e51x86.sys
    2008-08-02 00:19 . 2008-08-02 00:19 <REP> d-------- C:\WINDOWS\ASUSInstAll
    2008-08-02 00:19 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2008-08-02 00:19 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
    2008-08-02 00:18 . 2008-08-02 00:18 <REP> d-------- C:\Program Files\Realtek
    2008-08-02 00:18 . 2008-03-05 12:07 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-08-02 00:18 . 2008-08-02 00:18 315,392 --a------ C:\WINDOWS\HideWin.exe
    2008-08-02 00:08 . 2008-08-02 00:08 <REP> d-------- C:\Program Files\Intel
    2008-08-02 00:08 . 2008-08-02 00:08 <REP> d-------- C:\Intel
    2008-08-02 00:08 . 2008-06-04 08:55 53,248 -ra------ C:\WINDOWS\system32\CSVer.dll
    2008-08-02 00:08 . 2008-08-02 00:29 36,553 --a------ C:\WINDOWS\Ascd_log.ini
    2008-08-02 00:08 . 2004-08-13 12:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
    2008-08-02 00:07 . 2008-08-02 00:28 36,515 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-08-02 00:07 . 2007-12-28 17:22 10,296 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2008-08-02 00:02 . 2008-08-02 00:02 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-08-02 00:02 . 2008-08-02 00:02 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-08-02 00:01 . 2008-08-02 00:01 1,374 --a------ C:\WINDOWS\system32\wpa.bak
    2008-07-31 12:51 . 2008-07-31 12:51 634,857 --a------ C:\FRAGLIST.HTM
    2008-07-27 18:05 . 2008-08-04 22:59 <REP> d-------- C:\Program Files\Razer
    2008-07-27 18:05 . 2008-07-27 18:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Razer
    2008-07-27 18:05 . 2008-07-27 18:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-07-27 18:05 . 2001-01-04 10:12 162,900 --------- C:\WINDOWS\system32\drivers\USBICP.sys
    2008-07-27 18:05 . 2007-01-23 16:17 77,824 --a------ C:\WINDOWS\system32\ReclusaR.cpl
    2008-07-27 18:05 . 2007-01-18 09:21 41,984 --a------ C:\WINDOWS\system32\drivers\RecFltr.sys
    2008-07-27 17:33 . 2008-08-06 00:57 8 --a------ C:\WINDOWS\system32\nvModes.dat
    2008-07-27 17:32 . 2008-07-27 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-07-27 17:08 . 2008-07-27 17:08 <REP> d-------- C:\Program Files\LG Soft India
    2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
    2008-07-10 12:20 . 2008-08-08 00:36 136,888 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-08 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
    2008-08-08 10:02 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-08-08 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab
    2008-08-07 22:36 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-08-07 14:37 --------- d-----w C:\Program Files\eMule
    2008-08-06 23:55 --------- d-----w C:\Program Files\PokerStars
    2008-08-06 10:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-06 10:05 --------- d-----w C:\Program Files\Warcraft III
    2008-08-03 11:46 --------- d-----w C:\Program Files\VCW VicMan's Photo Editor
    2008-07-29 06:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
    2008-07-21 18:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xfire
    2008-07-21 15:15 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-07-14 00:41 --------- d-----w C:\Program Files\Xfire
    2008-07-09 22:37 --------- d-----w C:\Program Files\AdVantage
    2008-07-04 05:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Hamachi
    2008-07-03 16:11 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-07-03 16:11 --------- d-----w C:\Program Files\Hamachi
    2008-06-26 20:10 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
    2008-06-26 15:25 2,829 ----a-w C:\WINDOWS\War3Unin.pif
    2008-06-26 15:25 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-06-26 12:12 --------- d-----w C:\Program Files\TmSunrise
    2008-06-26 11:18 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-06-26 08:24 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-06-26 08:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools
    2008-06-23 09:38 --------- d-----w C:\Program Files\TmUnitedForever
    2008-06-22 11:28 --------- d-----w C:\Program Files\Logitech
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 18:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HP
    2008-06-14 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
    2008-06-14 18:14 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-06-14 18:13 --------- d-----w C:\Program Files\HP
    2008-06-14 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
    2008-06-14 18:13 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HPAppData
    2008-06-14 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    2008-06-14 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
    2008-06-14 18:06 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-14 11:17 1,300 ----a-w C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
    2008-06-10 10:33 150,568 ----a-w C:\WINDOWS\system32\drivers\mv61xx.sys
    2008-05-26 09:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
    2008-05-19 11:51 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-05-19 11:12 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
    2008-05-16 12:39 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2006-06-24 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-12 21:05 68856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "X'nBeep"="C:\Program Files\X'nBeep 1.1\XnBeep.exe" [2007-01-06 23:37 1067520]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-27 17:06 180269]
    "Ovt Wia"="C:\WINDOWS\OV530EM.exe" [2007-04-11 11:36 32768]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
    "Reclusa"="C:\Program Files\Razer\Reclusa\razerhid.exe" [2007-06-18 17:14 167936]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 23:50 221184]
    "Six Engine"="C:\Program Files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 01:06 5964800]
    "razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-10-08 16:27 155648]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
    "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
    "nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 14:39 16862720 C:\WINDOWS\RTHDCPL.exe]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-30 10:16:15 113664]
    E-Color.lnk - C:\Program Files\E-Color\Common\IconMgr.exe [2008-03-04 20:42:42 61440]
    forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe [2008-07-27 17:08:36 1064960]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\TrackMania United\\TmUnited.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
    "C:\\Program Files\\webcamXP\\webcamXP.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\eChanblard\\emule.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\TmSunrise\\tmsunrise.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

    R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-06-10 12:33]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 17:54]
    R3 LGDDCDevice;LGDDCDevice;C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [2007-11-20 10:07]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]
    R3 ovt530;USB PC CAMERA;C:\WINDOWS\system32\Drivers\ov530vid.sys [2006-04-09 21:33]
    R3 RecFltr;Reclusa Keyboard;C:\WINDOWS\system32\Drivers\RecFltr.sys [2007-01-18 09:21]
    S3 LGII2CDevice;LGII2CDevice;C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [2007-11-20 10:07]
    S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-12-05 08:27]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - E:\Directx\dxsetup.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - MBAMSWISSARMY
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-08 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-PCDrProfiler - (no file)

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\wra4c8ao.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-stage6&p=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-08 14:15:19
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\HookShield.dll
    -> C:\WINDOWS\system32\Auxiliary.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\HookShield.dll
    -> C:\WINDOWS\system32\Auxiliary.dll

    PROCESS: C:\WINDOWS\system32\csrss.exe
    -> C:\WINDOWS\system32\HookShield.dll
    -> C:\WINDOWS\system32\Auxiliary.dll
    .
    Temps d'accomplissement: 2008-08-08 14:15:58
    ComboFix-quarantined-files.txt 2008-08-08 12:15:56

    Pre-Run: 116,422,864,896 octets libres
    Post-Run: 116,407,476,224 octets libres

    270 --- E O F --- 2008-08-07 07:35:45
    0
  8. typster1801
     
    je précise que le message erreur arrive quand je lance un jeu video, et que je tout marchait tres bien avant que je fasse la mise a jour de ma carte graphique nvidia geforce 8600gt
    je suis sous xp 32bit, voilou
    ps : j'ai suivi les étapes mais je ne comprends pas ce que j'ai fait lol
    0
  9. typster1801
     
    ok probleme résolu thx a lot!!
    0