Probleme virus je pense
Résolu
gilouking
Messages postés
76
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,a tous
voila je viens vers vous car j ai un probleme avec mon pc.
Deja depuis 2 jours je ne peux plus faire de recherche sur le web.En effet quand je lance google pas de probleme mais des que je tappe une information a chercher internet ce bloque et puis plus rien ( de meme sur 01net quand je cherche un logiciel).
de plus quand je suis sur internet j ai une nouvelle page qui apparait avec comme lien
file:///C:/Documents%20and%20Settings/User/ qui sont mes fichier de mon ordi
Donc voila je ne sais pas si c est un virus car nod32 ne trouve rien et ad-ware a deja fait le menage.
merci par avance de votre aide et bonne journée
voila je viens vers vous car j ai un probleme avec mon pc.
Deja depuis 2 jours je ne peux plus faire de recherche sur le web.En effet quand je lance google pas de probleme mais des que je tappe une information a chercher internet ce bloque et puis plus rien ( de meme sur 01net quand je cherche un logiciel).
de plus quand je suis sur internet j ai une nouvelle page qui apparait avec comme lien
file:///C:/Documents%20and%20Settings/User/ qui sont mes fichier de mon ordi
Donc voila je ne sais pas si c est un virus car nod32 ne trouve rien et ad-ware a deja fait le menage.
merci par avance de votre aide et bonne journée
A voir également:
- Probleme virus je pense
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
17 réponses
il fallait faire une sauvegarde à cause deComboFix ssi ton pc devient instable REMERCIE la personne qui t'a mal renseigner.......il faut avoir à faire à des pros pas à des RIGOLOS qui débutent....DOMMAGE POUR TOI...
Salut,
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
merci de ta reponse rapide
je te poste le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40:32, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [14a6e90f] rundll32.exe "C:\WINDOWS\system32\bprlmien.dll",b
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BM1795da93] Rundll32.exe "C:\WINDOWS\system32\nbjghnwb.dll",s
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: qzltsy.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
je te poste le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40:32, on 16/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [14a6e90f] rundll32.exe "C:\WINDOWS\system32\bprlmien.dll",b
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BM1795da93] Rundll32.exe "C:\WINDOWS\system32\nbjghnwb.dll",s
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: qzltsy.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Tu as une infection Vundo.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
ComboFix 08-09-15.02 - User 2008-09-16 9:01:51.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1644 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\User\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BM1795da93.txt
C:\WINDOWS\BM1795da93.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awmiotcv.dll
C:\WINDOWS\system32\bdwkhboj.dll
C:\WINDOWS\system32\bprlmien.dll
C:\WINDOWS\system32\byXQICUO.dll
C:\WINDOWS\system32\cchkvawl.dll
C:\WINDOWS\system32\efcaYroO.dll
C:\WINDOWS\system32\hQAKUvut.ini
C:\WINDOWS\system32\hQAKUvut.ini2
C:\WINDOWS\system32\hvcronpt.dll
C:\WINDOWS\system32\kxpugwvp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mlJAtrqn.dll
C:\WINDOWS\system32\nbjghnwb.dll
C:\WINDOWS\system32\neimlrpb.ini
C:\WINDOWS\system32\nsqknuoc.dll
C:\WINDOWS\system32\qzltsy.dll
C:\WINDOWS\system32\rqRlLBUM.dll
C:\WINDOWS\system32\sajjppjo.dll
C:\WINDOWS\system32\tuvUKAQh.dll
C:\WINDOWS\system32\tvnxfvml.dll
C:\WINDOWS\system32\uxapunpn.ini
C:\WINDOWS\system32\yeocsrwk.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 09:00 . 2008-09-16 09:01 <REP> d-------- C:\WINDOWS\LastGood
2008-09-16 08:40 . 2008-09-16 08:40 <REP> d-------- C:\Program Files\Trend Micro
2008-09-16 08:03 . 2008-09-16 08:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-16 07:58 . 2008-04-13 03:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-16 07:58 . 2008-04-13 04:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-16 07:58 . 2008-09-16 07:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-15 21:53 . 2008-09-15 21:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-14 20:18 . 2008-09-14 20:18 111,616 --a------ C:\WINDOWS\system32\ujqhaf.dll
2008-09-14 20:18 . 2008-09-14 20:18 111,616 --a------ C:\WINDOWS\system32\taxyrcfp.dll
2008-09-14 20:12 . 2008-09-14 20:12 <REP> d-------- C:\Program Files\Folding@Home #01
2008-09-14 19:51 . 2008-09-14 19:51 <REP> dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-09-14 19:51 . 2008-09-14 19:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-14 18:54 . 2008-09-14 18:54 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-09-14 18:30 . 2008-09-14 18:30 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Program Files\SEGA
2008-09-11 18:47 . 2008-09-11 18:47 <REP> d-------- C:\Documents and Settings\User\Application Data\FMZilla
2008-09-09 21:03 . 2008-09-09 21:03 <REP> d-------- C:\Program Files\QuickSFV
2008-09-09 20:59 . 2008-09-09 20:59 <REP> d-------- C:\Program Files\FlashFXP
2008-09-08 21:25 . 2008-09-08 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-09-03 22:05 . 2008-09-03 22:05 <REP> d-------- C:\Program Files\VideoraiPodConverter
2008-09-03 22:05 . 2008-09-15 21:10 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-09-02 13:13 . 2008-09-02 13:19 <REP> d-------- C:\Program Files\thriXXX
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5.3
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-08-28 09:11 . 2008-08-28 19:02 9,532 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-08-28 08:47 . 2008-08-28 08:47 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2008-08-24 21:37 . 2008-08-24 21:37 268 --ah----- C:\sqmdata19.sqm
2008-08-24 21:37 . 2008-08-24 21:37 244 --ah----- C:\sqmnoopt19.sqm
2008-08-24 20:13 . 2008-08-24 20:13 268 --ah----- C:\sqmdata18.sqm
2008-08-24 20:13 . 2008-08-24 20:13 244 --ah----- C:\sqmnoopt18.sqm
2008-08-24 19:44 . 2008-08-24 19:44 268 --ah----- C:\sqmdata17.sqm
2008-08-24 19:44 . 2008-08-24 19:44 244 --ah----- C:\sqmnoopt17.sqm
2008-08-22 19:30 . 2008-08-22 19:30 268 --ah----- C:\sqmdata16.sqm
2008-08-22 19:30 . 2008-08-22 19:30 244 --ah----- C:\sqmnoopt16.sqm
2008-08-22 15:10 . 2008-08-22 15:10 268 --ah----- C:\sqmdata15.sqm
2008-08-22 15:10 . 2008-08-22 15:10 244 --ah----- C:\sqmnoopt15.sqm
2008-08-22 11:04 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\PeerGuardian2
2008-08-21 21:17 . 2008-08-21 21:17 268 --ah----- C:\sqmdata14.sqm
2008-08-21 21:17 . 2008-08-21 21:17 244 --ah----- C:\sqmnoopt14.sqm
2008-08-21 16:07 . 2008-08-21 16:07 268 --ah----- C:\sqmdata13.sqm
2008-08-21 16:07 . 2008-08-21 16:07 244 --ah----- C:\sqmnoopt13.sqm
2008-08-21 07:26 . 2008-08-21 07:26 268 --ah----- C:\sqmdata12.sqm
2008-08-21 07:26 . 2008-08-21 07:26 244 --ah----- C:\sqmnoopt12.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 06:56 --------- d-----w C:\Program Files\Steam
2008-09-14 19:48 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-09-14 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 16:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-14 16:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-14 16:54 22,328 ----a-w C:\Documents and Settings\User\Application Data\PnkBstrK.sys
2008-09-14 16:54 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-02 08:21 --------- d-----w C:\Program Files\eMule
2008-08-30 11:07 --------- d-----w C:\Documents and Settings\User\Application Data\DNA
2008-08-30 09:41 --------- d-----w C:\Program Files\DNA
2008-08-28 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-13 09:20 --------- d-----w C:\Program Files\DivX
2008-08-12 09:50 --------- d-----w C:\Documents and Settings\User\Application Data\Ubisoft
2008-08-12 09:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-12 09:46 --------- d-----w C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-08-12 09:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-12 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-12 09:14 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:56 --------- d-----w C:\Program Files\Google
2008-08-11 10:14 --------- d-----w C:\Program Files\Real
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-08 16:27 --------- d-----w C:\Program Files\ma-config.com
2008-08-08 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-05 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-05 10:11 --------- d-----w C:\Program Files\SlySoft
2008-08-05 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-05 09:57 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-08-04 18:11 --------- d-----w C:\Documents and Settings\User\Application Data\dvdcss
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-20 17:05 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-20 16:49 --------- d-----w C:\Program Files\EA GAMES
2005-09-09 06:13 7,133,925 ----a-w C:\Program Files\f_guide.pdf
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-09-16_ 8.57.45.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-01 06:56:22 39,944 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\eamon.sys
+ 2008-07-01 06:57:14 53,256 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\easdrv.sys
+ 2008-07-01 07:04:40 34,312 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\epfwtdir.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07EFB9FD-B0DA-4CF3-8AC9-6A87511D773E}]
C:\WINDOWS\system32\tuvUKAQh.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10BD1450-DD10-42A9-8E45-921C16E631Ac}]
C:\WINDOWS\system32\kxpugwvp.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217A28A1-DD10-42A9-8E45-921C16E631Ac}]
C:\WINDOWS\system32\kxpugwvp.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42377656-3f45-43b7-81e8-110c101d4561}]
C:\WINDOWS\system32\qzltsy.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F45142-DD10-42A9-8E45-921C16E631Ac}]
C:\WINDOWS\system32\kxpugwvp.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B285F73-F1D3-413C-BB49-91183FFAF9D0}]
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QUTOHOYT\silent.dll[1].bak [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40BAE01-FE5C-478E-AC2E-622AFC8603FA}]
C:\WINDOWS\system32\mlJAtrqn.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 1271032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-11 185896]
"14a6e90f"="C:\WINDOWS\system32\bprlmien.dll" [BU]
"BM1795da93"="C:\WINDOWS\system32\nbjghnwb.dll" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 C:\WINDOWS\RTHDCPL.exe]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 46080]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qzltsy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\gilou91\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 FAH-02;Folding Service #02;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R4 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [ ]
S2 FAH-01;Folding Service #01;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51c4088c-0954-11dd-ad6e-ffa67fb8307c}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
ShellExecuteHooks-{C40BAE01-FE5C-478E-AC2E-622AFC8603FA} - C:\WINDOWS\system32\mlJAtrqn.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\72jjvkgh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#General
FF -: plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\72jjvkgh.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 09:02:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\User\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-09-16 9:03:12
ComboFix-quarantined-files.txt 2008-09-16 07:03:09
Avant-CF: 54,534,565,888 octets libres
AprŠs-CF: 54,522,466,304 octets libres
268 --- E O F --- 2008-06-12 13:22:23
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1644 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\User\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BM1795da93.txt
C:\WINDOWS\BM1795da93.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awmiotcv.dll
C:\WINDOWS\system32\bdwkhboj.dll
C:\WINDOWS\system32\bprlmien.dll
C:\WINDOWS\system32\byXQICUO.dll
C:\WINDOWS\system32\cchkvawl.dll
C:\WINDOWS\system32\efcaYroO.dll
C:\WINDOWS\system32\hQAKUvut.ini
C:\WINDOWS\system32\hQAKUvut.ini2
C:\WINDOWS\system32\hvcronpt.dll
C:\WINDOWS\system32\kxpugwvp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mlJAtrqn.dll
C:\WINDOWS\system32\nbjghnwb.dll
C:\WINDOWS\system32\neimlrpb.ini
C:\WINDOWS\system32\nsqknuoc.dll
C:\WINDOWS\system32\qzltsy.dll
C:\WINDOWS\system32\rqRlLBUM.dll
C:\WINDOWS\system32\sajjppjo.dll
C:\WINDOWS\system32\tuvUKAQh.dll
C:\WINDOWS\system32\tvnxfvml.dll
C:\WINDOWS\system32\uxapunpn.ini
C:\WINDOWS\system32\yeocsrwk.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 09:00 . 2008-09-16 09:01 <REP> d-------- C:\WINDOWS\LastGood
2008-09-16 08:40 . 2008-09-16 08:40 <REP> d-------- C:\Program Files\Trend Micro
2008-09-16 08:03 . 2008-09-16 08:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-16 07:58 . 2008-04-13 03:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-16 07:58 . 2008-04-13 04:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-16 07:58 . 2008-09-16 07:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-15 21:53 . 2008-09-15 21:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-14 20:18 . 2008-09-14 20:18 111,616 --a------ C:\WINDOWS\system32\ujqhaf.dll
2008-09-14 20:18 . 2008-09-14 20:18 111,616 --a------ C:\WINDOWS\system32\taxyrcfp.dll
2008-09-14 20:12 . 2008-09-14 20:12 <REP> d-------- C:\Program Files\Folding@Home #01
2008-09-14 19:51 . 2008-09-14 19:51 <REP> dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-09-14 19:51 . 2008-09-14 19:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-14 18:54 . 2008-09-14 18:54 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-09-14 18:30 . 2008-09-14 18:30 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Program Files\SEGA
2008-09-11 18:47 . 2008-09-11 18:47 <REP> d-------- C:\Documents and Settings\User\Application Data\FMZilla
2008-09-09 21:03 . 2008-09-09 21:03 <REP> d-------- C:\Program Files\QuickSFV
2008-09-09 20:59 . 2008-09-09 20:59 <REP> d-------- C:\Program Files\FlashFXP
2008-09-08 21:25 . 2008-09-08 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-09-03 22:05 . 2008-09-03 22:05 <REP> d-------- C:\Program Files\VideoraiPodConverter
2008-09-03 22:05 . 2008-09-15 21:10 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-09-02 13:13 . 2008-09-02 13:19 <REP> d-------- C:\Program Files\thriXXX
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5.3
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-08-28 09:11 . 2008-08-28 19:02 9,532 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-08-28 08:47 . 2008-08-28 08:47 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2008-08-24 21:37 . 2008-08-24 21:37 268 --ah----- C:\sqmdata19.sqm
2008-08-24 21:37 . 2008-08-24 21:37 244 --ah----- C:\sqmnoopt19.sqm
2008-08-24 20:13 . 2008-08-24 20:13 268 --ah----- C:\sqmdata18.sqm
2008-08-24 20:13 . 2008-08-24 20:13 244 --ah----- C:\sqmnoopt18.sqm
2008-08-24 19:44 . 2008-08-24 19:44 268 --ah----- C:\sqmdata17.sqm
2008-08-24 19:44 . 2008-08-24 19:44 244 --ah----- C:\sqmnoopt17.sqm
2008-08-22 19:30 . 2008-08-22 19:30 268 --ah----- C:\sqmdata16.sqm
2008-08-22 19:30 . 2008-08-22 19:30 244 --ah----- C:\sqmnoopt16.sqm
2008-08-22 15:10 . 2008-08-22 15:10 268 --ah----- C:\sqmdata15.sqm
2008-08-22 15:10 . 2008-08-22 15:10 244 --ah----- C:\sqmnoopt15.sqm
2008-08-22 11:04 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\PeerGuardian2
2008-08-21 21:17 . 2008-08-21 21:17 268 --ah----- C:\sqmdata14.sqm
2008-08-21 21:17 . 2008-08-21 21:17 244 --ah----- C:\sqmnoopt14.sqm
2008-08-21 16:07 . 2008-08-21 16:07 268 --ah----- C:\sqmdata13.sqm
2008-08-21 16:07 . 2008-08-21 16:07 244 --ah----- C:\sqmnoopt13.sqm
2008-08-21 07:26 . 2008-08-21 07:26 268 --ah----- C:\sqmdata12.sqm
2008-08-21 07:26 . 2008-08-21 07:26 244 --ah----- C:\sqmnoopt12.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 06:56 --------- d-----w C:\Program Files\Steam
2008-09-14 19:48 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-09-14 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 16:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-09-14 16:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-14 16:54 22,328 ----a-w C:\Documents and Settings\User\Application Data\PnkBstrK.sys
2008-09-14 16:54 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-02 08:21 --------- d-----w C:\Program Files\eMule
2008-08-30 11:07 --------- d-----w C:\Documents and Settings\User\Application Data\DNA
2008-08-30 09:41 --------- d-----w C:\Program Files\DNA
2008-08-28 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-13 09:20 --------- d-----w C:\Program Files\DivX
2008-08-12 09:50 --------- d-----w C:\Documents and Settings\User\Application Data\Ubisoft
2008-08-12 09:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-12 09:46 --------- d-----w C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-08-12 09:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-12 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-12 09:14 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:56 --------- d-----w C:\Program Files\Google
2008-08-11 10:14 --------- d-----w C:\Program Files\Real
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-08 16:27 --------- d-----w C:\Program Files\ma-config.com
2008-08-08 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-05 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-05 10:11 --------- d-----w C:\Program Files\SlySoft
2008-08-05 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-05 09:57 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-08-04 18:11 --------- d-----w C:\Documents and Settings\User\Application Data\dvdcss
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-20 17:05 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-20 16:49 --------- d-----w C:\Program Files\EA GAMES
2005-09-09 06:13 7,133,925 ----a-w C:\Program Files\f_guide.pdf
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-09-16_ 8.57.45.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-01 06:56:22 39,944 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\eamon.sys
+ 2008-07-01 06:57:14 53,256 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\easdrv.sys
+ 2008-07-01 07:04:40 34,312 ----a-w C:\WINDOWS\LastGood\system32\DRIVERS\epfwtdir.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07EFB9FD-B0DA-4CF3-8AC9-6A87511D773E}]
C:\WINDOWS\system32\tuvUKAQh.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10BD1450-DD10-42A9-8E45-921C16E631Ac}]
C:\WINDOWS\system32\kxpugwvp.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217A28A1-DD10-42A9-8E45-921C16E631Ac}]
C:\WINDOWS\system32\kxpugwvp.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42377656-3f45-43b7-81e8-110c101d4561}]
C:\WINDOWS\system32\qzltsy.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F45142-DD10-42A9-8E45-921C16E631Ac}]
C:\WINDOWS\system32\kxpugwvp.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B285F73-F1D3-413C-BB49-91183FFAF9D0}]
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QUTOHOYT\silent.dll[1].bak [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40BAE01-FE5C-478E-AC2E-622AFC8603FA}]
C:\WINDOWS\system32\mlJAtrqn.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 1271032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-11 185896]
"14a6e90f"="C:\WINDOWS\system32\bprlmien.dll" [BU]
"BM1795da93"="C:\WINDOWS\system32\nbjghnwb.dll" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 C:\WINDOWS\RTHDCPL.exe]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 46080]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qzltsy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\gilou91\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 FAH-02;Folding Service #02;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R4 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [ ]
S2 FAH-01;Folding Service #01;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51c4088c-0954-11dd-ad6e-ffa67fb8307c}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
ShellExecuteHooks-{C40BAE01-FE5C-478E-AC2E-622AFC8603FA} - C:\WINDOWS\system32\mlJAtrqn.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\72jjvkgh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#General
FF -: plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\72jjvkgh.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 09:02:46
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\User\LOCALS~1\Temp\mc21.tmp"
.
Heure de fin: 2008-09-16 9:03:12
ComboFix-quarantined-files.txt 2008-09-16 07:03:09
Avant-CF: 54,534,565,888 octets libres
AprŠs-CF: 54,522,466,304 octets libres
268 --- E O F --- 2008-06-12 13:22:23
Je vais te faire un script.
En attendant, fais ceci :
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
En attendant, fais ceci :
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
voila
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1159
Windows 5.1.2600 Service Pack 2
16/09/2008 09:11:45
mbam-log-2008-09-16 (09-11-45).txt
Type de recherche: Examen rapide
Eléments examinés: 46992
Temps écoulé: 1 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42377656-3f45-43b7-81e8-110c101d4561} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42377656-3f45-43b7-81e8-110c101d4561} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b285f73-f1d3-413c-bb49-91183ffaf9d0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4b285f73-f1d3-413c-bb49-91183ffaf9d0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1795da93 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14a6e90f (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\qzltsy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QUTOHOYT\silent.dll[1].bak (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taxyrcfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujqhaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1159
Windows 5.1.2600 Service Pack 2
16/09/2008 09:11:45
mbam-log-2008-09-16 (09-11-45).txt
Type de recherche: Examen rapide
Eléments examinés: 46992
Temps écoulé: 1 minute(s), 57 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42377656-3f45-43b7-81e8-110c101d4561} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42377656-3f45-43b7-81e8-110c101d4561} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b285f73-f1d3-413c-bb49-91183ffaf9d0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4b285f73-f1d3-413c-bb49-91183ffaf9d0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1795da93 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14a6e90f (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\qzltsy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QUTOHOYT\silent.dll[1].bak (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taxyrcfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujqhaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
---> Relance MBAM, va dans Quarantaine et supprime tout
/!\ Seul gilouking peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\WINDOWS\system32\ujqhaf.dll
C:\WINDOWS\system32\taxyrcfp.dll
C:\WINDOWS\system32\tuvUKAQh.dll
C:\WINDOWS\system32\kxpugwvp.dll
C:\WINDOWS\system32\qzltsy.dll
C:\WINDOWS\system32\mlJAtrqn.dll
C:\WINDOWS\system32\bprlmien.dl
C:\WINDOWS\system32\nbjghnwb.dll
C:\WINDOWS\system32\qzltsy.dll
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QUTOHOYT\silent.dll[1].bak
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt15.sqm
C:\sqmdata15.sqm
C:\sqmnoopt14.sqm
C:\sqmdata14.sqm
C:\sqmnoopt13.sqm
C:\sqmdata13.sqm
C:\sqmdata12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt08.sqm
C:\sqmdata09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07EFB9FD-B0DA-4CF3-8AC9-6A87511D773E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10BD1450-DD10-42A9-8E45-921C16E631Ac}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217A28A1-DD10-42A9-8E45-921C16E631Ac}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42377656-3f45-43b7-81e8-110c101d4561}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F45142-DD10-42A9-8E45-921C16E631Ac}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B285F73-F1D3-413C-BB49-91183FFAF9D0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40BAE01-FE5C-478E-AC2E-622AFC8603FA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"TkBellExe"=-
"14a6e90f"=-
"BM1795da93"=-
"RTHDCPL"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51c4088c-0954-11dd-ad6e-ffa67fb8307c}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
/!\ Seul gilouking peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\WINDOWS\system32\ujqhaf.dll
C:\WINDOWS\system32\taxyrcfp.dll
C:\WINDOWS\system32\tuvUKAQh.dll
C:\WINDOWS\system32\kxpugwvp.dll
C:\WINDOWS\system32\qzltsy.dll
C:\WINDOWS\system32\mlJAtrqn.dll
C:\WINDOWS\system32\bprlmien.dl
C:\WINDOWS\system32\nbjghnwb.dll
C:\WINDOWS\system32\qzltsy.dll
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QUTOHOYT\silent.dll[1].bak
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt15.sqm
C:\sqmdata15.sqm
C:\sqmnoopt14.sqm
C:\sqmdata14.sqm
C:\sqmnoopt13.sqm
C:\sqmdata13.sqm
C:\sqmdata12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt08.sqm
C:\sqmdata09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07EFB9FD-B0DA-4CF3-8AC9-6A87511D773E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10BD1450-DD10-42A9-8E45-921C16E631Ac}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{217A28A1-DD10-42A9-8E45-921C16E631Ac}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42377656-3f45-43b7-81e8-110c101d4561}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F45142-DD10-42A9-8E45-921C16E631Ac}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B285F73-F1D3-413C-BB49-91183FFAF9D0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C40BAE01-FE5C-478E-AC2E-622AFC8603FA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"TkBellExe"=-
"14a6e90f"=-
"BM1795da93"=-
"RTHDCPL"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51c4088c-0954-11dd-ad6e-ffa67fb8307c}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
tu temps mais c est fait
voila le rapport
ComboFix 08-09-15.02 - User 2008-09-16 18:39:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1683 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\User\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 09:08 . 2008-09-16 09:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 09:08 . 2008-09-16 09:08 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-16 09:08 . 2008-09-16 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 09:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 09:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 08:40 . 2008-09-16 08:40 <REP> d-------- C:\Program Files\Trend Micro
2008-09-16 08:03 . 2008-09-16 08:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-16 07:58 . 2008-04-13 03:54 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-16 07:58 . 2008-04-13 04:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-16 07:58 . 2008-09-16 07:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-15 21:53 . 2008-09-15 21:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-14 20:12 . 2008-09-14 20:12 <REP> d-------- C:\Program Files\Folding@Home #01
2008-09-14 19:51 . 2008-09-14 19:51 <REP> dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-09-14 19:51 . 2008-09-14 19:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-14 18:54 . 2008-09-14 18:54 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-09-14 18:30 . 2008-09-14 18:30 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Program Files\SEGA
2008-09-11 18:47 . 2008-09-11 18:47 <REP> d-------- C:\Documents and Settings\User\Application Data\FMZilla
2008-09-09 21:03 . 2008-09-09 21:03 <REP> d-------- C:\Program Files\QuickSFV
2008-09-09 20:59 . 2008-09-09 20:59 <REP> d-------- C:\Program Files\FlashFXP
2008-09-08 21:25 . 2008-09-08 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-09-03 22:05 . 2008-09-03 22:05 <REP> d-------- C:\Program Files\VideoraiPodConverter
2008-09-03 22:05 . 2008-09-15 21:10 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-09-02 13:13 . 2008-09-02 13:19 <REP> d-------- C:\Program Files\thriXXX
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5.3
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-08-28 09:11 . 2008-08-28 19:02 9,532 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-08-28 08:47 . 2008-08-28 08:47 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2008-08-22 11:04 . 2008-09-16 18:39 <REP> d-------- C:\Program Files\PeerGuardian2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 16:42 --------- d-----w C:\Program Files\Steam
2008-09-14 19:48 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-09-14 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 16:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-14 16:54 22,328 ----a-w C:\Documents and Settings\User\Application Data\PnkBstrK.sys
2008-09-02 08:21 --------- d-----w C:\Program Files\eMule
2008-08-30 11:07 --------- d-----w C:\Documents and Settings\User\Application Data\DNA
2008-08-30 09:41 --------- d-----w C:\Program Files\DNA
2008-08-28 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-13 09:20 --------- d-----w C:\Program Files\DivX
2008-08-12 09:50 --------- d-----w C:\Documents and Settings\User\Application Data\Ubisoft
2008-08-12 09:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-12 09:46 --------- d-----w C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-08-12 09:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-12 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-12 09:14 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:56 --------- d-----w C:\Program Files\Google
2008-08-11 10:14 --------- d-----w C:\Program Files\Real
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-08 16:27 --------- d-----w C:\Program Files\ma-config.com
2008-08-08 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-05 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-05 10:11 --------- d-----w C:\Program Files\SlySoft
2008-08-05 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-05 09:57 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-08-04 18:11 --------- d-----w C:\Documents and Settings\User\Application Data\dvdcss
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-20 17:05 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-20 16:49 --------- d-----w C:\Program Files\EA GAMES
2005-09-09 06:13 7,133,925 ----a-w C:\Program Files\f_guide.pdf
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-09-16_ 8.57.45.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-09-16 16:42:07 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 1271032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\gilou91\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 FAH-01;Folding Service #01;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
Start Pending2 FAH-02;Folding Service #02;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
.
Contenu du dossier 'Tƒches planifi‚es'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:42:42
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cach‚s ...
Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...
Recherche de fichiers cach‚s ...
Scan termin‚ avec succŠs
Fichiers cach‚s: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\ComboFix\pv.cfexe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-09-16 18:44:30 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-16 16:44:22
ComboFix2.txt 2008-09-16 07:03:13
Avant-CF: 54,390,005,760 octets libres
AprŠs-CF: 54,375,788,544 octets libres
240 --- E O F --- 2008-06-12 13:22:23
voila le rapport
ComboFix 08-09-15.02 - User 2008-09-16 18:39:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1683 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\User\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-16 09:08 . 2008-09-16 09:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 09:08 . 2008-09-16 09:08 <REP> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-16 09:08 . 2008-09-16 09:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 09:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 09:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 08:40 . 2008-09-16 08:40 <REP> d-------- C:\Program Files\Trend Micro
2008-09-16 08:03 . 2008-09-16 08:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-16 07:58 . 2008-04-13 03:54 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-16 07:58 . 2008-04-13 04:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-16 07:58 . 2008-04-13 04:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-16 07:58 . 2008-09-16 07:58 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-15 21:53 . 2008-09-15 21:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-14 20:12 . 2008-09-14 20:12 <REP> d-------- C:\Program Files\Folding@Home #01
2008-09-14 19:51 . 2008-09-14 19:51 <REP> dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-09-14 19:51 . 2008-09-14 19:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-14 18:54 . 2008-09-14 18:54 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-09-14 18:30 . 2008-09-14 18:30 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-11 21:19 . 2008-09-11 21:19 <REP> d-------- C:\Program Files\SEGA
2008-09-11 18:47 . 2008-09-11 18:47 <REP> d-------- C:\Documents and Settings\User\Application Data\FMZilla
2008-09-09 21:03 . 2008-09-09 21:03 <REP> d-------- C:\Program Files\QuickSFV
2008-09-09 20:59 . 2008-09-09 20:59 <REP> d-------- C:\Program Files\FlashFXP
2008-09-08 21:25 . 2008-09-08 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-09-03 22:05 . 2008-09-03 22:05 <REP> d-------- C:\Program Files\VideoraiPodConverter
2008-09-03 22:05 . 2008-09-15 21:10 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-09-02 13:13 . 2008-09-02 13:19 <REP> d-------- C:\Program Files\thriXXX
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5.3
2008-08-28 09:11 . 2008-08-28 09:11 <REP> d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-08-28 09:11 . 2008-08-28 19:02 9,532 --a------ C:\WINDOWS\CDPLAYER.UNI
2008-08-28 08:47 . 2008-08-28 08:47 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Ahead
2008-08-22 11:04 . 2008-09-16 18:39 <REP> d-------- C:\Program Files\PeerGuardian2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 16:42 --------- d-----w C:\Program Files\Steam
2008-09-14 19:48 --------- d-----w C:\Documents and Settings\User\Application Data\BitTorrent
2008-09-14 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 16:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-14 16:54 22,328 ----a-w C:\Documents and Settings\User\Application Data\PnkBstrK.sys
2008-09-02 08:21 --------- d-----w C:\Program Files\eMule
2008-08-30 11:07 --------- d-----w C:\Documents and Settings\User\Application Data\DNA
2008-08-30 09:41 --------- d-----w C:\Program Files\DNA
2008-08-28 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-13 09:20 --------- d-----w C:\Program Files\DivX
2008-08-12 09:50 --------- d-----w C:\Documents and Settings\User\Application Data\Ubisoft
2008-08-12 09:47 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-12 09:46 --------- d-----w C:\Documents and Settings\User\Application Data\DAEMON Tools
2008-08-12 09:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-12 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-12 09:14 --------- d-----w C:\Program Files\Ubisoft
2008-08-11 18:56 --------- d-----w C:\Program Files\Google
2008-08-11 10:14 --------- d-----w C:\Program Files\Real
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-08-11 10:14 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-08 16:27 --------- d-----w C:\Program Files\ma-config.com
2008-08-08 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-05 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-05 10:11 --------- d-----w C:\Program Files\SlySoft
2008-08-05 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-08-05 09:57 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-08-04 18:11 --------- d-----w C:\Documents and Settings\User\Application Data\dvdcss
2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-20 17:05 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-20 16:49 --------- d-----w C:\Program Files\EA GAMES
2005-09-09 06:13 7,133,925 ----a-w C:\Program Files\f_guide.pdf
1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-09-16_ 8.57.45.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-09-16 16:42:07 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-06-02 1271032]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Steam\\SteamApps\\gilou91\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 FAH-01;Folding Service #01;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]
Start Pending2 FAH-02;Folding Service #02;C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
.
Contenu du dossier 'Tƒches planifi‚es'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:42:42
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cach‚s ...
Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...
Recherche de fichiers cach‚s ...
Scan termin‚ avec succŠs
Fichiers cach‚s: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\ComboFix\pv.cfexe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-09-16 18:44:30 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-16 16:44:22
ComboFix2.txt 2008-09-16 07:03:13
Avant-CF: 54,390,005,760 octets libres
AprŠs-CF: 54,375,788,544 octets libres
240 --- E O F --- 2008-06-12 13:22:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:50, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Scan saved at 21:26:50, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
merci en tout cas a toi Destrio5 de m'avoir aider.
j'espere ne plus avoir a faire a toi cela voudrais dire que tout va bien.
merci encore
j'espere ne plus avoir a faire a toi cela voudrais dire que tout va bien.
merci encore
