Infection CMSETAC.DLL / NTDTCSTP.DLL
Rodhar
-
Rodhar -
Rodhar -
Bonjour,
depuis ce matin eTrust antivirus me balance toutes les 3-4 min une fenetre d'infection en direct pour me dire que les fichiers CMSETAC.DLL est infecté par Pipown.OJ et que NTDTCSTP.DLL est infecté par Mebnac.A.
J'ai fait un scan hier sur Spybot avant d'aller me coucher il n'avait rien trouvé et depuis ce matin c'est un peu la merde.
Pouriez vous m'aider s'il vous plait ? Merci d'avance
depuis ce matin eTrust antivirus me balance toutes les 3-4 min une fenetre d'infection en direct pour me dire que les fichiers CMSETAC.DLL est infecté par Pipown.OJ et que NTDTCSTP.DLL est infecté par Mebnac.A.
J'ai fait un scan hier sur Spybot avant d'aller me coucher il n'avait rien trouvé et depuis ce matin c'est un peu la merde.
Pouriez vous m'aider s'il vous plait ? Merci d'avance
A voir également:
- Infection CMSETAC.DLL / NTDTCSTP.DLL
- Infection winrmsrv ✓ - Forum Virus
- Infection fahcore_a8 ✓ - Forum Virus
- Infection ad.doubleclick.net ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
- Infection WonderShare ✓ - Forum Virus
18 réponses
Voila le rapport, merci de t'occuper de mon probleme
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:03, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Marmot Project\TheTurtle v5.0.exe
C:\WINDOWS\ExeFile.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.227.161.176 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GAMING~1\MouseElf.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [The Turtle] C:\Program Files\Marmot Project\TheTurtle v5.0.exe
O4 - HKCU\..\Run: [ExeFile] C:\WINDOWS\ExeFile.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:03, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Marmot Project\TheTurtle v5.0.exe
C:\WINDOWS\ExeFile.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.227.161.176 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GAMING~1\MouseElf.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [The Turtle] C:\Program Files\Marmot Project\TheTurtle v5.0.exe
O4 - HKCU\..\Run: [ExeFile] C:\WINDOWS\ExeFile.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
rapport Malwarebyts
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1184
Windows 5.1.2600 Service Pack 2
21/09/2008 11:01:47
mbam-log-2008-09-21 (11-01-47).txt
Type de recherche: Examen complet (C:\|D:\|E:\|N:\|)
Eléments examinés: 200958
Temps écoulé: 36 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1184
Windows 5.1.2600 Service Pack 2
21/09/2008 11:01:47
mbam-log-2008-09-21 (11-01-47).txt
Type de recherche: Examen complet (C:\|D:\|E:\|N:\|)
Eléments examinés: 200958
Temps écoulé: 36 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'arrive pas à placer le rapport Toolbar
donc voila le hickjackthis renomé
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:11, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Marmot Project\TheTurtle v5.0.exe
C:\WINDOWS\ExeFile.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Heaven.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.227.161.176 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GAMING~1\MouseElf.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [The Turtle] C:\Program Files\Marmot Project\TheTurtle v5.0.exe
O4 - HKCU\..\Run: [ExeFile] C:\WINDOWS\ExeFile.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
donc voila le hickjackthis renomé
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:11, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\Dit.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Marmot Project\TheTurtle v5.0.exe
C:\WINDOWS\ExeFile.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Heaven.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 82.227.161.176 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GAMING~1\MouseElf.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\system32\autoupdatev2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [The Turtle] C:\Program Files\Marmot Project\TheTurtle v5.0.exe
O4 - HKCU\..\Run: [ExeFile] C:\WINDOWS\ExeFile.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
En Mode sans echec le scan avec malwarebyts me dit qu'il n'y a aucune infection ... mais pourtant j'ai toujours eTrust qui me previens toutes les 2min ... j'y comprend rien :s
et j'arrive toujours pas à poster le rapport Toolbar, j'ai l'impression qu'il me le bloque !
et j'arrive toujours pas à poster le rapport Toolbar, j'ai l'impression qu'il me le bloque !
Ca marche toujours pas ....
Bon sinon j'ai fai tun scan avec eTrust sur le dossier dans lequel les fichiers étaient infectés, il m'a mis "désinfection" sur les deux fichiers que j'ai nommé dans le titre, et depuis j'ai pas de nouvelle alerte, tu penses que c'est bon ? je vais faire un Ccleaner et un nouveau scan Spybot pour voir si il trouve quelquechose.
Bon sinon j'ai fai tun scan avec eTrust sur le dossier dans lequel les fichiers étaient infectés, il m'a mis "désinfection" sur les deux fichiers que j'ai nommé dans le titre, et depuis j'ai pas de nouvelle alerte, tu penses que c'est bon ? je vais faire un Ccleaner et un nouveau scan Spybot pour voir si il trouve quelquechose.
Rapport
ComboFix 08-09-20.05 - Link 2008-09-21 12:27:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2415 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Link\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Link\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.
2008-09-21 12:13 . 2008-09-21 12:13 <REP> d-------- C:\Program Files\CCleaner
2008-09-21 10:19 . 2008-09-21 10:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 10:19 . 2008-09-21 10:19 <REP> d-------- C:\Documents and Settings\Link\Application Data\Malwarebytes
2008-09-21 10:19 . 2008-09-21 10:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 10:19 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 10:19 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 10:17 . 2008-09-21 11:28 3,692 --a------ C:\Documents and Settings\Orph.egd
2008-09-21 10:16 . 2008-09-21 11:28 <REP> d-------- C:\ToolBar SD
2008-09-21 09:51 . 2008-09-21 09:51 <REP> d-------- C:\Program Files\Trend Micro
2008-09-20 22:47 . 2008-09-20 22:48 <REP> d-------- C:\Documents and Settings\Link\Application Data\SPORE
2008-09-20 22:15 . 2008-09-20 22:15 111,104 --a------ C:\WINDOWS\system32\gg.exe
2008-09-20 22:15 . 2008-09-20 22:15 8,192 --a------ C:\WINDOWS\system32\rld-spor.exe
2008-09-10 17:41 . 2008-09-10 17:41 111,104 --a------ C:\WINDOWS\ExeFile.exe
2008-09-08 18:28 . 2008-09-14 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-08 17:37 . 2008-09-14 18:53 <REP> d-------- C:\Program Files\Steam
2008-09-05 09:28 . 2008-09-05 09:41 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 10:14 --------- d-----w C:\Program Files\GetRight
2008-09-21 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-21 09:37 --------- d-----w C:\Documents and Settings\Link\Application Data\uTorrent
2008-09-21 09:03 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-09-21 08:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-20 20:17 --------- d-----w C:\Program Files\Electronic Arts
2008-09-20 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 17:32 --------- d-----w C:\Program Files\MSN Messenger
2008-09-18 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-16 15:32 --------- d-----w C:\Program Files\World of Warcraft
2008-09-01 09:09 --------- d-----w C:\Program Files\WowCartographe
2008-08-20 18:40 --------- d-----w C:\Program Files\Teamspeak2_RC2_server
2008-08-10 20:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-05 12:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-05 12:11 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-02 17:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-31 16:34 82,976 ----a-w C:\Documents and Settings\Link\Application Data\GDIPFONTCACHEV1.DAT
2008-07-22 11:45 --------- d-----w C:\Documents and Settings\Link\Application Data\DivX
2008-07-21 22:27 --------- d-----w C:\Documents and Settings\Link\Application Data\yoclient
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-19 13:24 22,328 ----a-w C:\Documents and Settings\Link\Application Data\PnkBstrK.sys
2005-08-29 15:00 56 --sh--r C:\WINDOWS\system32\A32AC634D4.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-04 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-31 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"The Turtle"="C:\Program Files\Marmot Project\TheTurtle v5.0.exe" [2008-06-16 724992]
"ExeFile"="C:\WINDOWS\ExeFile.exe" [2008-09-10 111104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 504080]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-06-07 127118]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-01 98304]
"mouseElf"="C:\PROGRA~1\GAMING~1\MouseElf.EXE" [2005-07-15 208896]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"Dit"="Dit.exe" [2004-07-20 C:\WINDOWS\Dit.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
C:\Documents and Settings\Link\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.0-frFR-downloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-0.10.0.5140-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"=
"C:\\Program Files\\GetRight\\getright.exe"=
"D:\\Documents\\Jeux\\SOF\\SoF2MP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Teamspeak2_RC2_server\\server_windows.exe"=
"N:\\Sauvegarde ancien DD\\Warcraft III 1.20e\\Warcraft III.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6881:UDP"= 6881:UDP:port6881
"1080:TCP"= 1080:TCP:SOF
"32116:TCP"= 32116:TCP:32116
"32116:UDP"= 32116:UDP:32116
"3724:TCP"= 3724:TCP:port 3724
"3724:UDP"= 3724:UDP:port 3724 UDP
R0 Si3531;SiI-3531 SATA Controller;C:\WINDOWS\system32\DRIVERS\Si3531.sys [2006-11-17 210224]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-08 799744]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-21 17408]
S3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 20856]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2005-07-12 7808]
S3 gHidUsbF;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidUsbF.Sys [2005-07-11 12800]
S3 MODRC;DiBcom Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2006-05-09 13056]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys [ ]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\autoset.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Link\Application Data\Mozilla\Firefox\Profiles\qemspv4x.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 12:28:11
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Heure de fin: 2008-09-21 12:29:16
ComboFix-quarantined-files.txt 2008-09-21 10:28:47
ComboFix2.txt 2008-09-21 10:22:24
Avant-CF: 3ÿ687ÿ927ÿ808 octets libres
Après-CF: 3,657,121,792 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
197 --- E O F --- 2008-09-10 15:43:10
ComboFix 08-09-20.05 - Link 2008-09-21 12:27:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2415 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Link\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Link\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 ))))))))))))))))))))))))))))))))))))
.
2008-09-21 12:13 . 2008-09-21 12:13 <REP> d-------- C:\Program Files\CCleaner
2008-09-21 10:19 . 2008-09-21 10:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 10:19 . 2008-09-21 10:19 <REP> d-------- C:\Documents and Settings\Link\Application Data\Malwarebytes
2008-09-21 10:19 . 2008-09-21 10:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 10:19 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 10:19 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 10:17 . 2008-09-21 11:28 3,692 --a------ C:\Documents and Settings\Orph.egd
2008-09-21 10:16 . 2008-09-21 11:28 <REP> d-------- C:\ToolBar SD
2008-09-21 09:51 . 2008-09-21 09:51 <REP> d-------- C:\Program Files\Trend Micro
2008-09-20 22:47 . 2008-09-20 22:48 <REP> d-------- C:\Documents and Settings\Link\Application Data\SPORE
2008-09-20 22:15 . 2008-09-20 22:15 111,104 --a------ C:\WINDOWS\system32\gg.exe
2008-09-20 22:15 . 2008-09-20 22:15 8,192 --a------ C:\WINDOWS\system32\rld-spor.exe
2008-09-10 17:41 . 2008-09-10 17:41 111,104 --a------ C:\WINDOWS\ExeFile.exe
2008-09-08 18:28 . 2008-09-14 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-09-08 17:37 . 2008-09-14 18:53 <REP> d-------- C:\Program Files\Steam
2008-09-05 09:28 . 2008-09-05 09:41 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 10:14 --------- d-----w C:\Program Files\GetRight
2008-09-21 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-21 09:37 --------- d-----w C:\Documents and Settings\Link\Application Data\uTorrent
2008-09-21 09:03 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-09-21 08:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-20 20:17 --------- d-----w C:\Program Files\Electronic Arts
2008-09-20 20:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 17:32 --------- d-----w C:\Program Files\MSN Messenger
2008-09-18 17:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-16 15:32 --------- d-----w C:\Program Files\World of Warcraft
2008-09-01 09:09 --------- d-----w C:\Program Files\WowCartographe
2008-08-20 18:40 --------- d-----w C:\Program Files\Teamspeak2_RC2_server
2008-08-10 20:22 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-05 12:11 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-05 12:11 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-02 17:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-31 16:34 82,976 ----a-w C:\Documents and Settings\Link\Application Data\GDIPFONTCACHEV1.DAT
2008-07-22 11:45 --------- d-----w C:\Documents and Settings\Link\Application Data\DivX
2008-07-21 22:27 --------- d-----w C:\Documents and Settings\Link\Application Data\yoclient
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-19 13:24 22,328 ----a-w C:\Documents and Settings\Link\Application Data\PnkBstrK.sys
2005-08-29 15:00 56 --sh--r C:\WINDOWS\system32\A32AC634D4.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-04 190024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-31 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"The Turtle"="C:\Program Files\Marmot Project\TheTurtle v5.0.exe" [2008-06-16 724992]
"ExeFile"="C:\WINDOWS\ExeFile.exe" [2008-09-10 111104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 458752]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-06-26 504080]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-06-07 127118]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-01 98304]
"mouseElf"="C:\PROGRA~1\GAMING~1\MouseElf.EXE" [2005-07-15 208896]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"Dit"="Dit.exe" [2004-07-20 C:\WINDOWS\Dit.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
C:\Documents and Settings\Link\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.0-frFR-downloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-0.10.0.5140-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-frFR-downloader.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"=
"C:\\Program Files\\GetRight\\getright.exe"=
"D:\\Documents\\Jeux\\SOF\\SoF2MP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Teamspeak2_RC2_server\\server_windows.exe"=
"N:\\Sauvegarde ancien DD\\Warcraft III 1.20e\\Warcraft III.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6881:UDP"= 6881:UDP:port6881
"1080:TCP"= 1080:TCP:SOF
"32116:TCP"= 32116:TCP:32116
"32116:UDP"= 32116:UDP:32116
"3724:TCP"= 3724:TCP:port 3724
"3724:UDP"= 3724:UDP:port 3724 UDP
R0 Si3531;SiI-3531 SATA Controller;C:\WINDOWS\system32\DRIVERS\Si3531.sys [2006-11-17 210224]
S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-08 799744]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-09-21 17408]
S3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 20856]
S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2005-07-12 7808]
S3 gHidUsbF;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidUsbF.Sys [2005-07-11 12800]
S3 MODRC;DiBcom Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2006-05-09 13056]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys [ ]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\autoset.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Link\Application Data\Mozilla\Firefox\Profiles\qemspv4x.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 12:28:11
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Heure de fin: 2008-09-21 12:29:16
ComboFix-quarantined-files.txt 2008-09-21 10:28:47
ComboFix2.txt 2008-09-21 10:22:24
Avant-CF: 3ÿ687ÿ927ÿ808 octets libres
Après-CF: 3,657,121,792 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
197 --- E O F --- 2008-09-10 15:43:10
desolé du temps de reponse j'étais parti la journée
Alors l'analyse des 3 fichiers donne :
gg.exe :
Résultat: 28/35 (80%) pas tres bon ca ^^ me dit que c'est un trojan
AhnLab-V3 2008.9.19.2 2008.09.19 Win-Trojan/Turkojan.307712
AntiVir 7.8.1.34 2008.09.21 TR/Spy.Agent.AHAB
Authentium 5.1.0.4 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
Avast 4.8.1195.0 2008.09.20 Win32:Turkojan-AB
BitDefender 7.2 2008.09.21 GenPack:Trojan.Agent.AHAB
CAT-QuickHeal 9.50 2008.09.20 TrojanSpy.Agent.ahab
ClamAV 0.93.1 2008.09.21 Trojan.Truko-428
DrWeb 4.44.0.09170 2008.09.21 Trojan.Rent
eSafe 7.0.17.0 2008.09.21 Suspicious File
eTrust-Vet 31.6.6098 2008.09.21 -
Ewido 4.0 2008.09.21 -
F-Prot 4.4.4.56 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
F-Secure 8.0.14332.0 2008.09.21 Backdoor.Win32.Turkojan.r
Fortinet 3.113.0.0 2008.09.21 W32/Turkojan.BV!tr.bdr
GData 19 2008.09.21 Backdoor.Win32.Turkojan.r
Ikarus T3.1.1.34.0 2008.09.21 Backdoor.Win32.Delf.ZG
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.21 Backdoor.Win32.Turkojan.r
McAfee 5388 2008.09.19 BackDoor-CZP.dr
Microsoft 1.3903 2008.09.21 VirTool:Win32/DelfInject.gen!L
NOD32v2 3458 2008.09.21 Win32/Cakl.NAF
Norman 5.80.02 2008.09.19 W32/Turkojan.gen4
Panda 9.0.0.4 2008.09.21 Suspicious file
PCTools 4.4.2.0 2008.09.21 Backdoor.Turkojan.Gen
Prevx1 V2 2008.09.21 Malicious Software
Rising 20.62.62.00 2008.09.21 Trojan.Win32.Undef.dhp
Sophos 4.33.0 2008.09.21 Troj/Agent-GMF
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.21 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 TROJ_DELF.EFH
VBA32 3.12.8.5 2008.09.20 Backdoor.Win32.Turkojan.r
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.21 Backdoor.Turkojan.Gen
Webwasher-Gateway 6.6.2 2008.09.21 Trojan.Spy.Agent.AHAB
Rld-spor.exe :
Résultat: 0/36 (0%), ca je pense que c'est bon il a rien detecté
ExeFile.exe :
Résultat: 29/36 (80.56%), pas bon ca aussi
AhnLab-V3 2008.9.19.2 2008.09.19 Win-Trojan/Turkojan.307712
AntiVir 7.8.1.34 2008.09.21 TR/Spy.Agent.AHAB
Authentium 5.1.0.4 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
Avast 4.8.1195.0 2008.09.20 Win32:Turkojan-AB
AVG 8.0.0.161 2008.09.21 BackDoor.Turkojan
BitDefender 7.2 2008.09.21 GenPack:Trojan.Agent.AHAB
CAT-QuickHeal 9.50 2008.09.20 TrojanSpy.Agent.ahab
ClamAV 0.93.1 2008.09.21 Trojan.Truko-428
DrWeb 4.44.0.09170 2008.09.21 Trojan.Rent
eSafe 7.0.17.0 2008.09.21 Suspicious File
eTrust-Vet 31.6.6098 2008.09.21 -
Ewido 4.0 2008.09.21 -
F-Prot 4.4.4.56 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
F-Secure 8.0.14332.0 2008.09.21 Backdoor.Win32.Turkojan.r
Fortinet 3.113.0.0 2008.09.21 W32/Turkojan.BV!tr.bdr
GData 19 2008.09.21 Backdoor.Win32.Turkojan.r
Ikarus T3.1.1.34.0 2008.09.21 Backdoor.Win32.Delf.ZG
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.21 Backdoor.Win32.Turkojan.r
McAfee 5388 2008.09.19 BackDoor-CZP.dr
Microsoft 1.3903 2008.09.21 VirTool:Win32/DelfInject.gen!L
NOD32v2 3458 2008.09.21 Win32/Cakl.NAF
Norman 5.80.02 2008.09.19 W32/Turkojan.gen4
Panda 9.0.0.4 2008.09.21 Suspicious file
PCTools 4.4.2.0 2008.09.21 Backdoor.Turkojan.Gen
Prevx1 V2 2008.09.21 Malicious Software
Rising 20.62.62.00 2008.09.21 Trojan.Win32.Undef.dhp
Sophos 4.33.0 2008.09.21 Troj/Agent-GMF
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.21 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 TROJ_DELF.EFH
VBA32 3.12.8.5 2008.09.20 Backdoor.Win32.Turkojan.r
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.21 Backdoor.Turkojan.Gen
Webwasher-Gateway 6.6.2 2008.09.21 Trojan.Spy.Agent.AHAB
Je dois les virer manuellement ?
Alors l'analyse des 3 fichiers donne :
gg.exe :
Résultat: 28/35 (80%) pas tres bon ca ^^ me dit que c'est un trojan
AhnLab-V3 2008.9.19.2 2008.09.19 Win-Trojan/Turkojan.307712
AntiVir 7.8.1.34 2008.09.21 TR/Spy.Agent.AHAB
Authentium 5.1.0.4 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
Avast 4.8.1195.0 2008.09.20 Win32:Turkojan-AB
BitDefender 7.2 2008.09.21 GenPack:Trojan.Agent.AHAB
CAT-QuickHeal 9.50 2008.09.20 TrojanSpy.Agent.ahab
ClamAV 0.93.1 2008.09.21 Trojan.Truko-428
DrWeb 4.44.0.09170 2008.09.21 Trojan.Rent
eSafe 7.0.17.0 2008.09.21 Suspicious File
eTrust-Vet 31.6.6098 2008.09.21 -
Ewido 4.0 2008.09.21 -
F-Prot 4.4.4.56 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
F-Secure 8.0.14332.0 2008.09.21 Backdoor.Win32.Turkojan.r
Fortinet 3.113.0.0 2008.09.21 W32/Turkojan.BV!tr.bdr
GData 19 2008.09.21 Backdoor.Win32.Turkojan.r
Ikarus T3.1.1.34.0 2008.09.21 Backdoor.Win32.Delf.ZG
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.21 Backdoor.Win32.Turkojan.r
McAfee 5388 2008.09.19 BackDoor-CZP.dr
Microsoft 1.3903 2008.09.21 VirTool:Win32/DelfInject.gen!L
NOD32v2 3458 2008.09.21 Win32/Cakl.NAF
Norman 5.80.02 2008.09.19 W32/Turkojan.gen4
Panda 9.0.0.4 2008.09.21 Suspicious file
PCTools 4.4.2.0 2008.09.21 Backdoor.Turkojan.Gen
Prevx1 V2 2008.09.21 Malicious Software
Rising 20.62.62.00 2008.09.21 Trojan.Win32.Undef.dhp
Sophos 4.33.0 2008.09.21 Troj/Agent-GMF
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.21 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 TROJ_DELF.EFH
VBA32 3.12.8.5 2008.09.20 Backdoor.Win32.Turkojan.r
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.21 Backdoor.Turkojan.Gen
Webwasher-Gateway 6.6.2 2008.09.21 Trojan.Spy.Agent.AHAB
Rld-spor.exe :
Résultat: 0/36 (0%), ca je pense que c'est bon il a rien detecté
ExeFile.exe :
Résultat: 29/36 (80.56%), pas bon ca aussi
AhnLab-V3 2008.9.19.2 2008.09.19 Win-Trojan/Turkojan.307712
AntiVir 7.8.1.34 2008.09.21 TR/Spy.Agent.AHAB
Authentium 5.1.0.4 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
Avast 4.8.1195.0 2008.09.20 Win32:Turkojan-AB
AVG 8.0.0.161 2008.09.21 BackDoor.Turkojan
BitDefender 7.2 2008.09.21 GenPack:Trojan.Agent.AHAB
CAT-QuickHeal 9.50 2008.09.20 TrojanSpy.Agent.ahab
ClamAV 0.93.1 2008.09.21 Trojan.Truko-428
DrWeb 4.44.0.09170 2008.09.21 Trojan.Rent
eSafe 7.0.17.0 2008.09.21 Suspicious File
eTrust-Vet 31.6.6098 2008.09.21 -
Ewido 4.0 2008.09.21 -
F-Prot 4.4.4.56 2008.09.21 W32/Threat-Backdoor-Silly-based!Maximus
F-Secure 8.0.14332.0 2008.09.21 Backdoor.Win32.Turkojan.r
Fortinet 3.113.0.0 2008.09.21 W32/Turkojan.BV!tr.bdr
GData 19 2008.09.21 Backdoor.Win32.Turkojan.r
Ikarus T3.1.1.34.0 2008.09.21 Backdoor.Win32.Delf.ZG
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.21 Backdoor.Win32.Turkojan.r
McAfee 5388 2008.09.19 BackDoor-CZP.dr
Microsoft 1.3903 2008.09.21 VirTool:Win32/DelfInject.gen!L
NOD32v2 3458 2008.09.21 Win32/Cakl.NAF
Norman 5.80.02 2008.09.19 W32/Turkojan.gen4
Panda 9.0.0.4 2008.09.21 Suspicious file
PCTools 4.4.2.0 2008.09.21 Backdoor.Turkojan.Gen
Prevx1 V2 2008.09.21 Malicious Software
Rising 20.62.62.00 2008.09.21 Trojan.Win32.Undef.dhp
Sophos 4.33.0 2008.09.21 Troj/Agent-GMF
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.21 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 TROJ_DELF.EFH
VBA32 3.12.8.5 2008.09.20 Backdoor.Win32.Turkojan.r
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.21 Backdoor.Turkojan.Gen
Webwasher-Gateway 6.6.2 2008.09.21 Trojan.Spy.Agent.AHAB
Je dois les virer manuellement ?
Bonjour,
#-> Telecharge HiJackThis--> HiJackThis.exe
#-> Enregistre-le dans un dossier propre a lui, renomme-le pour contrer une infection Vundo, par exemple en Heaven.exe
#-> Double clique sur Heaven.exe ensuite clique sur "Do a system scan and save a logfile"
#-> Cela va generer un rapport,
#-> Poste ce rapport dans ta prochaine reponse (Copié/collé du contenu du bloc-note)
#-> Telecharge HiJackThis--> HiJackThis.exe
#-> Enregistre-le dans un dossier propre a lui, renomme-le pour contrer une infection Vundo, par exemple en Heaven.exe
#-> Double clique sur Heaven.exe ensuite clique sur "Do a system scan and save a logfile"
#-> Cela va generer un rapport,
#-> Poste ce rapport dans ta prochaine reponse (Copié/collé du contenu du bloc-note)
***** 1/ Eradication: *****
#-> Telecharge Toolbar s&d--> ToolBarSD.exe
#-> Suis ce tuto--> Tutorial ToolBarSD
#-> Execute la recherche avec l'option 1
#-> Poste moi le rapport avant de passer a l'option 2
***** 2/ Recherche d'infections: *****
#-> Telecharge Malwarebytes' Anti-Malware--> mbam-setup.exe
#-> Suis ce tuto--> Tutorial MalwareBytes AntiMalware
#-> Execute un scan complet en mode sans echec
#-> Supprime tout ce qu'il te trouve (liste en rouge)
#-> Poste moi le rapport a la fin du scan
~~~ Le scan peut durer plusieurs heures, laisse-le travailler ~~~
***** 3/ Verification apres eradication: *****
#-> Reposte moi un rapport HiJackThis en le renommant cette fois-ci
#-> Telecharge Toolbar s&d--> ToolBarSD.exe
#-> Suis ce tuto--> Tutorial ToolBarSD
#-> Execute la recherche avec l'option 1
#-> Poste moi le rapport avant de passer a l'option 2
***** 2/ Recherche d'infections: *****
#-> Telecharge Malwarebytes' Anti-Malware--> mbam-setup.exe
#-> Suis ce tuto--> Tutorial MalwareBytes AntiMalware
#-> Execute un scan complet en mode sans echec
#-> Supprime tout ce qu'il te trouve (liste en rouge)
#-> Poste moi le rapport a la fin du scan
~~~ Le scan peut durer plusieurs heures, laisse-le travailler ~~~
***** 3/ Verification apres eradication: *****
#-> Reposte moi un rapport HiJackThis en le renommant cette fois-ci
-Telecharge combofix--> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-Suis ce tuto a la lettre--> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-Desactive toutes tes protections residentes et ferme tous tes programmes
-Lance combofix
-Poste le rapport généré
-Suis ce tuto a la lettre--> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
-Desactive toutes tes protections residentes et ferme tous tes programmes
-Lance combofix
-Poste le rapport généré
Combofix n'a rien supprimé, par contre,
analise moi ca :
C:\WINDOWS\system32\gg.exe
C:\WINDOWS\system32\rld-spor.exe
C:\WINDOWS\ExeFile.exe
Sur ce site--> https://www.virustotal.com/gui/
analise moi ca :
C:\WINDOWS\system32\gg.exe
C:\WINDOWS\system32\rld-spor.exe
C:\WINDOWS\ExeFile.exe
Sur ce site--> https://www.virustotal.com/gui/
