Demande d'aide rapport is jack this
Résolu
natocin
Messages postés
31
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
J'ai ramassé un trojan. je me mets doucement à l'interpretation de rapport mais n 'étant pas specialiste, je demande de l'aide pour identifier et me débarrasser de ce qui pose problème. Je poste mon log. Merci d'avance pour celui ou celle qui m'aidera.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:14, on 04/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\system32\mherwnur.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Documents and Settings\HiJackThis\HijackThis.Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {191AC1A7-66E5-1C75-D7C9-014D8DAD4EF2} - C:\Program Files\xsbbbfg\apiapl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange_Install] "C:\DOCUME~1\Admin\LOCALS~1\Temp\KIT3.tmp\Installation\Tempcomponents\LIVEASSISTANT\Live Assistant 2.0.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmartHlp] C:\WINDOWS\system32\wzyncpcb.exe
O4 - HKCU\..\Run: [cmdsh] C:\WINDOWS\system32\mherwnur.exe
O4 - HKLM\..\Policies\Explorer\Run: [boESXRyJur] C:\Documents and Settings\All Users\Application Data\szytgnyd\wzatapgz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\AMVConverter\grab.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0980c12176fdf7ef.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - E:\Program Files\aawservice.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
J'ai ramassé un trojan. je me mets doucement à l'interpretation de rapport mais n 'étant pas specialiste, je demande de l'aide pour identifier et me débarrasser de ce qui pose problème. Je poste mon log. Merci d'avance pour celui ou celle qui m'aidera.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:14, on 04/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\system32\mherwnur.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Documents and Settings\HiJackThis\HijackThis.Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {191AC1A7-66E5-1C75-D7C9-014D8DAD4EF2} - C:\Program Files\xsbbbfg\apiapl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange_Install] "C:\DOCUME~1\Admin\LOCALS~1\Temp\KIT3.tmp\Installation\Tempcomponents\LIVEASSISTANT\Live Assistant 2.0.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmartHlp] C:\WINDOWS\system32\wzyncpcb.exe
O4 - HKCU\..\Run: [cmdsh] C:\WINDOWS\system32\mherwnur.exe
O4 - HKLM\..\Policies\Explorer\Run: [boESXRyJur] C:\Documents and Settings\All Users\Application Data\szytgnyd\wzatapgz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\AMVConverter\grab.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0980c12176fdf7ef.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - E:\Program Files\aawservice.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
A voir également:
- Demande d'aide rapport is jack this
- What is my movie français - Télécharger - Divers TV & Vidéo
- Plan rapport de stage - Guide
- No server is available to handle this request. - Forum Réseaux sociaux
- Who is on my wifi - Télécharger - Outils Internet
- This is the mail system at host ✓ - Forum Mail
7 réponses
Bonjour
Plusieurs infections sur ton PC
Pour commencer
Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.fr
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 2 ( suppression)
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
ensuite
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
Plusieurs infections sur ton PC
Pour commencer
Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.fr
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 2 ( suppression)
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
ensuite
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
Merci pour ta reponse rapide. Voici le rapport lop sd. Je lance a present combofix
A +
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 58 Go Free : 8 Go
D:\ (CD or DVD) - UDF - Total : 6 Go Free : 0 Go
E:\ (Local Disk) - NTFS - Total : 174 Go Free : 53 Go
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 05/10/2008| 3:57 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[29/01/2008|09:19] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[28/05/2008|21:36] C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
[06/07/2007|20:51] C:\DOCUME~1\Admin\APPLIC~1\Ahead
[17/01/2008|10:43] C:\DOCUME~1\Admin\APPLIC~1\ArcSoft
[02/11/2007|18:42] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[03/03/2007|23:37] C:\DOCUME~1\Admin\APPLIC~1\CyberLink
[27/10/2007|12:44] C:\DOCUME~1\Admin\APPLIC~1\DivX
[07/09/2008|18:01] C:\DOCUME~1\Admin\APPLIC~1\dvdcss
[27/10/2007|19:33] C:\DOCUME~1\Admin\APPLIC~1\Google
[18/03/2007|09:09] C:\DOCUME~1\Admin\APPLIC~1\Help
[03/02/2007|21:25] C:\DOCUME~1\Admin\APPLIC~1\Identities
[21/06/2008|00:58] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/04/2007|12:15] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[04/05/2007|19:06] C:\DOCUME~1\Admin\APPLIC~1\LaCie
[03/03/2007|14:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[16/03/2007|09:12] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[25/07/2008|12:42] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[15/11/2007|15:02] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[25/04/2008|20:28] C:\DOCUME~1\Admin\APPLIC~1\Motive
[07/09/2008|17:48] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[23/10/2007|20:44] C:\DOCUME~1\Admin\APPLIC~1\MSNInstaller
[04/03/2007|14:10] C:\DOCUME~1\Admin\APPLIC~1\My Games
[08/08/2008|15:08] C:\DOCUME~1\Admin\APPLIC~1\Nikon
[03/03/2007|15:35] C:\DOCUME~1\Admin\APPLIC~1\SecuROM
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\Skype
[04/01/2008|17:09] C:\DOCUME~1\Admin\APPLIC~1\Sports Interactive
[25/01/2008|21:14] C:\DOCUME~1\Admin\APPLIC~1\Sun
[02/07/2008|16:37] C:\DOCUME~1\Admin\APPLIC~1\SystemRequirementsLab
[02/06/2008|20:44] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[04/10/2008|19:42] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[07/02/2008|19:48] C:\DOCUME~1\Admin\APPLIC~1\vlc
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\vlc(2)
[10/03/2008|20:27] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[29/01/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/02/2008|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/11/2007|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[16/03/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/10/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[05/10/2008|03:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[03/02/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/05/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[02/06/2007|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[07/09/2008|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[24/03/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Saitek
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[07/02/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[04/02/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/10/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\szytgnyd
[03/02/2007|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[19/10/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[16/06/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[03/02/2007|21:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/10/2008|14:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[04/10/2008|14:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[03/02/2007|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/02/2008|18:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[03/10/2008|18:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
[03/02/2008|19:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[03/10/2008 19:00][--a------] C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[05/10/2008 01:33][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/10/2008 16:00][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/06/2008|21:56] C:\Program Files\Activision
[29/01/2008|09:17] C:\Program Files\Adobe
[04/11/2007|20:34] C:\Program Files\Agama
[01/12/2007|11:49] C:\Program Files\AGEIA Technologies
[03/02/2007|21:36] C:\Program Files\Ahead
[03/02/2007|21:42] C:\Program Files\Alwil Software
[17/01/2008|10:38] C:\Program Files\ArcSoft
[12/02/2008|18:51] C:\Program Files\Avira
[06/01/2008|17:32] C:\Program Files\AviSynth 2.5
[03/11/2007|01:35] C:\Program Files\AVS4YOU
[29/02/2008|18:51] C:\Program Files\Call of Duty
[27/10/2007|14:53] C:\Program Files\Canon
[03/02/2007|21:18] C:\Program Files\ComPlus Applications
[17/06/2007|18:25] C:\Program Files\Cryo
[06/01/2008|23:42] C:\Program Files\CyberLink
[15/10/2007|18:59] C:\Program Files\directx
[04/01/2008|17:01] C:\Program Files\D-Tools
[14/01/2008|20:40] C:\Program Files\EA GAMES
[30/09/2008|21:12] C:\Program Files\Fichiers communs
[03/03/2007|13:59] C:\Program Files\Firaxis Games
[22/09/2008|20:35] C:\Program Files\InstallShield Installation Information
[03/02/2007|21:27] C:\Program Files\Intel
[22/06/2007|15:59] C:\Program Files\InterActual
[20/08/2008|20:12] C:\Program Files\Internet Explorer
[20/10/2007|00:08] C:\Program Files\Inventel
[02/06/2008|20:31] C:\Program Files\Java
[04/03/2007|00:47] C:\Program Files\JoWooD
[28/10/2007|11:47] C:\Program Files\KONAMI
[04/05/2007|19:06] C:\Program Files\LaCie
[05/07/2007|18:09] C:\Program Files\Ligos
[17/06/2007|18:22] C:\Program Files\Lords of EverQuest
[22/02/2008|18:58] C:\Program Files\Maxis
[01/10/2008|21:35] C:\Program Files\McAfee
[20/08/2008|20:12] C:\Program Files\Messenger
[01/07/2008|18:52] C:\Program Files\Micro Application
[15/04/2007|14:31] C:\Program Files\Microids
[15/11/2007|15:02] C:\Program Files\microsoft frontpage
[28/05/2007|10:38] C:\Program Files\Microsoft Games
[15/11/2007|15:02] C:\Program Files\Microsoft Office
[22/11/2007|16:38] C:\Program Files\Microsoft SQL Server Compact Edition
[26/07/2008|15:34] C:\Program Files\Microsoft Xbox 360 Accessories
[03/02/2007|21:19] C:\Program Files\Movie Maker
[05/10/2008|03:53] C:\Program Files\Mozilla Firefox
[23/10/2007|20:44] C:\Program Files\MSN
[03/02/2007|21:18] C:\Program Files\MSN Gaming Zone
[14/11/2007|19:53] C:\Program Files\MSXML 4.0
[10/06/2007|19:21] C:\Program Files\MySight 2006
[04/10/2008|15:47] C:\Program Files\Navilog1
[03/02/2007|21:19] C:\Program Files\NetMeeting
[08/04/2007|09:49] C:\Program Files\Nikon
[15/11/2007|15:02] C:\Program Files\Office2K
[03/02/2007|21:18] C:\Program Files\Online Services
[25/04/2008|20:28] C:\Program Files\Orange
[26/04/2008|19:07] C:\Program Files\OrangeHSS
[20/10/2007|02:25] C:\Program Files\Outlook Express
[15/11/2007|15:02] C:\Program Files\PowerPoint Viewer
[10/02/2008|14:24] C:\Program Files\QuickTime
[03/02/2007|21:28] C:\Program Files\Realtek
[01/03/2008|12:20] C:\Program Files\Return to Castle Wolfenstein
[16/03/2007|09:08] C:\Program Files\Satsuki Decoder Pack
[02/10/2008|22:21] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[20/10/2007|00:36] C:\Program Files\Securitoo
[03/02/2007|21:20] C:\Program Files\Services en ligne
[16/06/2007|09:38] C:\Program Files\Sierra On-Line
[02/10/2008|22:21] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[02/06/2007|15:27] C:\Program Files\Ubisoft
[03/02/2007|21:25] C:\Program Files\Uninstall Information
[27/10/2007|17:40] C:\Program Files\Valve
[07/02/2008|01:05] C:\Program Files\VideoLAN
[07/02/2008|10:17] C:\Program Files\VLC
[25/04/2008|20:21] C:\Program Files\Wanadoo
[03/02/2008|19:37] C:\Program Files\Windows Defender
[27/02/2008|12:01] C:\Program Files\Windows Live
[20/10/2007|01:41] C:\Program Files\Windows Media Connect 2
[20/10/2007|01:41] C:\Program Files\Windows Media Player
[20/05/2007|11:12] C:\Program Files\Windows Messaging
[03/02/2007|21:18] C:\Program Files\Windows NT
[03/02/2007|21:20] C:\Program Files\WindowsUpdate
[22/02/2008|18:54] C:\Program Files\WinRAR
[31/03/2008|19:26] C:\Program Files\XBCD 360
[03/02/2007|21:21] C:\Program Files\xerox
[02/10/2008|21:28] C:\Program Files\xsbbbfg
[16/06/2008|14:49] C:\Program Files\Yahoo!
[04/01/2008|17:05] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[15/04/2007|12:15] C:\Program Files\Fichiers communs\Adobe
[03/02/2007|21:36] C:\Program Files\Fichiers communs\Ahead
[03/11/2007|01:35] C:\Program Files\Fichiers communs\AVSMedia
[02/07/2008|17:33] C:\Program Files\Fichiers communs\BioWare
[15/11/2007|15:04] C:\Program Files\Fichiers communs\Designer
[25/04/2008|20:21] C:\Program Files\Fichiers communs\France Telecom
[13/04/2007|19:37] C:\Program Files\Fichiers communs\InstallShield
[02/06/2008|20:28] C:\Program Files\Fichiers communs\Java
[30/09/2008|21:12] C:\Program Files\Fichiers communs\McAfee
[22/11/2007|16:35] C:\Program Files\Fichiers communs\Microsoft Shared
[25/04/2008|20:27] C:\Program Files\Fichiers communs\Motive
[03/02/2007|21:19] C:\Program Files\Fichiers communs\MSSoap
[08/08/2008|15:08] C:\Program Files\Fichiers communs\Nikon
[03/02/2007|22:12] C:\Program Files\Fichiers communs\ODBC
[03/02/2007|21:19] C:\Program Files\Fichiers communs\Services
[03/02/2007|22:12] C:\Program Files\Fichiers communs\SpeechEngines
[17/06/2007|18:11] C:\Program Files\Fichiers communs\SWF Studio
[15/11/2007|15:04] C:\Program Files\Fichiers communs\System
[22/11/2007|16:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[05/10/2008|03:40] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 54 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 03:58:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\Admin\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1094 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:48][D:5]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:5][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:89][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 05/10/2008| 3:59 - Option : [2]
--------------------\\ Fin du rapport a 3:59:11
A +
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 58 Go Free : 8 Go
D:\ (CD or DVD) - UDF - Total : 6 Go Free : 0 Go
E:\ (Local Disk) - NTFS - Total : 174 Go Free : 53 Go
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 05/10/2008| 3:57 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[29/01/2008|09:19] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[28/05/2008|21:36] C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
[06/07/2007|20:51] C:\DOCUME~1\Admin\APPLIC~1\Ahead
[17/01/2008|10:43] C:\DOCUME~1\Admin\APPLIC~1\ArcSoft
[02/11/2007|18:42] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[03/03/2007|23:37] C:\DOCUME~1\Admin\APPLIC~1\CyberLink
[27/10/2007|12:44] C:\DOCUME~1\Admin\APPLIC~1\DivX
[07/09/2008|18:01] C:\DOCUME~1\Admin\APPLIC~1\dvdcss
[27/10/2007|19:33] C:\DOCUME~1\Admin\APPLIC~1\Google
[18/03/2007|09:09] C:\DOCUME~1\Admin\APPLIC~1\Help
[03/02/2007|21:25] C:\DOCUME~1\Admin\APPLIC~1\Identities
[21/06/2008|00:58] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/04/2007|12:15] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[04/05/2007|19:06] C:\DOCUME~1\Admin\APPLIC~1\LaCie
[03/03/2007|14:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[16/03/2007|09:12] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[25/07/2008|12:42] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[15/11/2007|15:02] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[25/04/2008|20:28] C:\DOCUME~1\Admin\APPLIC~1\Motive
[07/09/2008|17:48] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[23/10/2007|20:44] C:\DOCUME~1\Admin\APPLIC~1\MSNInstaller
[04/03/2007|14:10] C:\DOCUME~1\Admin\APPLIC~1\My Games
[08/08/2008|15:08] C:\DOCUME~1\Admin\APPLIC~1\Nikon
[03/03/2007|15:35] C:\DOCUME~1\Admin\APPLIC~1\SecuROM
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\Skype
[04/01/2008|17:09] C:\DOCUME~1\Admin\APPLIC~1\Sports Interactive
[25/01/2008|21:14] C:\DOCUME~1\Admin\APPLIC~1\Sun
[02/07/2008|16:37] C:\DOCUME~1\Admin\APPLIC~1\SystemRequirementsLab
[02/06/2008|20:44] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[04/10/2008|19:42] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[07/02/2008|19:48] C:\DOCUME~1\Admin\APPLIC~1\vlc
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\vlc(2)
[10/03/2008|20:27] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[29/01/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/02/2008|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/11/2007|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[16/03/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/10/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[05/10/2008|03:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[03/02/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/05/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[02/06/2007|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[07/09/2008|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[24/03/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Saitek
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[07/02/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[04/02/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/10/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\szytgnyd
[03/02/2007|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[19/10/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[16/06/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[03/02/2007|21:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/10/2008|14:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[04/10/2008|14:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[03/02/2007|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/02/2008|18:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[03/10/2008|18:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
[03/02/2008|19:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[03/10/2008 19:00][--a------] C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[05/10/2008 01:33][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[04/10/2008 16:00][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/06/2008|21:56] C:\Program Files\Activision
[29/01/2008|09:17] C:\Program Files\Adobe
[04/11/2007|20:34] C:\Program Files\Agama
[01/12/2007|11:49] C:\Program Files\AGEIA Technologies
[03/02/2007|21:36] C:\Program Files\Ahead
[03/02/2007|21:42] C:\Program Files\Alwil Software
[17/01/2008|10:38] C:\Program Files\ArcSoft
[12/02/2008|18:51] C:\Program Files\Avira
[06/01/2008|17:32] C:\Program Files\AviSynth 2.5
[03/11/2007|01:35] C:\Program Files\AVS4YOU
[29/02/2008|18:51] C:\Program Files\Call of Duty
[27/10/2007|14:53] C:\Program Files\Canon
[03/02/2007|21:18] C:\Program Files\ComPlus Applications
[17/06/2007|18:25] C:\Program Files\Cryo
[06/01/2008|23:42] C:\Program Files\CyberLink
[15/10/2007|18:59] C:\Program Files\directx
[04/01/2008|17:01] C:\Program Files\D-Tools
[14/01/2008|20:40] C:\Program Files\EA GAMES
[30/09/2008|21:12] C:\Program Files\Fichiers communs
[03/03/2007|13:59] C:\Program Files\Firaxis Games
[22/09/2008|20:35] C:\Program Files\InstallShield Installation Information
[03/02/2007|21:27] C:\Program Files\Intel
[22/06/2007|15:59] C:\Program Files\InterActual
[20/08/2008|20:12] C:\Program Files\Internet Explorer
[20/10/2007|00:08] C:\Program Files\Inventel
[02/06/2008|20:31] C:\Program Files\Java
[04/03/2007|00:47] C:\Program Files\JoWooD
[28/10/2007|11:47] C:\Program Files\KONAMI
[04/05/2007|19:06] C:\Program Files\LaCie
[05/07/2007|18:09] C:\Program Files\Ligos
[17/06/2007|18:22] C:\Program Files\Lords of EverQuest
[22/02/2008|18:58] C:\Program Files\Maxis
[01/10/2008|21:35] C:\Program Files\McAfee
[20/08/2008|20:12] C:\Program Files\Messenger
[01/07/2008|18:52] C:\Program Files\Micro Application
[15/04/2007|14:31] C:\Program Files\Microids
[15/11/2007|15:02] C:\Program Files\microsoft frontpage
[28/05/2007|10:38] C:\Program Files\Microsoft Games
[15/11/2007|15:02] C:\Program Files\Microsoft Office
[22/11/2007|16:38] C:\Program Files\Microsoft SQL Server Compact Edition
[26/07/2008|15:34] C:\Program Files\Microsoft Xbox 360 Accessories
[03/02/2007|21:19] C:\Program Files\Movie Maker
[05/10/2008|03:53] C:\Program Files\Mozilla Firefox
[23/10/2007|20:44] C:\Program Files\MSN
[03/02/2007|21:18] C:\Program Files\MSN Gaming Zone
[14/11/2007|19:53] C:\Program Files\MSXML 4.0
[10/06/2007|19:21] C:\Program Files\MySight 2006
[04/10/2008|15:47] C:\Program Files\Navilog1
[03/02/2007|21:19] C:\Program Files\NetMeeting
[08/04/2007|09:49] C:\Program Files\Nikon
[15/11/2007|15:02] C:\Program Files\Office2K
[03/02/2007|21:18] C:\Program Files\Online Services
[25/04/2008|20:28] C:\Program Files\Orange
[26/04/2008|19:07] C:\Program Files\OrangeHSS
[20/10/2007|02:25] C:\Program Files\Outlook Express
[15/11/2007|15:02] C:\Program Files\PowerPoint Viewer
[10/02/2008|14:24] C:\Program Files\QuickTime
[03/02/2007|21:28] C:\Program Files\Realtek
[01/03/2008|12:20] C:\Program Files\Return to Castle Wolfenstein
[16/03/2007|09:08] C:\Program Files\Satsuki Decoder Pack
[02/10/2008|22:21] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[20/10/2007|00:36] C:\Program Files\Securitoo
[03/02/2007|21:20] C:\Program Files\Services en ligne
[16/06/2007|09:38] C:\Program Files\Sierra On-Line
[02/10/2008|22:21] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[02/06/2007|15:27] C:\Program Files\Ubisoft
[03/02/2007|21:25] C:\Program Files\Uninstall Information
[27/10/2007|17:40] C:\Program Files\Valve
[07/02/2008|01:05] C:\Program Files\VideoLAN
[07/02/2008|10:17] C:\Program Files\VLC
[25/04/2008|20:21] C:\Program Files\Wanadoo
[03/02/2008|19:37] C:\Program Files\Windows Defender
[27/02/2008|12:01] C:\Program Files\Windows Live
[20/10/2007|01:41] C:\Program Files\Windows Media Connect 2
[20/10/2007|01:41] C:\Program Files\Windows Media Player
[20/05/2007|11:12] C:\Program Files\Windows Messaging
[03/02/2007|21:18] C:\Program Files\Windows NT
[03/02/2007|21:20] C:\Program Files\WindowsUpdate
[22/02/2008|18:54] C:\Program Files\WinRAR
[31/03/2008|19:26] C:\Program Files\XBCD 360
[03/02/2007|21:21] C:\Program Files\xerox
[02/10/2008|21:28] C:\Program Files\xsbbbfg
[16/06/2008|14:49] C:\Program Files\Yahoo!
[04/01/2008|17:05] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[15/04/2007|12:15] C:\Program Files\Fichiers communs\Adobe
[03/02/2007|21:36] C:\Program Files\Fichiers communs\Ahead
[03/11/2007|01:35] C:\Program Files\Fichiers communs\AVSMedia
[02/07/2008|17:33] C:\Program Files\Fichiers communs\BioWare
[15/11/2007|15:04] C:\Program Files\Fichiers communs\Designer
[25/04/2008|20:21] C:\Program Files\Fichiers communs\France Telecom
[13/04/2007|19:37] C:\Program Files\Fichiers communs\InstallShield
[02/06/2008|20:28] C:\Program Files\Fichiers communs\Java
[30/09/2008|21:12] C:\Program Files\Fichiers communs\McAfee
[22/11/2007|16:35] C:\Program Files\Fichiers communs\Microsoft Shared
[25/04/2008|20:27] C:\Program Files\Fichiers communs\Motive
[03/02/2007|21:19] C:\Program Files\Fichiers communs\MSSoap
[08/08/2008|15:08] C:\Program Files\Fichiers communs\Nikon
[03/02/2007|22:12] C:\Program Files\Fichiers communs\ODBC
[03/02/2007|21:19] C:\Program Files\Fichiers communs\Services
[03/02/2007|22:12] C:\Program Files\Fichiers communs\SpeechEngines
[17/06/2007|18:11] C:\Program Files\Fichiers communs\SWF Studio
[15/11/2007|15:04] C:\Program Files\Fichiers communs\System
[22/11/2007|16:35] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[05/10/2008|03:40] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 54 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 03:58:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\Admin\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1094 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden files: 2
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:48][D:5]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:5][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:89][D:4]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 05/10/2008| 3:59 - Option : [2]
--------------------\\ Fin du rapport a 3:59:11
et le rapport de combofix.Ceci dit après quelques minutes j'ai tjs un trojan (celui qui tente de te faire acheter un antivirus en imitant une alerte du pare-feu windows).
ComboFix 08-10-04.07 - Admin 2008-10-05 4:12:39.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1516 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-05 03:56 . 2008-10-05 03:59 <REP> d-------- C:\Lop SD
2008-10-04 15:42 . 2008-10-04 15:47 <REP> d-------- C:\Program Files\Navilog1
2008-10-04 14:45 . 2008-10-04 14:45 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-10-03 19:13 . 2008-10-03 19:13 102,400 --a------ C:\WINDOWS\system32\mherwnur.exe
2008-10-02 22:21 . 2008-10-02 22:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-02 22:21 . 2008-10-02 22:21 <REP> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-02 21:28 . 2008-10-02 21:28 <REP> d-------- C:\Program Files\xsbbbfg
2008-10-02 21:28 . 2008-10-04 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\szytgnyd
2008-10-01 22:00 . 2008-10-03 18:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-30 21:12 . 2008-09-30 21:12 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-09-30 21:11 . 2008-10-01 21:35 <REP> d-------- C:\Program Files\McAfee
2008-09-22 19:02 . 2008-10-04 19:42 <REP> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 01:40 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-05 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-30 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-22 18:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-07 16:01 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-08-08 13:08 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-08-08 13:08 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nikon
2008-07-30 20:05 71,848 ----a-w C:\WINDOWS\UnInstall.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-16 16:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-10-13 05:37 22,328 ----a-w C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
2007-06-28 13:36 401,720 ----a-w C:\Documents and Settings\HiJackThis\HijackThis.Scanner.exe.exe
2007-03-16 15:56 832 ----a-w C:\Program Files\mpc4.reg
2007-03-16 15:56 680 ----a-w C:\Program Files\mpc2.reg
2007-03-16 15:56 596 ----a-w C:\Program Files\mpc1.reg
2007-03-16 15:56 4,482 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-03-16 15:56 31,526 ----a-w C:\Program Files\ffdssetts.reg
2007-03-16 15:56 30,164 ----a-w C:\Program Files\ffdsvsetts.reg
2007-03-16 15:56 3,476 ----a-w C:\Program Files\mpc7.reg
2007-03-16 15:56 3,026 ----a-w C:\Program Files\mpc3.reg
2007-03-16 15:56 18,156 ----a-w C:\Program Files\mpc6.reg
2007-03-16 15:56 16,086 ----a-w C:\Program Files\mpc5.reg
2007-03-16 15:56 1,172 ----a-w C:\Program Files\ffdsasetts.reg
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191AC1A7-66E5-1C75-D7C9-014D8DAD4EF2}]
2008-10-02 21:28 131072 --a------ C:\Program Files\xsbbbfg\apiapl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 2048000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"cmdsh"="C:\WINDOWS\system32\mherwnur.exe" [2008-10-03 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-10 385024]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 107248]
"Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 1476608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Office2K\Office\OSA9.EXE [1999-02-18 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-04-08 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\condition zero\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\day of defeat\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\deathmatch classic\\hl.exe"=
"E:\\Mes documents\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\ptop\\utorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4462:TCP"= 4462:TCP:127.0.0.1
"4672:TCP"= 4672:TCP:127.0.0.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 McciCMService;McciCMService;C:\Program Files\Fichiers communs\Motive\McciCMService.exe [2007-10-23 303104]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS [ ]
S3 SaiHF51A;SaiHF51A;C:\WINDOWS\system32\DRIVERS\SaiHF51A.sys [2007-09-14 135048]
S3 SaiUF51A;SaiUF51A;C:\WINDOWS\system32\DRIVERS\SaiUF51A.sys [2007-09-14 28544]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea3bus.sys [2007-01-26 61600]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-SmartHlp - C:\WINDOWS\system32\wzyncpcb.exe
HKLM-Run-RegistryMechanic - (no file)
HKLM-Explorer_Run-boESXRyJur - C:\Documents and Settings\All Users\Application Data\szytgnyd\wzatapgz.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zt6ybps4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\VLC\npvlc.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 04:14:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1094 bytes hidden from API
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-10-05 4:15:00
ComboFix-quarantined-files.txt 2008-10-05 02:14:58
Avant-CF: 8 732 180 480 octets libres
Après-CF: 8,728,338,432 octets libres
183 --- E O F --- 2008-10-04 16:00:29
ComboFix 08-10-04.07 - Admin 2008-10-05 4:12:39.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1516 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-05 03:56 . 2008-10-05 03:59 <REP> d-------- C:\Lop SD
2008-10-04 15:42 . 2008-10-04 15:47 <REP> d-------- C:\Program Files\Navilog1
2008-10-04 14:45 . 2008-10-04 14:45 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-10-03 19:13 . 2008-10-03 19:13 102,400 --a------ C:\WINDOWS\system32\mherwnur.exe
2008-10-02 22:21 . 2008-10-02 22:21 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-02 22:21 . 2008-10-02 22:21 <REP> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-02 21:28 . 2008-10-02 21:28 <REP> d-------- C:\Program Files\xsbbbfg
2008-10-02 21:28 . 2008-10-04 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\szytgnyd
2008-10-01 22:00 . 2008-10-03 18:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-30 21:12 . 2008-09-30 21:12 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-09-30 21:11 . 2008-10-01 21:35 <REP> d-------- C:\Program Files\McAfee
2008-09-22 19:02 . 2008-10-04 19:42 <REP> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 01:40 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-05 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-30 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-22 18:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-07 16:01 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-08-08 13:08 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-08-08 13:08 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nikon
2008-07-30 20:05 71,848 ----a-w C:\WINDOWS\UnInstall.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-16 16:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-10-13 05:37 22,328 ----a-w C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
2007-06-28 13:36 401,720 ----a-w C:\Documents and Settings\HiJackThis\HijackThis.Scanner.exe.exe
2007-03-16 15:56 832 ----a-w C:\Program Files\mpc4.reg
2007-03-16 15:56 680 ----a-w C:\Program Files\mpc2.reg
2007-03-16 15:56 596 ----a-w C:\Program Files\mpc1.reg
2007-03-16 15:56 4,482 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-03-16 15:56 31,526 ----a-w C:\Program Files\ffdssetts.reg
2007-03-16 15:56 30,164 ----a-w C:\Program Files\ffdsvsetts.reg
2007-03-16 15:56 3,476 ----a-w C:\Program Files\mpc7.reg
2007-03-16 15:56 3,026 ----a-w C:\Program Files\mpc3.reg
2007-03-16 15:56 18,156 ----a-w C:\Program Files\mpc6.reg
2007-03-16 15:56 16,086 ----a-w C:\Program Files\mpc5.reg
2007-03-16 15:56 1,172 ----a-w C:\Program Files\ffdsasetts.reg
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191AC1A7-66E5-1C75-D7C9-014D8DAD4EF2}]
2008-10-02 21:28 131072 --a------ C:\Program Files\xsbbbfg\apiapl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 2048000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"cmdsh"="C:\WINDOWS\system32\mherwnur.exe" [2008-10-03 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-10 385024]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 107248]
"Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 1476608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Program Files\Office2K\Office\OSA9.EXE [1999-02-18 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-04-08 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\condition zero\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\counter-strike\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\day of defeat\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\132643mgnp\\deathmatch classic\\hl.exe"=
"E:\\Mes documents\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\ptop\\utorrent\\utorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4462:TCP"= 4462:TCP:127.0.0.1
"4672:TCP"= 4672:TCP:127.0.0.1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 McciCMService;McciCMService;C:\Program Files\Fichiers communs\Motive\McciCMService.exe [2007-10-23 303104]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS [ ]
S3 SaiHF51A;SaiHF51A;C:\WINDOWS\system32\DRIVERS\SaiHF51A.sys [2007-09-14 135048]
S3 SaiUF51A;SaiUF51A;C:\WINDOWS\system32\DRIVERS\SaiUF51A.sys [2007-09-14 28544]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea3bus.sys [2007-01-26 61600]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-03 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-SmartHlp - C:\WINDOWS\system32\wzyncpcb.exe
HKLM-Run-RegistryMechanic - (no file)
HKLM-Explorer_Run-boESXRyJur - C:\Documents and Settings\All Users\Application Data\szytgnyd\wzatapgz.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\zt6ybps4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\VLC\npvlc.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 04:14:09
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1094 bytes hidden from API
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2008-10-05 4:15:00
ComboFix-quarantined-files.txt 2008-10-05 02:14:58
Avant-CF: 8 732 180 480 octets libres
Après-CF: 8,728,338,432 octets libres
183 --- E O F --- 2008-10-04 16:00:29
Bonjour
ok on continu
Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.fr
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 2( Suppression )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
Ensuite
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
@+
ok on continu
Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.fr
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 2( Suppression )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
Ensuite
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir
Il faut poster les rapports sinon je ne peux pas voir si la suppression a était faite et analyser pour te donner la suite
Il faut poster les rapports sinon je ne peux pas voir si la suppression a était faite et analyser pour te donner la suite
excuse moi pour le temps mis a te répondre ; je poste les rapports :
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 58 Go Free : 11 Go
D:\ (CD or DVD) - UDF - Total : 6 Go Free : 0 Go
E:\ (Local Disk) - NTFS - Total : 174 Go Free : 50 Go
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 07/10/2008|19:52 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[29/01/2008|09:19] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[28/05/2008|21:36] C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
[06/07/2007|20:51] C:\DOCUME~1\Admin\APPLIC~1\Ahead
[17/01/2008|10:43] C:\DOCUME~1\Admin\APPLIC~1\ArcSoft
[02/11/2007|18:42] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[03/03/2007|23:37] C:\DOCUME~1\Admin\APPLIC~1\CyberLink
[27/10/2007|12:44] C:\DOCUME~1\Admin\APPLIC~1\DivX
[07/09/2008|18:01] C:\DOCUME~1\Admin\APPLIC~1\dvdcss
[27/10/2007|19:33] C:\DOCUME~1\Admin\APPLIC~1\Google
[18/03/2007|09:09] C:\DOCUME~1\Admin\APPLIC~1\Help
[03/02/2007|21:25] C:\DOCUME~1\Admin\APPLIC~1\Identities
[21/06/2008|00:58] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/04/2007|12:15] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[04/05/2007|19:06] C:\DOCUME~1\Admin\APPLIC~1\LaCie
[03/03/2007|14:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[16/03/2007|09:12] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[25/07/2008|12:42] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[15/11/2007|15:02] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[25/04/2008|20:28] C:\DOCUME~1\Admin\APPLIC~1\Motive
[07/09/2008|17:48] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[23/10/2007|20:44] C:\DOCUME~1\Admin\APPLIC~1\MSNInstaller
[04/03/2007|14:10] C:\DOCUME~1\Admin\APPLIC~1\My Games
[08/08/2008|15:08] C:\DOCUME~1\Admin\APPLIC~1\Nikon
[03/03/2007|15:35] C:\DOCUME~1\Admin\APPLIC~1\SecuROM
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\Skype
[04/01/2008|17:09] C:\DOCUME~1\Admin\APPLIC~1\Sports Interactive
[25/01/2008|21:14] C:\DOCUME~1\Admin\APPLIC~1\Sun
[02/07/2008|16:37] C:\DOCUME~1\Admin\APPLIC~1\SystemRequirementsLab
[02/06/2008|20:44] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[04/10/2008|19:42] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[07/02/2008|19:48] C:\DOCUME~1\Admin\APPLIC~1\vlc
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\vlc(2)
[10/03/2008|20:27] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[29/01/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/02/2008|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/11/2007|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[16/03/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/10/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[05/10/2008|03:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[05/10/2008|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/05/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[02/06/2007|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[07/09/2008|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[24/03/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Saitek
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[07/02/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[04/02/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/10/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\szytgnyd
[03/02/2007|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[19/10/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[16/06/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[03/02/2007|21:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/10/2008|14:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[04/10/2008|14:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[03/02/2007|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/02/2008|18:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[03/10/2008|18:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
[03/02/2008|19:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[05/10/2008 19:00][--a------] C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[07/10/2008 19:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/06/2008|21:56] C:\Program Files\Activision
[29/01/2008|09:17] C:\Program Files\Adobe
[04/11/2007|20:34] C:\Program Files\Agama
[01/12/2007|11:49] C:\Program Files\AGEIA Technologies
[03/02/2007|21:36] C:\Program Files\Ahead
[03/02/2007|21:42] C:\Program Files\Alwil Software
[17/01/2008|10:38] C:\Program Files\ArcSoft
[12/02/2008|18:51] C:\Program Files\Avira
[06/01/2008|17:32] C:\Program Files\AviSynth 2.5
[03/11/2007|01:35] C:\Program Files\AVS4YOU
[29/02/2008|18:51] C:\Program Files\Call of Duty
[27/10/2007|14:53] C:\Program Files\Canon
[03/02/2007|21:18] C:\Program Files\ComPlus Applications
[17/06/2007|18:25] C:\Program Files\Cryo
[06/01/2008|23:42] C:\Program Files\CyberLink
[15/10/2007|18:59] C:\Program Files\directx
[04/01/2008|17:01] C:\Program Files\D-Tools
[14/01/2008|20:40] C:\Program Files\EA GAMES
[05/10/2008|04:13] C:\Program Files\Fichiers communs
[03/03/2007|13:59] C:\Program Files\Firaxis Games
[22/09/2008|20:35] C:\Program Files\InstallShield Installation Information
[03/02/2007|21:27] C:\Program Files\Intel
[22/06/2007|15:59] C:\Program Files\InterActual
[20/08/2008|20:12] C:\Program Files\Internet Explorer
[20/10/2007|00:08] C:\Program Files\Inventel
[02/06/2008|20:31] C:\Program Files\Java
[04/03/2007|00:47] C:\Program Files\JoWooD
[28/10/2007|11:47] C:\Program Files\KONAMI
[04/05/2007|19:06] C:\Program Files\LaCie
[05/07/2007|18:09] C:\Program Files\Ligos
[17/06/2007|18:22] C:\Program Files\Lords of EverQuest
[22/02/2008|18:58] C:\Program Files\Maxis
[01/10/2008|21:35] C:\Program Files\McAfee
[20/08/2008|20:12] C:\Program Files\Messenger
[01/07/2008|18:52] C:\Program Files\Micro Application
[15/04/2007|14:31] C:\Program Files\Microids
[15/11/2007|15:02] C:\Program Files\microsoft frontpage
[28/05/2007|10:38] C:\Program Files\Microsoft Games
[15/11/2007|15:02] C:\Program Files\Microsoft Office
[22/11/2007|16:38] C:\Program Files\Microsoft SQL Server Compact Edition
[26/07/2008|15:34] C:\Program Files\Microsoft Xbox 360 Accessories
[03/02/2007|21:19] C:\Program Files\Movie Maker
[07/10/2008|19:43] C:\Program Files\Mozilla Firefox
[23/10/2007|20:44] C:\Program Files\MSN
[03/02/2007|21:18] C:\Program Files\MSN Gaming Zone
[14/11/2007|19:53] C:\Program Files\MSXML 4.0
[10/06/2007|19:21] C:\Program Files\MySight 2006
[07/10/2008|19:45] C:\Program Files\Navilog1
[03/02/2007|21:19] C:\Program Files\NetMeeting
[08/04/2007|09:49] C:\Program Files\Nikon
[15/11/2007|15:02] C:\Program Files\Office2K
[03/02/2007|21:18] C:\Program Files\Online Services
[25/04/2008|20:28] C:\Program Files\Orange
[26/04/2008|19:07] C:\Program Files\OrangeHSS
[20/10/2007|02:25] C:\Program Files\Outlook Express
[15/11/2007|15:02] C:\Program Files\PowerPoint Viewer
[10/02/2008|14:24] C:\Program Files\QuickTime
[03/02/2007|21:28] C:\Program Files\Realtek
[01/03/2008|12:20] C:\Program Files\Return to Castle Wolfenstein
[16/03/2007|09:08] C:\Program Files\Satsuki Decoder Pack
[02/10/2008|22:21] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[20/10/2007|00:36] C:\Program Files\Securitoo
[03/02/2007|21:20] C:\Program Files\Services en ligne
[16/06/2007|09:38] C:\Program Files\Sierra On-Line
[02/10/2008|22:21] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[02/06/2007|15:27] C:\Program Files\Ubisoft
[03/02/2007|21:25] C:\Program Files\Uninstall Information
[27/10/2007|17:40] C:\Program Files\Valve
[07/02/2008|01:05] C:\Program Files\VideoLAN
[07/02/2008|10:17] C:\Program Files\VLC
[25/04/2008|20:21] C:\Program Files\Wanadoo
[27/02/2008|12:01] C:\Program Files\Windows Live
[20/10/2007|01:41] C:\Program Files\Windows Media Connect 2
[20/10/2007|01:41] C:\Program Files\Windows Media Player
[20/05/2007|11:12] C:\Program Files\Windows Messaging
[03/02/2007|21:18] C:\Program Files\Windows NT
[03/02/2007|21:20] C:\Program Files\WindowsUpdate
[22/02/2008|18:54] C:\Program Files\WinRAR
[31/03/2008|19:26] C:\Program Files\XBCD 360
[03/02/2007|21:21] C:\Program Files\xerox
[02/10/2008|21:28] C:\Program Files\xsbbbfg
[16/06/2008|14:49] C:\Program Files\Yahoo!
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 2
08/10/2008 07:44:21
mbam-log-2008-10-08 (07-44-21).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 175406
Temps écoulé: 3 hour(s), 24 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:44, on 07/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\mherwnur.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\VLC\vlc.exe
C:\Documents and Settings\HiJackThis\HijackThis.Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {191AC1A7-66E5-1C75-D7C9-014D8DAD4EF2} - C:\Program Files\xsbbbfg\apiapl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmdsh] C:\WINDOWS\system32\mherwnur.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\AMVConverter\grab.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0980c12176fdf7ef.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 58 Go Free : 11 Go
D:\ (CD or DVD) - UDF - Total : 6 Go Free : 0 Go
E:\ (Local Disk) - NTFS - Total : 174 Go Free : 50 Go
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 07/10/2008|19:52 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[29/01/2008|09:19] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[28/05/2008|21:36] C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
[06/07/2007|20:51] C:\DOCUME~1\Admin\APPLIC~1\Ahead
[17/01/2008|10:43] C:\DOCUME~1\Admin\APPLIC~1\ArcSoft
[02/11/2007|18:42] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[03/03/2007|23:37] C:\DOCUME~1\Admin\APPLIC~1\CyberLink
[27/10/2007|12:44] C:\DOCUME~1\Admin\APPLIC~1\DivX
[07/09/2008|18:01] C:\DOCUME~1\Admin\APPLIC~1\dvdcss
[27/10/2007|19:33] C:\DOCUME~1\Admin\APPLIC~1\Google
[18/03/2007|09:09] C:\DOCUME~1\Admin\APPLIC~1\Help
[03/02/2007|21:25] C:\DOCUME~1\Admin\APPLIC~1\Identities
[21/06/2008|00:58] C:\DOCUME~1\Admin\APPLIC~1\InstallShield
[15/04/2007|12:15] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[04/05/2007|19:06] C:\DOCUME~1\Admin\APPLIC~1\LaCie
[03/03/2007|14:50] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[16/03/2007|09:12] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[25/07/2008|12:42] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[15/11/2007|15:02] C:\DOCUME~1\Admin\APPLIC~1\Microsoft Web Folders
[25/04/2008|20:28] C:\DOCUME~1\Admin\APPLIC~1\Motive
[07/09/2008|17:48] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[23/10/2007|20:44] C:\DOCUME~1\Admin\APPLIC~1\MSNInstaller
[04/03/2007|14:10] C:\DOCUME~1\Admin\APPLIC~1\My Games
[08/08/2008|15:08] C:\DOCUME~1\Admin\APPLIC~1\Nikon
[03/03/2007|15:35] C:\DOCUME~1\Admin\APPLIC~1\SecuROM
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\Skype
[04/01/2008|17:09] C:\DOCUME~1\Admin\APPLIC~1\Sports Interactive
[25/01/2008|21:14] C:\DOCUME~1\Admin\APPLIC~1\Sun
[02/07/2008|16:37] C:\DOCUME~1\Admin\APPLIC~1\SystemRequirementsLab
[02/06/2008|20:44] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[04/10/2008|19:42] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[07/02/2008|19:48] C:\DOCUME~1\Admin\APPLIC~1\vlc
[07/02/2008|10:17] C:\DOCUME~1\Admin\APPLIC~1\vlc(2)
[10/03/2008|20:27] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[29/01/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/02/2008|18:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/11/2007|18:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[16/03/2007|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[21/10/2007|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[05/10/2008|03:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[05/10/2008|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/05/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[02/06/2007|15:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[07/09/2008|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[24/03/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Saitek
[30/09/2008|21:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[07/02/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[04/02/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/10/2008|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\szytgnyd
[03/02/2007|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[19/10/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[16/06/2008|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[03/02/2007|21:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[04/10/2008|14:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[04/10/2008|14:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[03/02/2007|21:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[03/02/2008|18:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[03/10/2008|18:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\SACore
[03/02/2008|19:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[05/10/2008 19:00][--a------] C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[07/10/2008 19:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/06/2008|21:56] C:\Program Files\Activision
[29/01/2008|09:17] C:\Program Files\Adobe
[04/11/2007|20:34] C:\Program Files\Agama
[01/12/2007|11:49] C:\Program Files\AGEIA Technologies
[03/02/2007|21:36] C:\Program Files\Ahead
[03/02/2007|21:42] C:\Program Files\Alwil Software
[17/01/2008|10:38] C:\Program Files\ArcSoft
[12/02/2008|18:51] C:\Program Files\Avira
[06/01/2008|17:32] C:\Program Files\AviSynth 2.5
[03/11/2007|01:35] C:\Program Files\AVS4YOU
[29/02/2008|18:51] C:\Program Files\Call of Duty
[27/10/2007|14:53] C:\Program Files\Canon
[03/02/2007|21:18] C:\Program Files\ComPlus Applications
[17/06/2007|18:25] C:\Program Files\Cryo
[06/01/2008|23:42] C:\Program Files\CyberLink
[15/10/2007|18:59] C:\Program Files\directx
[04/01/2008|17:01] C:\Program Files\D-Tools
[14/01/2008|20:40] C:\Program Files\EA GAMES
[05/10/2008|04:13] C:\Program Files\Fichiers communs
[03/03/2007|13:59] C:\Program Files\Firaxis Games
[22/09/2008|20:35] C:\Program Files\InstallShield Installation Information
[03/02/2007|21:27] C:\Program Files\Intel
[22/06/2007|15:59] C:\Program Files\InterActual
[20/08/2008|20:12] C:\Program Files\Internet Explorer
[20/10/2007|00:08] C:\Program Files\Inventel
[02/06/2008|20:31] C:\Program Files\Java
[04/03/2007|00:47] C:\Program Files\JoWooD
[28/10/2007|11:47] C:\Program Files\KONAMI
[04/05/2007|19:06] C:\Program Files\LaCie
[05/07/2007|18:09] C:\Program Files\Ligos
[17/06/2007|18:22] C:\Program Files\Lords of EverQuest
[22/02/2008|18:58] C:\Program Files\Maxis
[01/10/2008|21:35] C:\Program Files\McAfee
[20/08/2008|20:12] C:\Program Files\Messenger
[01/07/2008|18:52] C:\Program Files\Micro Application
[15/04/2007|14:31] C:\Program Files\Microids
[15/11/2007|15:02] C:\Program Files\microsoft frontpage
[28/05/2007|10:38] C:\Program Files\Microsoft Games
[15/11/2007|15:02] C:\Program Files\Microsoft Office
[22/11/2007|16:38] C:\Program Files\Microsoft SQL Server Compact Edition
[26/07/2008|15:34] C:\Program Files\Microsoft Xbox 360 Accessories
[03/02/2007|21:19] C:\Program Files\Movie Maker
[07/10/2008|19:43] C:\Program Files\Mozilla Firefox
[23/10/2007|20:44] C:\Program Files\MSN
[03/02/2007|21:18] C:\Program Files\MSN Gaming Zone
[14/11/2007|19:53] C:\Program Files\MSXML 4.0
[10/06/2007|19:21] C:\Program Files\MySight 2006
[07/10/2008|19:45] C:\Program Files\Navilog1
[03/02/2007|21:19] C:\Program Files\NetMeeting
[08/04/2007|09:49] C:\Program Files\Nikon
[15/11/2007|15:02] C:\Program Files\Office2K
[03/02/2007|21:18] C:\Program Files\Online Services
[25/04/2008|20:28] C:\Program Files\Orange
[26/04/2008|19:07] C:\Program Files\OrangeHSS
[20/10/2007|02:25] C:\Program Files\Outlook Express
[15/11/2007|15:02] C:\Program Files\PowerPoint Viewer
[10/02/2008|14:24] C:\Program Files\QuickTime
[03/02/2007|21:28] C:\Program Files\Realtek
[01/03/2008|12:20] C:\Program Files\Return to Castle Wolfenstein
[16/03/2007|09:08] C:\Program Files\Satsuki Decoder Pack
[02/10/2008|22:21] C:\Program Files\SDHelper (Spybot - Search & Destroy)
[20/10/2007|00:36] C:\Program Files\Securitoo
[03/02/2007|21:20] C:\Program Files\Services en ligne
[16/06/2007|09:38] C:\Program Files\Sierra On-Line
[02/10/2008|22:21] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[02/06/2007|15:27] C:\Program Files\Ubisoft
[03/02/2007|21:25] C:\Program Files\Uninstall Information
[27/10/2007|17:40] C:\Program Files\Valve
[07/02/2008|01:05] C:\Program Files\VideoLAN
[07/02/2008|10:17] C:\Program Files\VLC
[25/04/2008|20:21] C:\Program Files\Wanadoo
[27/02/2008|12:01] C:\Program Files\Windows Live
[20/10/2007|01:41] C:\Program Files\Windows Media Connect 2
[20/10/2007|01:41] C:\Program Files\Windows Media Player
[20/05/2007|11:12] C:\Program Files\Windows Messaging
[03/02/2007|21:18] C:\Program Files\Windows NT
[03/02/2007|21:20] C:\Program Files\WindowsUpdate
[22/02/2008|18:54] C:\Program Files\WinRAR
[31/03/2008|19:26] C:\Program Files\XBCD 360
[03/02/2007|21:21] C:\Program Files\xerox
[02/10/2008|21:28] C:\Program Files\xsbbbfg
[16/06/2008|14:49] C:\Program Files\Yahoo!
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 2
08/10/2008 07:44:21
mbam-log-2008-10-08 (07-44-21).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 175406
Temps écoulé: 3 hour(s), 24 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:44, on 07/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\mherwnur.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\VLC\vlc.exe
C:\Documents and Settings\HiJackThis\HijackThis.Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {191AC1A7-66E5-1C75-D7C9-014D8DAD4EF2} - C:\Program Files\xsbbbfg\apiapl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmdsh] C:\WINDOWS\system32\mherwnur.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to AMV Converter... - E:\Program Files\AMVConverter\grab.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0980c12176fdf7ef.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
Bonsoir
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
