Un virus coriace .. (Besoin d'aide Merci) - Page 2
Résolu
Précédent
- 1
- 2
Ok d'accord & merci =) pour R-Host je viens de le faire il me dit rien de spécial pour combofix je m'en occupe tout de suite !
Rhost ne te dis rien, mais si tu fais un scan avec Hijackthis, tu pourras voir que ton fichier HOST à été réparé. Comment le voir ? simple, tes lignes O1 ne sont plus là, ou du moins il y en a plus autant.
ComboFix 08-09-01.05 - Yoann_2 2008-09-03 15:51:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00]
Endroit: C:\Documents and Settings\Yoann_2\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\#SharedObjects\XVQSTDER\bin.clearspring.com
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\#SharedObjects\XVQSTDER\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\#SharedObjects\W7ZLNBZN\bin.clearspring.com
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\#SharedObjects\W7ZLNBZN\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
.
2008-09-03 15:21 . 2008-09-03 15:21 268 --ah----- C:\sqmdata07.sqm
2008-09-03 15:21 . 2008-09-03 15:21 244 --ah----- C:\sqmnoopt07.sqm
2008-09-03 01:22 . 2008-09-03 01:22 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Malwarebytes
2008-09-03 01:20 . 2008-09-03 01:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 01:20 . 2008-09-03 01:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-03 01:20 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-03 01:20 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 01:08 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-03 01:08 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-03 01:08 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-03 01:08 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-03 01:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-03 01:08 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-03 01:08 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-03 01:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-03 01:08 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-03 01:08 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-03 00:52 . 2008-09-03 15:03 1,596 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-03 00:23 . 2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-02 20:39 . 2008-09-02 20:39 <REP> d-------- C:\Program Files\Trend Micro
2008-09-02 20:26 . 2008-09-02 20:28 <REP> d-------- C:\Documents and Settings\Yoann_2\.housecall6.6
2008-09-02 18:44 . 2008-09-02 18:44 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-02 17:49 . 2004-08-20 01:09 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-02 17:48 . 2004-08-20 01:09 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2008-09-02 17:47 . 2004-08-20 01:09 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-01 09:09 . 2003-09-05 16:59 270,336 -ra------ C:\WINDOWS\system32\nvrstr.dll
2008-09-01 09:09 . 2003-09-05 16:59 270,336 -ra------ C:\WINDOWS\system32\nvrssl.dll
2008-09-01 09:09 . 2003-09-05 16:59 266,240 -ra------ C:\WINDOWS\system32\nvrssv.dll
2008-09-01 09:09 . 2003-09-05 16:59 221,184 -ra------ C:\WINDOWS\system32\nvrszht.dll
2008-09-01 09:09 . 2003-09-05 16:59 221,184 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2008-09-01 09:09 . 2003-09-05 16:59 167,936 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2008-09-01 09:09 . 2003-09-05 16:59 163,840 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2008-09-01 09:09 . 2003-09-05 16:59 159,744 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2008-09-01 09:09 . 2003-09-05 16:59 155,648 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2008-09-01 09:09 . 2003-09-05 16:59 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2008-09-01 09:09 . 2003-09-05 16:59 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2008-08-31 21:37 . 2008-08-31 21:37 1,099,839 --a------ C:\WINDOWS\system32\TmpA2198431
2008-08-31 20:20 . 2008-08-31 20:20 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\DivX
2008-08-31 16:27 . 2008-08-31 16:27 <REP> d---s---- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\UserData
2008-08-31 16:14 . 2008-08-31 16:14 1,099,839 --a------ C:\WINDOWS\system32\TmpA792349
2008-08-31 14:50 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-08-31 12:13 . 2008-08-31 12:13 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Bureau
2008-08-31 01:33 . 2008-08-31 01:33 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-30 17:45 . 2008-08-30 17:45 268 --ah----- C:\sqmdata06.sqm
2008-08-30 17:45 . 2008-08-30 17:45 244 --ah----- C:\sqmnoopt06.sqm
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Application Data\SUPERAntiSpyware.com
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Voisinage r‚seau
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Voisinage d'impression
2008-08-30 15:57 . 2007-05-24 19:42 <REP> d--h----- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\ModŠles
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Mes documents
2008-08-30 15:57 . 2007-05-24 20:27 <REP> dr------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Menu D‚marrer
2008-08-30 15:57 . 2008-08-31 16:26 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Favoris
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Bureau
2008-08-30 15:57 . 2008-08-31 16:27 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD
2008-08-29 18:09 . 2008-08-29 18:09 268 --ah----- C:\sqmdata05.sqm
2008-08-29 18:09 . 2008-08-29 18:09 244 --ah----- C:\sqmnoopt05.sqm
2008-08-26 15:29 . 2008-08-26 15:29 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Deckadance
2008-08-26 14:52 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-08-26 14:51 . 2008-08-26 14:51 <REP> d-------- C:\Program Files\Outsim
2008-08-21 01:34 . 2008-08-21 02:02 23 --a------ C:\WINDOWS\popcinfot.dat
2008-08-21 00:36 . 2008-08-26 07:47 <REP> d-------- C:\Program Files\Steam
2008-08-18 22:34 . 2008-08-18 22:34 <REP> d-------- C:\WINDOWS\nvidia icons
2008-08-18 22:34 . 2008-05-03 05:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-18 22:34 . 2008-08-31 12:18 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-18 22:34 . 2008-05-03 05:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-18 07:05 . 2008-08-18 07:05 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-08-15 13:57 . 2008-08-30 15:45 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\DNA
2008-08-15 03:35 . 2008-08-15 03:35 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\AdobeUM
2008-08-13 17:56 . 2008-08-13 17:56 268 --ah----- C:\sqmdata04.sqm
2008-08-13 17:56 . 2008-08-13 17:56 244 --ah----- C:\sqmnoopt04.sqm
2008-08-11 16:30 . 2008-08-11 16:30 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\SUPERAntiSpyware.com
2008-08-08 20:01 . 2008-08-08 20:01 268 --ah----- C:\sqmdata03.sqm
2008-08-08 20:01 . 2008-08-08 20:01 244 --ah----- C:\sqmnoopt03.sqm
2008-08-08 17:19 . 2008-08-08 17:19 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Media Player Classic
2008-08-08 17:19 . 2008-08-08 17:19 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\DivX
2008-08-08 17:18 . 2008-08-08 17:18 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\vlc
2008-08-08 17:09 . 2008-08-08 17:09 1,099,839 --a------ C:\WINDOWS\system32\TmpA3107638
2008-08-08 16:57 . 2008-08-08 16:57 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Ableton
2008-08-08 16:57 . 2008-08-08 16:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
2008-08-08 16:52 . 2008-08-08 16:52 <REP> d-------- C:\Documents and Settings\Yoann_2\Contacts
2008-08-08 16:28 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Yoann_2\Voisinage r‚seau
2008-08-08 16:28 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Yoann_2\Voisinage d'impression
2008-08-08 16:28 . 2007-05-24 19:42 <REP> d--h----- C:\Documents and Settings\Yoann_2\ModŠles
2008-08-08 16:28 . 2008-09-03 00:31 <REP> dr------- C:\Documents and Settings\Yoann_2\Mes documents
2008-08-08 16:28 . 2008-08-31 11:22 <REP> dr------- C:\Documents and Settings\Yoann_2\Menu D‚marrer
2008-08-08 16:28 . 2008-09-03 15:32 <REP> dr------- C:\Documents and Settings\Yoann_2\Favoris
2008-08-08 16:28 . 2008-09-03 15:30 <REP> d-------- C:\Documents and Settings\Yoann_2\Bureau
2008-08-08 16:28 . 2008-09-03 15:41 <REP> d-------- C:\Documents and Settings\Yoann_2
2008-08-08 16:28 . 2008-08-08 16:28 268 --ah----- C:\sqmdata02.sqm
2008-08-08 16:28 . 2008-08-08 16:28 244 --ah----- C:\sqmnoopt02.sqm
2008-08-08 16:11 . 2004-08-20 01:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-08-08 16:11 . 2001-08-23 17:47 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-08-08 16:11 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-08-08 16:11 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-08-08 16:11 . 2004-08-04 07:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-08-08 16:11 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-08-08 16:11 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-08-08 16:11 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-08-08 16:09 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-08 16:08 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-08-08 16:07 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-08 16:06 . 2003-09-05 16:59 1,344,219 -ra------ C:\WINDOWS\system32\drivers\OLD471.tmp
2008-08-08 16:05 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-08-08 16:04 . 2001-08-23 17:00 728,554 --a--c--- C:\WINDOWS\system32\dllcache\ltck000c.sys
2008-08-08 16:03 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-08-08 16:02 . 2001-08-23 17:13 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-08-08 16:01 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-08-08 16:00 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-08-08 15:59 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-08 15:58 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-08-08 15:02 . 2008-08-08 15:02 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 15:02 . 2008-08-08 15:02 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-08 15:02 . 2008-08-08 15:02 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-08-08 14:52 . 2008-08-08 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-08-06 22:37 . 2008-08-06 22:37 4 --a------ C:\WINDOWS\system32\qwolt.pdg
2008-08-06 22:36 . 2008-08-06 22:36 <REP> d-------- C:\Program Files\Flop
2008-08-05 02:35 . 2008-08-05 02:35 1,099,839 --a------ C:\WINDOWS\system32\TmpA8637039
2008-08-04 22:23 . 2008-08-04 22:23 1,099,839 --a------ C:\WINDOWS\system32\TmpA37073679
2008-08-04 22:14 . 2008-08-04 22:14 1,099,839 --a------ C:\WINDOWS\system32\TmpA36559810
2008-08-04 22:05 . 2008-08-04 22:05 1,099,839 --a------ C:\WINDOWS\system32\TmpA35982970
2008-08-04 19:40 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-08-04 19:39 . 2005-11-03 12:17 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-08-04 14:54 . 2008-08-04 14:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-08-04 14:54 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-08-04 14:54 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 13:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 18:13 --------- d-----w C:\Program Files\MSN Messenger
2008-08-31 19:49 --------- d-----w C:\Program Files\CamStudio
2008-08-29 16:40 1,310,513 ----a-r C:\Program Files\Microsoft Money 2008.mbf
2008-08-29 16:40 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-15 01:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-08 14:51 --------- d-----w C:\Program Files\VirtualDJ
2008-07-29 17:35 1,216,246 ----a-r C:\Program Files\Microsoft Money 2005 09-05-8.mbf
2008-07-23 17:02 --------- d-----w C:\Program Files\Java
2008-07-20 18:12 --------- d-----w C:\Program Files\AdVantage
2008-07-20 18:11 --------- d-----w C:\Program Files\Webteh
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-16 22:11 --------- d-----w C:\Program Files\Common Files
2008-05-07 15:28 1,206,364 ----a-r C:\Program Files\Microsoft Money 2005 29-02-2008.mbf
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-20 1667584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-09-05 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-05 4841472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-09-05 49152]
"nwiz"="nwiz.exe" [2003-09-05 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
S3 XDva129;XDva129;C:\WINDOWS\system32\XDva129.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CaDownloader - C:\Documents and Settings\Yoann_2\Mes documents\Mes téléchargements\SpringDownloader.exe
HKLM-Run-Ins3DT - D:\INSTALL4\INS3DT.EXE
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoWeather - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://g.live.com/9uxp9en-us/hpg_lnk1
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {8AFC2AD4-64F4-48DA-9A21-AF3920798D7D} - hxxp://eslgameplazza.powerchallenge.com/applet/PowerFootballLoader.CAB
C:\WINDOWS\Downloaded Program Files\PowerFootballLoader.INF
C:\WINDOWS\system32\msvbvm60.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\comcat.dll
C:\WINDOWS\system32\MSINET.OCX
C:\WINDOWS\Downloaded Program Files\PowerFootballLoader.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 15:55:51
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-03 16:04:58 - machine was rebooted [Yoann_2]
ComboFix-quarantined-files.txt 2008-09-03 14:04:54
Pre-Run: 28,305,813,504 octets libres
Post-Run: 28,297,392,128 octets libres
269 --- E O F --- 2008-09-02 16:21:53
-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:47, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AFC2AD4-64F4-48DA-9A21-AF3920798D7D} (PowerFootball.Loader) - http://eslgameplazza.powerchallenge.com/applet/PowerFootballLoader.CAB
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00]
Endroit: C:\Documents and Settings\Yoann_2\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\#SharedObjects\XVQSTDER\bin.clearspring.com
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\#SharedObjects\XVQSTDER\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Yoann_2\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\#SharedObjects\W7ZLNBZN\bin.clearspring.com
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\#SharedObjects\W7ZLNBZN\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Zora.SWARTVAG-IZ0HHD\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Service_TDSSserv
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
.
2008-09-03 15:21 . 2008-09-03 15:21 268 --ah----- C:\sqmdata07.sqm
2008-09-03 15:21 . 2008-09-03 15:21 244 --ah----- C:\sqmnoopt07.sqm
2008-09-03 01:22 . 2008-09-03 01:22 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Malwarebytes
2008-09-03 01:20 . 2008-09-03 01:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 01:20 . 2008-09-03 01:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-03 01:20 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-03 01:20 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 01:08 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-03 01:08 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-03 01:08 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-03 01:08 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-03 01:08 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-03 01:08 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-03 01:08 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-03 01:08 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-03 01:08 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-03 01:08 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-03 00:52 . 2008-09-03 15:03 1,596 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-03 00:23 . 2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-02 20:39 . 2008-09-02 20:39 <REP> d-------- C:\Program Files\Trend Micro
2008-09-02 20:26 . 2008-09-02 20:28 <REP> d-------- C:\Documents and Settings\Yoann_2\.housecall6.6
2008-09-02 18:44 . 2008-09-02 18:44 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-02 17:49 . 2004-08-20 01:09 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-09-02 17:48 . 2004-08-20 01:09 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2008-09-02 17:47 . 2004-08-20 01:09 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-09-01 09:09 . 2003-09-05 16:59 270,336 -ra------ C:\WINDOWS\system32\nvrstr.dll
2008-09-01 09:09 . 2003-09-05 16:59 270,336 -ra------ C:\WINDOWS\system32\nvrssl.dll
2008-09-01 09:09 . 2003-09-05 16:59 266,240 -ra------ C:\WINDOWS\system32\nvrssv.dll
2008-09-01 09:09 . 2003-09-05 16:59 221,184 -ra------ C:\WINDOWS\system32\nvrszht.dll
2008-09-01 09:09 . 2003-09-05 16:59 221,184 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2008-09-01 09:09 . 2003-09-05 16:59 167,936 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2008-09-01 09:09 . 2003-09-05 16:59 163,840 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2008-09-01 09:09 . 2003-09-05 16:59 159,744 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2008-09-01 09:09 . 2003-09-05 16:59 155,648 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2008-09-01 09:09 . 2003-09-05 16:59 86,016 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2008-09-01 09:09 . 2003-09-05 16:59 86,016 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2008-08-31 21:37 . 2008-08-31 21:37 1,099,839 --a------ C:\WINDOWS\system32\TmpA2198431
2008-08-31 20:20 . 2008-08-31 20:20 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\DivX
2008-08-31 16:27 . 2008-08-31 16:27 <REP> d---s---- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\UserData
2008-08-31 16:14 . 2008-08-31 16:14 1,099,839 --a------ C:\WINDOWS\system32\TmpA792349
2008-08-31 14:50 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-08-31 12:13 . 2008-08-31 12:13 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT.000\Bureau
2008-08-31 01:33 . 2008-08-31 01:33 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-30 17:45 . 2008-08-30 17:45 268 --ah----- C:\sqmdata06.sqm
2008-08-30 17:45 . 2008-08-30 17:45 244 --ah----- C:\sqmnoopt06.sqm
2008-08-30 15:58 . 2008-08-30 15:58 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Application Data\SUPERAntiSpyware.com
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Voisinage r‚seau
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Voisinage d'impression
2008-08-30 15:57 . 2007-05-24 19:42 <REP> d--h----- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\ModŠles
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Mes documents
2008-08-30 15:57 . 2007-05-24 20:27 <REP> dr------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Menu D‚marrer
2008-08-30 15:57 . 2008-08-31 16:26 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Favoris
2008-08-30 15:57 . 2007-05-24 20:27 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD\Bureau
2008-08-30 15:57 . 2008-08-31 16:27 <REP> d-------- C:\Documents and Settings\Administrateur.SWARTVAG-IZ0HHD
2008-08-29 18:09 . 2008-08-29 18:09 268 --ah----- C:\sqmdata05.sqm
2008-08-29 18:09 . 2008-08-29 18:09 244 --ah----- C:\sqmnoopt05.sqm
2008-08-26 15:29 . 2008-08-26 15:29 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Deckadance
2008-08-26 14:52 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-08-26 14:51 . 2008-08-26 14:51 <REP> d-------- C:\Program Files\Outsim
2008-08-21 01:34 . 2008-08-21 02:02 23 --a------ C:\WINDOWS\popcinfot.dat
2008-08-21 00:36 . 2008-08-26 07:47 <REP> d-------- C:\Program Files\Steam
2008-08-18 22:34 . 2008-08-18 22:34 <REP> d-------- C:\WINDOWS\nvidia icons
2008-08-18 22:34 . 2008-05-03 05:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-18 22:34 . 2008-08-31 12:18 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-18 22:34 . 2008-05-03 05:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-18 07:05 . 2008-08-18 07:05 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-08-15 13:57 . 2008-08-30 15:45 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\DNA
2008-08-15 03:35 . 2008-08-15 03:35 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\AdobeUM
2008-08-13 17:56 . 2008-08-13 17:56 268 --ah----- C:\sqmdata04.sqm
2008-08-13 17:56 . 2008-08-13 17:56 244 --ah----- C:\sqmnoopt04.sqm
2008-08-11 16:30 . 2008-08-11 16:30 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\SUPERAntiSpyware.com
2008-08-08 20:01 . 2008-08-08 20:01 268 --ah----- C:\sqmdata03.sqm
2008-08-08 20:01 . 2008-08-08 20:01 244 --ah----- C:\sqmnoopt03.sqm
2008-08-08 17:19 . 2008-08-08 17:19 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Media Player Classic
2008-08-08 17:19 . 2008-08-08 17:19 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\DivX
2008-08-08 17:18 . 2008-08-08 17:18 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\vlc
2008-08-08 17:09 . 2008-08-08 17:09 1,099,839 --a------ C:\WINDOWS\system32\TmpA3107638
2008-08-08 16:57 . 2008-08-08 16:57 <REP> d-------- C:\Documents and Settings\Yoann_2\Application Data\Ableton
2008-08-08 16:57 . 2008-08-08 16:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ableton
2008-08-08 16:52 . 2008-08-08 16:52 <REP> d-------- C:\Documents and Settings\Yoann_2\Contacts
2008-08-08 16:28 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Yoann_2\Voisinage r‚seau
2008-08-08 16:28 . 2007-05-24 20:27 <REP> d--h----- C:\Documents and Settings\Yoann_2\Voisinage d'impression
2008-08-08 16:28 . 2007-05-24 19:42 <REP> d--h----- C:\Documents and Settings\Yoann_2\ModŠles
2008-08-08 16:28 . 2008-09-03 00:31 <REP> dr------- C:\Documents and Settings\Yoann_2\Mes documents
2008-08-08 16:28 . 2008-08-31 11:22 <REP> dr------- C:\Documents and Settings\Yoann_2\Menu D‚marrer
2008-08-08 16:28 . 2008-09-03 15:32 <REP> dr------- C:\Documents and Settings\Yoann_2\Favoris
2008-08-08 16:28 . 2008-09-03 15:30 <REP> d-------- C:\Documents and Settings\Yoann_2\Bureau
2008-08-08 16:28 . 2008-09-03 15:41 <REP> d-------- C:\Documents and Settings\Yoann_2
2008-08-08 16:28 . 2008-08-08 16:28 268 --ah----- C:\sqmdata02.sqm
2008-08-08 16:28 . 2008-08-08 16:28 244 --ah----- C:\sqmnoopt02.sqm
2008-08-08 16:11 . 2004-08-20 01:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-08-08 16:11 . 2001-08-23 17:47 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-08-08 16:11 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-08-08 16:11 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-08-08 16:11 . 2004-08-04 07:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-08-08 16:11 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-08-08 16:11 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-08-08 16:11 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-08-08 16:09 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-08 16:08 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-08-08 16:07 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-08 16:06 . 2003-09-05 16:59 1,344,219 -ra------ C:\WINDOWS\system32\drivers\OLD471.tmp
2008-08-08 16:05 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-08-08 16:04 . 2001-08-23 17:00 728,554 --a--c--- C:\WINDOWS\system32\dllcache\ltck000c.sys
2008-08-08 16:03 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-08-08 16:02 . 2001-08-23 17:13 634,166 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-08-08 16:01 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-08-08 16:00 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-08-08 15:59 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-08 15:58 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-08-08 15:02 . 2008-08-08 15:02 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 15:02 . 2008-08-08 15:02 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-08 15:02 . 2008-08-08 15:02 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-08-08 14:52 . 2008-08-08 14:52 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-08-06 22:37 . 2008-08-06 22:37 4 --a------ C:\WINDOWS\system32\qwolt.pdg
2008-08-06 22:36 . 2008-08-06 22:36 <REP> d-------- C:\Program Files\Flop
2008-08-05 02:35 . 2008-08-05 02:35 1,099,839 --a------ C:\WINDOWS\system32\TmpA8637039
2008-08-04 22:23 . 2008-08-04 22:23 1,099,839 --a------ C:\WINDOWS\system32\TmpA37073679
2008-08-04 22:14 . 2008-08-04 22:14 1,099,839 --a------ C:\WINDOWS\system32\TmpA36559810
2008-08-04 22:05 . 2008-08-04 22:05 1,099,839 --a------ C:\WINDOWS\system32\TmpA35982970
2008-08-04 19:40 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-08-04 19:39 . 2005-11-03 12:17 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-08-04 14:54 . 2008-08-04 14:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-08-04 14:54 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-08-04 14:54 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 13:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-02 18:13 --------- d-----w C:\Program Files\MSN Messenger
2008-08-31 19:49 --------- d-----w C:\Program Files\CamStudio
2008-08-29 16:40 1,310,513 ----a-r C:\Program Files\Microsoft Money 2008.mbf
2008-08-29 16:40 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-08-15 01:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-08 14:51 --------- d-----w C:\Program Files\VirtualDJ
2008-07-29 17:35 1,216,246 ----a-r C:\Program Files\Microsoft Money 2005 09-05-8.mbf
2008-07-23 17:02 --------- d-----w C:\Program Files\Java
2008-07-20 18:12 --------- d-----w C:\Program Files\AdVantage
2008-07-20 18:11 --------- d-----w C:\Program Files\Webteh
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-16 22:11 --------- d-----w C:\Program Files\Common Files
2008-05-07 15:28 1,206,364 ----a-r C:\Program Files\Microsoft Money 2005 29-02-2008.mbf
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-20 1667584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-09-05 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-05 4841472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-09-05 49152]
"nwiz"="nwiz.exe" [2003-09-05 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
S3 XDva129;XDva129;C:\WINDOWS\system32\XDva129.sys [ ]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CaDownloader - C:\Documents and Settings\Yoann_2\Mes documents\Mes téléchargements\SpringDownloader.exe
HKLM-Run-Ins3DT - D:\INSTALL4\INS3DT.EXE
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoWeather - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://g.live.com/9uxp9en-us/hpg_lnk1
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {8AFC2AD4-64F4-48DA-9A21-AF3920798D7D} - hxxp://eslgameplazza.powerchallenge.com/applet/PowerFootballLoader.CAB
C:\WINDOWS\Downloaded Program Files\PowerFootballLoader.INF
C:\WINDOWS\system32\msvbvm60.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\stdole2.tlb
C:\WINDOWS\system32\comcat.dll
C:\WINDOWS\system32\MSINET.OCX
C:\WINDOWS\Downloaded Program Files\PowerFootballLoader.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 15:55:51
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-03 16:04:58 - machine was rebooted [Yoann_2]
ComboFix-quarantined-files.txt 2008-09-03 14:04:54
Pre-Run: 28,305,813,504 octets libres
Post-Run: 28,297,392,128 octets libres
269 --- E O F --- 2008-09-02 16:21:53
-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:47, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AFC2AD4-64F4-48DA-9A21-AF3920798D7D} (PowerFootball.Loader) - http://eslgameplazza.powerchallenge.com/applet/PowerFootballLoader.CAB
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
Voila =) d'autres choses à faire avant l'installation de Antivir ?
Trés utile et trés compréhensible le site https://www.androidworld.fr/ =D Merci !
Trés utile et trés compréhensible le site https://www.androidworld.fr/ =D Merci !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
je sais...c est le mien ;-)
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
puis tu cliques sur fix checked.
vas aussi faire ces mises à niveau suivantes stp :
adobe reader XP : https://get2.adobe.com/reader/otherversions/
internet explorer 7 : https://www.androidworld.fr/
est ce que tu as encore des problemes ??
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://outlook.live.com/owa/
puis tu cliques sur fix checked.
vas aussi faire ces mises à niveau suivantes stp :
adobe reader XP : https://get2.adobe.com/reader/otherversions/
internet explorer 7 : https://www.androidworld.fr/
est ce que tu as encore des problemes ??
Alors voila je pense que tout est bon =)
J'ai fais toutes les mises à jour Windows & Internet Explorer !
Merci BEAUCOUP à vous deux ! En cas d'autres problèmes je passerai sur ton forum geoffrey5 et ton site reste en favoris ^^ =)
J'ai fais toutes les mises à jour Windows & Internet Explorer !
Merci BEAUCOUP à vous deux ! En cas d'autres problèmes je passerai sur ton forum geoffrey5 et ton site reste en favoris ^^ =)
ok...si tu n as plus de problemes tu peux faire ceci pour terminer stp :
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau :
(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau :
(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Précédent
- 1
- 2
