Probleme avec les moteurs de recherche
Fermé
fazzouz
Messages postés
7
Date d'inscription
mardi 18 septembre 2007
Statut
Membre
Dernière intervention
12 septembre 2008
-
10 sept. 2008 à 00:13
fazzouz Messages postés 7 Date d'inscription mardi 18 septembre 2007 Statut Membre Dernière intervention 12 septembre 2008 - 12 sept. 2008 à 23:31
fazzouz Messages postés 7 Date d'inscription mardi 18 septembre 2007 Statut Membre Dernière intervention 12 septembre 2008 - 12 sept. 2008 à 23:31
A voir également:
- Probleme avec les moteurs de recherche
- Recherche automatique des chaînes ne fonctionne pas - Guide
- Consultez le code source de cette page. copiez la ligne qui indique aux moteurs de recherche de ne pas référencer la page. - Forum Réseaux sociaux
- Copiez la ligne qui indique aux moteurs de recherche de ne pas référencer la page. ✓ - Forum Google Chrome
- Google moteur de recherche page d'accueil - Guide
- Probleme recherche chaine tv tcl - Forum TV & Vidéo
2 réponses
Utilisateur anonyme
10 sept. 2008 à 07:56
10 sept. 2008 à 07:56
Bonjour
Une petite vérification ..
Télécharge HijackThis sur ton Bureau ou dans tes documents:
---> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Fais un clic droit sur le programme, choisis "Renommer", donne lui un autre nom, exemple : blabla.exe
Ensuite, double-clic sur HijackThis puis en bas de la fenêtre clci sur "I accept"
Clic sur "do a system scan and save logfile"
Puis copie et colle le rapport ici
Si besoin d'aide pour HijackThis.
Une petite vérification ..
Télécharge HijackThis sur ton Bureau ou dans tes documents:
---> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Fais un clic droit sur le programme, choisis "Renommer", donne lui un autre nom, exemple : blabla.exe
Ensuite, double-clic sur HijackThis puis en bas de la fenêtre clci sur "I accept"
Clic sur "do a system scan and save logfile"
Puis copie et colle le rapport ici
Si besoin d'aide pour HijackThis.
Utilisateur anonyme
12 sept. 2008 à 23:07
12 sept. 2008 à 23:07
Tu es infecté !
La suite :
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web, anti-virus et connexion Internet avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
La suite :
Télécharge ComboFix
---> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ferme ton navigateur web, anti-virus et connexion Internet avant d'exécuter ce programme
Double-clic dessus et appuye sur "1" pour continuer
Attends quelques minutes..
Un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp
fazzouz
Messages postés
7
Date d'inscription
mardi 18 septembre 2007
Statut
Membre
Dernière intervention
12 septembre 2008
12 sept. 2008 à 23:31
12 sept. 2008 à 23:31
ComboFix 08-09-11.02 - amine 2008-09-12 22:24:31.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.352.1036.18.786 [GMT 1:00]
Endroit: D:\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMc3f2cdf9.txt
C:\WINDOWS\BMc3f2cdf9.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbkffxoo.dll
C:\WINDOWS\system32\BLkmmUvw.ini
C:\WINDOWS\system32\BLkmmUvw.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\scmhost.exe
C:\WINDOWS\system32\tbjjnbbc.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvUkhFxX.dll
C:\WINDOWS\system32\yerntqoi.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 17:26 . 2008-09-05 17:26 <REP> d-------- C:\WINDOWS\Google Earth Pro 4.2
2008-08-31 22:17 . 2008-08-31 22:17 3,869 --a------ C:\WINDOWS\imsins.BAK
2008-08-31 22:06 . 2008-08-31 22:06 <REP> d-------- C:\Documents and Settings\amine\Application Data\TuneUp Software
2008-08-31 22:06 . 2008-08-31 22:06 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-31 22:06 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-31 22:05 . 2008-08-31 22:06 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-31 22:05 . 2008-08-31 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-31 22:04 . 2008-08-31 22:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-31 20:16 . 2008-08-31 20:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-08-31 18:56 . 2008-08-31 18:56 <REP> d-------- C:\Program Files\Alwil Software
2008-08-30 17:41 . 2008-08-31 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-30 12:21 . 2008-08-30 12:26 47,476 --a------ C:\WINDOWS\desctemp.dat
2008-08-29 17:03 . 2008-09-12 21:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 21:38 . 2008-08-29 16:55 <REP> d-------- C:\Program Files\LimeWire Acceleration Patch
2008-08-28 13:12 . 2008-08-28 14:08 <REP> d-------- C:\Program Files\America's Army
2008-08-23 07:30 . 2008-08-23 07:30 <REP> d-------- C:\Documents and Settings\amine\Application Data\Zoner
2008-08-20 22:14 . 2008-08-20 22:14 <REP> d-------- C:\Program Files\Seagrand
2008-08-20 22:10 . 2008-08-20 22:13 <REP> d-------- C:\Mng
2008-08-18 18:03 . 2008-08-18 18:03 <REP> d-------- C:\Program Files\TryMedia
2008-08-18 11:59 . 2008-08-30 23:28 261 --a------ C:\WINDOWS\popcinfo.dat
2008-08-18 11:50 . 2008-08-18 11:53 <REP> d-------- C:\Program Files\PopCap Games
2008-08-15 15:54 . 2008-08-15 15:56 2,359,350 --a------ C:\WINDOWS\wallpaper.bmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 21:26 --------- d-----w C:\Documents and Settings\amine\Application Data\uTorrent
2008-09-12 21:26 --------- d-----w C:\Documents and Settings\amine\Application Data\Free Download Manager
2008-09-12 20:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 21:38 --------- d-----w C:\Program Files\SpeedFan
2008-08-31 18:07 --------- d-----w C:\Program Files\FMV5
2008-08-31 17:17 --------- d-----w C:\Program Files\EPSON
2008-08-28 20:41 --------- d-----w C:\Documents and Settings\amine\Application Data\LimeWire
2008-08-28 12:36 --------- d-----w C:\Documents and Settings\amine\Application Data\DMCache
2008-08-17 19:47 --------- d-----w C:\Program Files\Free Download Manager
2008-08-17 19:45 --------- d-----w C:\Program Files\DivX
2008-08-17 13:08 --------- d-----w C:\Program Files\Total Video Converter
2008-08-15 20:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-30 21:25 --------- d-----w C:\Documents and Settings\amine\Application Data\Apple Computer
2008-07-29 22:17 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-07-29 22:17 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-29 22:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-29 22:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-28 19:04 --------- d-----w C:\Documents and Settings\amine\Application Data\Media Player Classic
2008-07-28 11:03 --------- d-----w C:\Documents and Settings\amine\Application Data\Softplicity
2008-07-28 11:02 --------- d-----w C:\Program Files\TotalAudioConverter
2008-07-25 22:11 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-24 20:43 --------- d-----w C:\Program Files\NoAdware5.0
2008-07-21 20:00 --------- d-----w C:\Documents and Settings\amine\Application Data\Leadertech
2008-07-21 19:37 --------- d-----w C:\Program Files\Graphex3
2008-07-19 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-19 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Particles
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 16:34 --------- d-----w C:\Program Files\Photodex Presenter
2008-07-18 16:34 --------- d-----w C:\Program Files\Photodex
2008-07-18 16:34 --------- d-----w C:\Documents and Settings\amine\Application Data\Netscape
2008-07-18 16:33 --------- d-----w C:\Documents and Settings\amine\Application Data\Photodex
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Free Download Manager"="D:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv50"= C:\WINDOWS\ir50_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMc3f2cdf9"=Rundll32.exe "C:\WINDOWS\system32\bbkffxoo.dll",s
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\PopCap Games\\Bejeweled Deluxe 1.861\\WinBej.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2008-06-11 446464]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2005-07-11 18004]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-31 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{A0ED1495-7460-4191-A95A-2521E994BB0C} - (no file)
BHO-{E2CAA460-C8C8-4584-8AC9-62AC66425204} - (no file)
HKLM-Run-BMc3f2cdf9 - C:\WINDOWS\system32\yerntqoi.dll
HKLM-RunServices-VGA Driver - scmhost.exe
ShellExecuteHooks-{A0ED1495-7460-4191-A95A-2521E994BB0C} - (no file)
Notify-efcAQJdc - efcAQJdc.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\amine\Application Data\Mozilla\Firefox\Profiles\rtsizigf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Documents and Settings\amine\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 22:28:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-12 22:32:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 21:32:32
Pre-Run: 5,481,766,912 octets libres
Post-Run: 5,421,330,432 octets libres
185 --- E O F --- 2008-08-16 20:51:21
Microsoft Windows XP Professionnel 5.1.2600.2.1252.352.1036.18.786 [GMT 1:00]
Endroit: D:\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMc3f2cdf9.txt
C:\WINDOWS\BMc3f2cdf9.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bbkffxoo.dll
C:\WINDOWS\system32\BLkmmUvw.ini
C:\WINDOWS\system32\BLkmmUvw.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\scmhost.exe
C:\WINDOWS\system32\tbjjnbbc.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvUkhFxX.dll
C:\WINDOWS\system32\yerntqoi.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 17:26 . 2008-09-05 17:26 <REP> d-------- C:\WINDOWS\Google Earth Pro 4.2
2008-08-31 22:17 . 2008-08-31 22:17 3,869 --a------ C:\WINDOWS\imsins.BAK
2008-08-31 22:06 . 2008-08-31 22:06 <REP> d-------- C:\Documents and Settings\amine\Application Data\TuneUp Software
2008-08-31 22:06 . 2008-08-31 22:06 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-31 22:06 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-31 22:05 . 2008-08-31 22:06 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-31 22:05 . 2008-08-31 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-31 22:04 . 2008-08-31 22:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-31 20:16 . 2008-08-31 20:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-08-31 18:56 . 2008-08-31 18:56 <REP> d-------- C:\Program Files\Alwil Software
2008-08-30 17:41 . 2008-08-31 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-30 12:21 . 2008-08-30 12:26 47,476 --a------ C:\WINDOWS\desctemp.dat
2008-08-29 17:03 . 2008-09-12 21:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 21:38 . 2008-08-29 16:55 <REP> d-------- C:\Program Files\LimeWire Acceleration Patch
2008-08-28 13:12 . 2008-08-28 14:08 <REP> d-------- C:\Program Files\America's Army
2008-08-23 07:30 . 2008-08-23 07:30 <REP> d-------- C:\Documents and Settings\amine\Application Data\Zoner
2008-08-20 22:14 . 2008-08-20 22:14 <REP> d-------- C:\Program Files\Seagrand
2008-08-20 22:10 . 2008-08-20 22:13 <REP> d-------- C:\Mng
2008-08-18 18:03 . 2008-08-18 18:03 <REP> d-------- C:\Program Files\TryMedia
2008-08-18 11:59 . 2008-08-30 23:28 261 --a------ C:\WINDOWS\popcinfo.dat
2008-08-18 11:50 . 2008-08-18 11:53 <REP> d-------- C:\Program Files\PopCap Games
2008-08-15 15:54 . 2008-08-15 15:56 2,359,350 --a------ C:\WINDOWS\wallpaper.bmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 21:26 --------- d-----w C:\Documents and Settings\amine\Application Data\uTorrent
2008-09-12 21:26 --------- d-----w C:\Documents and Settings\amine\Application Data\Free Download Manager
2008-09-12 20:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 21:38 --------- d-----w C:\Program Files\SpeedFan
2008-08-31 18:07 --------- d-----w C:\Program Files\FMV5
2008-08-31 17:17 --------- d-----w C:\Program Files\EPSON
2008-08-28 20:41 --------- d-----w C:\Documents and Settings\amine\Application Data\LimeWire
2008-08-28 12:36 --------- d-----w C:\Documents and Settings\amine\Application Data\DMCache
2008-08-17 19:47 --------- d-----w C:\Program Files\Free Download Manager
2008-08-17 19:45 --------- d-----w C:\Program Files\DivX
2008-08-17 13:08 --------- d-----w C:\Program Files\Total Video Converter
2008-08-15 20:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-30 21:25 --------- d-----w C:\Documents and Settings\amine\Application Data\Apple Computer
2008-07-29 22:17 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-07-29 22:17 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-29 22:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-29 22:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-28 19:04 --------- d-----w C:\Documents and Settings\amine\Application Data\Media Player Classic
2008-07-28 11:03 --------- d-----w C:\Documents and Settings\amine\Application Data\Softplicity
2008-07-28 11:02 --------- d-----w C:\Program Files\TotalAudioConverter
2008-07-25 22:11 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-24 20:43 --------- d-----w C:\Program Files\NoAdware5.0
2008-07-21 20:00 --------- d-----w C:\Documents and Settings\amine\Application Data\Leadertech
2008-07-21 19:37 --------- d-----w C:\Program Files\Graphex3
2008-07-19 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-19 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Particles
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 16:34 --------- d-----w C:\Program Files\Photodex Presenter
2008-07-18 16:34 --------- d-----w C:\Program Files\Photodex
2008-07-18 16:34 --------- d-----w C:\Documents and Settings\amine\Application Data\Netscape
2008-07-18 16:33 --------- d-----w C:\Documents and Settings\amine\Application Data\Photodex
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Free Download Manager"="D:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 2474031]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv50"= C:\WINDOWS\ir50_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMc3f2cdf9"=Rundll32.exe "C:\WINDOWS\system32\bbkffxoo.dll",s
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\PopCap Games\\Bejeweled Deluxe 1.861\\WinBej.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe [2008-06-11 446464]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\slnt.sys [2005-07-11 18004]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-31 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{A0ED1495-7460-4191-A95A-2521E994BB0C} - (no file)
BHO-{E2CAA460-C8C8-4584-8AC9-62AC66425204} - (no file)
HKLM-Run-BMc3f2cdf9 - C:\WINDOWS\system32\yerntqoi.dll
HKLM-RunServices-VGA Driver - scmhost.exe
ShellExecuteHooks-{A0ED1495-7460-4191-A95A-2521E994BB0C} - (no file)
Notify-efcAQJdc - efcAQJdc.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\amine\Application Data\Mozilla\Firefox\Profiles\rtsizigf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Documents and Settings\amine\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 22:28:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-12 22:32:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 21:32:32
Pre-Run: 5,481,766,912 octets libres
Post-Run: 5,421,330,432 octets libres
185 --- E O F --- 2008-08-16 20:51:21
12 sept. 2008 à 22:46
Scan saved at 21:50:32, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\scmhost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\bla.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A0ED1495-7460-4191-A95A-2521E994BB0C} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {E2CAA460-C8C8-4584-8AC9-62AC66425204} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VGA Driver] scmhost.exe
O4 - HKLM\..\Run: [BMc3f2cdf9] Rundll32.exe "C:\WINDOWS\system32\yerntqoi.dll",s
O4 - HKLM\..\RunServices: [VGA Driver] scmhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "D:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{89A70DFB-657E-4AB0-B36C-28D1CC86A446}: NameServer = 41.221.20.4 193.251.169.165
O20 - Winlogon Notify: efcAQJdc - efcAQJdc.dll (file missing)
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe