Au secour contaminé par exmdnk
Résolu
MrDoS
Messages postés
97
Statut
Membre
-
MrDoS Messages postés 97 Statut Membre -
MrDoS Messages postés 97 Statut Membre -
Bonjour,
C la misere j'ai un bon gros virus et pas moyen de m'en separer!!! j'ai lu quelques post j'ai donc fait un scan Hijackthis dont voici le rapport il me faut SVP l'avis d'un Expert...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:06, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\a-squared Free\a2service.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [devenv] G:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] G:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [lphcn97j0ecdv] G:\WINDOWS\system32\lphcn97j0ecdv.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - G:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
C la misere j'ai un bon gros virus et pas moyen de m'en separer!!! j'ai lu quelques post j'ai donc fait un scan Hijackthis dont voici le rapport il me faut SVP l'avis d'un Expert...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:06, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\a-squared Free\a2service.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [devenv] G:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] G:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [lphcn97j0ecdv] G:\WINDOWS\system32\lphcn97j0ecdv.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - G:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
A voir également:
- Au secour contaminé par exmdnk
- Cette plante très toxique envahit la France - et elle contamine les denrées alimentaires - Guide
29 réponses
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Hello pour avancer jlpjlp ;)
MrDoS, tu as installé malwarebyte ?
Si c'est le cas démarre en mode sans échec
Comment faire >> https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
Redémarres l’ordinateur
Dès le chargement du BIOS, commences à appuyer sur la touche F8 de ton clavier,i jusqu'au ou le menu des options avancées de Windows apparait.
Sélectionne "Mode sans échec" dans le menu puis appuyez sur Entrée.
* Lance MalwareByte's Anti-Malware, clique sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
* // !! \\ Une fois le scan terminé, Si des elements on ete trouvés > cliques sur supprimer la selection. (si un message te demande de redémarrer le PC, accepte.)
* Un rapport sera généré, poste le ici.
@++
MrDoS, tu as installé malwarebyte ?
Si c'est le cas démarre en mode sans échec
Comment faire >> https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
Redémarres l’ordinateur
Dès le chargement du BIOS, commences à appuyer sur la touche F8 de ton clavier,i jusqu'au ou le menu des options avancées de Windows apparait.
Sélectionne "Mode sans échec" dans le menu puis appuyez sur Entrée.
* Lance MalwareByte's Anti-Malware, clique sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
* // !! \\ Une fois le scan terminé, Si des elements on ete trouvés > cliques sur supprimer la selection. (si un message te demande de redémarrer le PC, accepte.)
* Un rapport sera généré, poste le ici.
@++
slt,
scan avec malwarebyte minutieusement et colle le rapport et virer ce qui est trouvépuis remets un nouvel hijackthis et dis tes soucis
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
scan avec malwarebyte minutieusement et colle le rapport et virer ce qui est trouvépuis remets un nouvel hijackthis et dis tes soucis
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut
Merci bcp jlpjlp de me donner un coup de main, et de t'interesser a mon probleme je sait que les manipulations pour ce sortir des effet de ce virus sont assez longues et complexe j'espere qu'a terme je pouré aussi aider ceux qui on recuperre cette saloperie
Je colle le rapport des que c'est fini en attendant une te donne une petite idée des pbms rencontrés, fonc d'ecran modifier (fait la pub d'un antimalware en me disant que ma machine est touchée (comme si j'etais pas au courant))
ralenti considerablement ma machine et des que j'essaye de le virer son activité devient telment intense que je peu plus rien faire!!!!!
suite au prochain episode (rapport malware bytes)
Merci bcp jlpjlp de me donner un coup de main, et de t'interesser a mon probleme je sait que les manipulations pour ce sortir des effet de ce virus sont assez longues et complexe j'espere qu'a terme je pouré aussi aider ceux qui on recuperre cette saloperie
Je colle le rapport des que c'est fini en attendant une te donne une petite idée des pbms rencontrés, fonc d'ecran modifier (fait la pub d'un antimalware en me disant que ma machine est touchée (comme si j'etais pas au courant))
ralenti considerablement ma machine et des que j'essaye de le virer son activité devient telment intense que je peu plus rien faire!!!!!
suite au prochain episode (rapport malware bytes)
Petard incroyable cette S****** de virus
Impossible de mener le scan a son terme il me simule des ecrans bleu qui n'en son pas le scan est aborté avant terme, alors je pense a une autre technique sugérée sur les forums:
Stp jete un oeil et dis moi ce ke t'en pense et si tu connais la manip des fois que j'ai besoin 'un coups de pouce!!
Merci encore.
Liens:
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/processus-debarrasser-resolu-sujet_200773_1.htm
Impossible de mener le scan a son terme il me simule des ecrans bleu qui n'en son pas le scan est aborté avant terme, alors je pense a une autre technique sugérée sur les forums:
Stp jete un oeil et dis moi ce ke t'en pense et si tu connais la manip des fois que j'ai besoin 'un coups de pouce!!
Merci encore.
Liens:
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/processus-debarrasser-resolu-sujet_200773_1.htm
Tres bien je vous suit je posterais le rapport ce soir ou demain au plus tard
Merci encore pour votre aide....
Merci encore pour votre aide....
Punaise la misere 19 infections rien que ca, je suis content j'ai reussit a recupere mon fond d'ecran c'est deja bien je soumet donc ce rapport a votre avis d'expert....
-------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1288
Windows 5.1.2600 Service Pack 2
21/10/2008 21:17:45
mbam-log-2008-10-21 (21-17-37).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|J:\|Z:\|)
Eléments examinés: 121963
Temps écoulé: 1 hour(s), 5 minute(s), 39 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
G:\WINDOWS\system32\blphcn97j0ecdv.scr (Trojan.FakeAlert) -> No action taken.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcn97j0ecdv (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
G:\WINDOWS\system32\msnmsgs.exe (Trojan.Agent) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
G:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
G:\WINDOWS\system32\blphcn97j0ecdv.scr (Trojan.FakeAlert) -> No action taken.
G:\WINDOWS\system32\lphcn97j0ecdv.exe (Trojan.FakeAlert) -> No action taken.
G:\WINDOWS\system32\phcn97j0ecdv.bmp (Trojan.FakeAlert) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt4B.tmp.vbs (Trojan.FakeAlert) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3.tmp.vbs (Trojan.FakeAlert) -> No action taken.
-------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1288
Windows 5.1.2600 Service Pack 2
21/10/2008 21:17:45
mbam-log-2008-10-21 (21-17-37).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|J:\|Z:\|)
Eléments examinés: 121963
Temps écoulé: 1 hour(s), 5 minute(s), 39 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
G:\WINDOWS\system32\blphcn97j0ecdv.scr (Trojan.FakeAlert) -> No action taken.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcn97j0ecdv (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
G:\WINDOWS\system32\msnmsgs.exe (Trojan.Agent) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
G:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
G:\WINDOWS\system32\blphcn97j0ecdv.scr (Trojan.FakeAlert) -> No action taken.
G:\WINDOWS\system32\lphcn97j0ecdv.exe (Trojan.FakeAlert) -> No action taken.
G:\WINDOWS\system32\phcn97j0ecdv.bmp (Trojan.FakeAlert) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt4B.tmp.vbs (Trojan.FakeAlert) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3.tmp.vbs (Trojan.FakeAlert) -> No action taken.
Bonsoir,
Réouvres Malwarebytes' Anti-Malware va sur l'onglet quarantaine et supprimes tout.
Puis met un nouveau rapport hijackthis.
@++
Réouvres Malwarebytes' Anti-Malware va sur l'onglet quarantaine et supprimes tout.
Puis met un nouveau rapport hijackthis.
@++
bon voila c'est fait
Ceci dit juste avant de le suprimer j'ai a nouveau vu le processus tenter de s'executer et etre bloquer par le pare feu mais c'est peu etre du au fait qu'il etait encore dans la zone de quarantaine!
Autre nouveauté j'ai un rootkit "glaide32" surment un autre programme malveillant qui s'est fait invité par ceux deja present.
Ceci dit juste avant de le suprimer j'ai a nouveau vu le processus tenter de s'executer et etre bloquer par le pare feu mais c'est peu etre du au fait qu'il etait encore dans la zone de quarantaine!
Autre nouveauté j'ai un rootkit "glaide32" surment un autre programme malveillant qui s'est fait invité par ceux deja present.
j'oubliais bah oui le rapport hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:38, on 22/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Spyware Doctor\pctsTray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\a-squared Free\a2service.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Spyware Doctor\pctsAuxs.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Spyware Doctor\pctsSvc.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\alg.exe
G:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Spyware Doctor\pctsGui.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [devenv] G:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] G:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [ISTray] "G:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] G:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - G:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:38, on 22/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\system32\rundll32.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Spyware Doctor\pctsTray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\a-squared Free\a2service.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Spyware Doctor\pctsAuxs.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Spyware Doctor\pctsSvc.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\alg.exe
G:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Spyware Doctor\pctsGui.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [devenv] G:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] G:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [ISTray] "G:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] G:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - G:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe
alors euh le tuto fonctione bien mais le liens pr telecharger le soft est mort ainsi que ceux qui sont egalement sugeré ds le tuto alors comment on fait???
ComboFix 08-10-22.05 - Administrateur 2008-10-23 21:26:15.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.610 [GMT 2:00]
Lancé depuis: G:\Documents and Settings\Administrateur\Bureau\Maintenance PC\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\WINDOWS\system\smvss.exe
G:\WINDOWS\system32\pthreadVC.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-23 20:35 . 2004-08-03 22:59 36,352 --a------ G:\WINDOWS\system32\drivers\disk.sys
2008-10-23 20:33 . 2008-10-23 20:35 <REP> d-------- G:\WINDOWS\LastGood
2008-10-22 21:02 . 2008-10-22 21:02 <REP> d-------- G:\Program Files\Sophos
2008-10-22 21:00 . 2007-01-18 14:00 3,968 --a------ G:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-21 21:33 . 2008-10-23 21:21 <REP> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-10-21 21:33 . 2008-08-25 12:36 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-21 21:33 . 2008-08-25 12:36 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-21 21:33 . 2008-08-25 12:36 40,840 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-21 21:33 . 2008-06-02 16:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-10-21 21:32 . 2008-10-23 19:20 <REP> d-------- G:\Program Files\Spyware Doctor
2008-10-21 21:32 . 2008-10-21 21:32 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-10-21 06:50 . 2008-10-21 06:50 268 --ah----- G:\sqmdata00.sqm
2008-10-21 06:50 . 2008-10-21 06:50 244 --ah----- G:\sqmnoopt00.sqm
2008-10-20 18:55 . 2008-10-23 21:28 93,918 --a------ G:\WINDOWS\system32\drivers\glaide32.sys
2008-10-19 23:02 . 2008-10-19 23:09 <REP> d-------- G:\SDFix
2008-10-19 22:58 . 2007-09-06 00:22 289,144 --a------ G:\WINDOWS\system32\VCCLSID.exe
2008-10-19 22:58 . 2006-04-27 17:49 288,417 --a------ G:\WINDOWS\system32\SrchSTS.exe
2008-10-19 22:58 . 2008-09-08 23:38 88,576 --a------ G:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-19 22:58 . 2008-10-01 15:51 87,552 --a------ G:\WINDOWS\system32\VACFix.exe
2008-10-19 22:58 . 2008-10-10 08:58 82,944 --a------ G:\WINDOWS\system32\o4Patch.exe
2008-10-19 22:58 . 2008-10-10 08:58 82,944 --a------ G:\WINDOWS\system32\IEDFix.C.exe
2008-10-19 22:58 . 2008-08-18 12:19 82,432 --a------ G:\WINDOWS\system32\404Fix.exe
2008-10-19 22:58 . 2004-07-31 18:50 51,200 --a------ G:\WINDOWS\system32\dumphive.exe
2008-10-19 22:58 . 2007-10-04 00:36 25,600 --a------ G:\WINDOWS\system32\WS2Fix.exe
2008-10-19 22:58 . 2008-10-19 22:58 2,940 --a------ G:\WINDOWS\system32\tmp.reg
2008-10-19 22:51 . 2008-10-19 22:51 <REP> d-------- G:\Program Files\CCleaner
2008-10-19 13:30 . 2008-10-19 13:30 <REP> d-------- G:\Program Files\TomTom DesktopSuite
2008-10-19 00:28 . 2008-10-19 00:28 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-19 00:27 . 2008-10-19 00:27 <REP> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-10-19 00:27 . 2008-10-19 00:27 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-19 00:27 . 2008-10-16 20:25 38,496 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-19 00:27 . 2008-10-16 20:25 15,504 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 12:47 . 2008-10-18 12:47 <REP> d-------- G:\Program Files\Trend Micro
2008-10-18 08:56 . 2008-10-18 11:08 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\MobileSyncBrowser
2008-10-14 22:15 . 2008-10-14 22:15 <REP> d-------- G:\Program Files\HDD Health
2008-10-08 19:39 . 2008-10-19 11:45 51 --a------ G:\WINDOWS\npornap.INI
2008-10-08 19:36 . 2008-10-08 19:36 <REP> d-------- G:\Program Files\Orange
2008-10-01 22:37 . 2008-10-01 22:37 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\ESET
2008-10-01 21:41 . 2008-10-01 23:21 <REP> d-------- G:\Program Files\ESET
2008-10-01 21:41 . 2008-10-01 21:41 <REP> d-------- G:\Documents and Settings\All Users\Application Data\ESET
2008-10-01 21:38 . 2008-10-01 22:40 174,513 --a------ G:\WINDOWS\Dasumo Fix v3.2.exe
2008-09-30 19:09 . 2008-04-17 13:12 107,368 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-09-30 19:09 . 2008-04-17 13:12 15,464 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-30 19:08 . 2008-09-30 19:09 <REP> d-------- G:\Program Files\iTunes
2008-09-30 19:08 . 2008-09-30 19:08 <REP> d-------- G:\Program Files\iPod
2008-09-30 19:08 . 2008-09-30 19:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 19:05 . 2008-09-30 19:06 <REP> d-------- G:\Program Files\QuickTime
2008-09-27 12:48 . 2008-09-27 12:48 <REP> d-------- G:\Program Files\Service Record
2008-09-27 00:10 . 2006-06-10 21:40 1,085,440 --a------ G:\WINDOWS\system32\GflAx.dll
2008-09-27 00:10 . 2004-03-09 00:00 609,824 --a------ G:\WINDOWS\system32\comctl32.ocx
2008-09-27 00:10 . 2001-04-24 16:22 140,288 --a------ G:\WINDOWS\system32\comdlg32.ocx
2008-09-27 00:10 . 2000-10-02 01:00 119,568 --a------ G:\WINDOWS\system32\vb6fr.dll
2008-09-27 00:10 . 2001-06-11 20:03 98,304 --a------ G:\WINDOWS\system32\HLBButton6.ocx
2008-09-27 00:10 . 2002-12-16 15:27 40,960 --a------ G:\WINDOWS\system32\vbalFlBr6.dll
2008-09-27 00:10 . 2003-02-06 07:58 40,960 --a------ G:\WINDOWS\system32\MouseEventsCapture.ocx
2008-09-27 00:10 . 2008-03-05 22:38 40,960 --a------ G:\WINDOWS\system32\LedCommon.dll
2008-09-26 19:02 . 2008-09-26 19:02 <REP> d-------- G:\Program Files\ffdshow
2008-09-26 19:02 . 2008-06-08 23:58 60,273 --a------ G:\WINDOWS\system32\pthreadGC2.dll
2008-09-26 19:02 . 2008-06-12 20:36 7,680 --a------ G:\WINDOWS\system32\ff_vfw.dll
2008-09-26 19:02 . 2007-07-10 18:10 547 --a------ G:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-23 18:09 . 2008-09-23 18:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-09-23 18:08 . 2008-09-23 18:08 <REP> d-------- G:\Program Files\Team MediaPortal
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 16:50 --------- d-----w G:\Program Files\FlashGet
2008-10-21 21:09 --------- d-----w G:\Program Files\a-squared Free
2008-10-18 10:06 --------- d-----w G:\Program Files\Ad-Aware
2008-10-18 07:47 --------- d-----w G:\Program Files\eMule
2008-10-08 17:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-10-04 11:21 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-10-04 11:19 --------- d-----w G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 17:05 --------- d-----w G:\Program Files\Fichiers communs\Apple
2008-09-30 16:56 --------- d-----w G:\Program Files\Bonjour
2008-08-29 14:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\TomTom
2008-08-29 14:48 --------- d-----w G:\Program Files\TomTom HOME 2
2008-08-29 14:48 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TomTom
2008-08-29 08:18 87,336 ----a-w G:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w G:\WINDOWS\system32\dnssd.dll
2008-08-27 18:57 --------- d-----w G:\Program Files\Apple Software Update
2008-08-26 21:03 --------- d-----w G:\Program Files\Freeplayer
2008-08-25 19:36 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TeamViewer
.
------- Sigcheck -------
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2GDR\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2QFE\user32.dll
2006-12-15 00:21 578048 4a048552ca537ef146a8c21a0881b1ba G:\WINDOWS\system32\user32.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2GDR\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2QFE\wininet.dll
2006-12-16 01:51 838656 1cc220712da13c68aa19ab97436aed79 G:\WINDOWS\system32\wininet.dll
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-04 14:57 360576 c7be59b07c6eb74bea6fd67c1b164015 G:\WINDOWS\system32\drivers\tcpip.sys
2006-12-15 00:30 507904 fb66744d525ea5df9a719f1db9b2dff4 G:\WINDOWS\system32\winlogon.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntkrnlpa.exe
2007-02-28 08:08 2061440 7a56a64eb50399613587e90292dd2aab G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntkrnlpa.exe
2004-08-28 14:00 2217344 4348884ddd80826b35bcbe5bc67a4a1b G:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntoskrnl.exe
2001-08-28 14:00 2340096 49f2e8f99dfa03763270bc1aaf521573 G:\WINDOWS\system32\ntoskrnl.exe
2001-08-28 14:00 1934848 1630d57b8370b7a20a41bb4c1e459edf G:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2GDR\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2QFE\explorer.exe
2006-12-06 18:56 25088 43836cffabac8d6779e8ee55e308df2c G:\WINDOWS\system32\ctfmon.exe
2006-12-24 03:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 G:\WINDOWS\system32\spoolsv.exe
2006-12-24 02:59 297984 70921de4c83652dc301a05f0cc46c985 G:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
"MsnMsgr"="G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="G:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 86016]
"Easy-PrintToolBox"="G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Flashget"="G:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"Ptipbmf"="ptipbmf.dll" [2006-12-24 G:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2006-03-09 G:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 G:\WINDOWS\system32\bthprops.cpl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="G:\WINDOWS\system32\sti_ci.dll" [2006-09-08 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2006-12-24 G:\WINDOWS\system32\advpack.dll]
G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]
G:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - G:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 g:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=G:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
G:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 G:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 G:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 23:25 937984 G:\Program Files\FileZilla Server\FileZilla Server Interface.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 10:10 2007088 G:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
--a------ 2008-06-15 12:14 1692672 G:\Program Files\HDD Health\hddhealth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 G:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 G:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 G:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 10:42 202088 G:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 G:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 G:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\ECCenter1.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Documents and Settings\\Administrateur\\temp\\TeamViewer3\\TeamViewer.exe"=
"G:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:212.27.63.113/255.255.255.255:Enabled:freeplayer
R0 viasraid;viasraid;G:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 videX32;videX32;G:\WINDOWS\system32\DRIVERS\videX32.sys [2006-12-24 9728]
R1 aswSP;avast! Self Protection;G:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;G:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 usbscan;Pilote de scanneur USB;G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB;G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
S3 memsweep2;MEMSWEEP2;G:\WINDOWS\system32\15.tmp [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84236c93-75d9-11dd-8f3e-00112fd53b65}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe
*Newly Created Service* - catchme
.
Contenu du dossier 'Tâches planifiées'
2008-10-14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 G:\WINDOWS\Tasks\User_Feed_Synchronization-{F291CBA0-B3BF-47DD-A780-F1DCC8E365BA}.job
- G:\WINDOWS\system32\msfeedssync.exe [2006-12-24 03:07]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
MSConfigStartUp-Styler - C:\Program Files\styler\Styler.exe
MSConfigStartUp-TopDesk - C:\WINDOWS\system32\topdesk.exe
MSConfigStartUp-TransBar - C:\Windows\System32\TransBar.exe
MSConfigStartUp-UberIcon - C:\Program Files\UberIcon\UberIcon Manager.exe
MSConfigStartUp-Vistadrv - C:\Windows\system32\Vistadrive\vsdrv.exe
MSConfigStartUp-VisualTaskTips - C:\Windows\System32\VisualTaskTips.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - G:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\twgiie0r.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
FF -: plugin - G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npornap.dll
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 21:28:21
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"="\??\G:\WINDOWS\system32\drivers\glaide32.sys"
.
Heure de fin: 2008-10-23 21:30:46
ComboFix-quarantined-files.txt 2008-10-23 19:30:08
Avant-CF: 2,476,314,624 octets libres
Après-CF: 2,468,466,688 octets libres
270
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.610 [GMT 2:00]
Lancé depuis: G:\Documents and Settings\Administrateur\Bureau\Maintenance PC\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
G:\WINDOWS\system\smvss.exe
G:\WINDOWS\system32\pthreadVC.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-23 20:35 . 2004-08-03 22:59 36,352 --a------ G:\WINDOWS\system32\drivers\disk.sys
2008-10-23 20:33 . 2008-10-23 20:35 <REP> d-------- G:\WINDOWS\LastGood
2008-10-22 21:02 . 2008-10-22 21:02 <REP> d-------- G:\Program Files\Sophos
2008-10-22 21:00 . 2007-01-18 14:00 3,968 --a------ G:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-21 21:33 . 2008-10-23 21:21 <REP> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-10-21 21:33 . 2008-08-25 12:36 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-21 21:33 . 2008-08-25 12:36 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-21 21:33 . 2008-08-25 12:36 40,840 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-21 21:33 . 2008-06-02 16:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-10-21 21:32 . 2008-10-23 19:20 <REP> d-------- G:\Program Files\Spyware Doctor
2008-10-21 21:32 . 2008-10-21 21:32 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-10-21 06:50 . 2008-10-21 06:50 268 --ah----- G:\sqmdata00.sqm
2008-10-21 06:50 . 2008-10-21 06:50 244 --ah----- G:\sqmnoopt00.sqm
2008-10-20 18:55 . 2008-10-23 21:28 93,918 --a------ G:\WINDOWS\system32\drivers\glaide32.sys
2008-10-19 23:02 . 2008-10-19 23:09 <REP> d-------- G:\SDFix
2008-10-19 22:58 . 2007-09-06 00:22 289,144 --a------ G:\WINDOWS\system32\VCCLSID.exe
2008-10-19 22:58 . 2006-04-27 17:49 288,417 --a------ G:\WINDOWS\system32\SrchSTS.exe
2008-10-19 22:58 . 2008-09-08 23:38 88,576 --a------ G:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-19 22:58 . 2008-10-01 15:51 87,552 --a------ G:\WINDOWS\system32\VACFix.exe
2008-10-19 22:58 . 2008-10-10 08:58 82,944 --a------ G:\WINDOWS\system32\o4Patch.exe
2008-10-19 22:58 . 2008-10-10 08:58 82,944 --a------ G:\WINDOWS\system32\IEDFix.C.exe
2008-10-19 22:58 . 2008-08-18 12:19 82,432 --a------ G:\WINDOWS\system32\404Fix.exe
2008-10-19 22:58 . 2004-07-31 18:50 51,200 --a------ G:\WINDOWS\system32\dumphive.exe
2008-10-19 22:58 . 2007-10-04 00:36 25,600 --a------ G:\WINDOWS\system32\WS2Fix.exe
2008-10-19 22:58 . 2008-10-19 22:58 2,940 --a------ G:\WINDOWS\system32\tmp.reg
2008-10-19 22:51 . 2008-10-19 22:51 <REP> d-------- G:\Program Files\CCleaner
2008-10-19 13:30 . 2008-10-19 13:30 <REP> d-------- G:\Program Files\TomTom DesktopSuite
2008-10-19 00:28 . 2008-10-19 00:28 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-19 00:27 . 2008-10-19 00:27 <REP> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-10-19 00:27 . 2008-10-19 00:27 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-19 00:27 . 2008-10-16 20:25 38,496 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-19 00:27 . 2008-10-16 20:25 15,504 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 12:47 . 2008-10-18 12:47 <REP> d-------- G:\Program Files\Trend Micro
2008-10-18 08:56 . 2008-10-18 11:08 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\MobileSyncBrowser
2008-10-14 22:15 . 2008-10-14 22:15 <REP> d-------- G:\Program Files\HDD Health
2008-10-08 19:39 . 2008-10-19 11:45 51 --a------ G:\WINDOWS\npornap.INI
2008-10-08 19:36 . 2008-10-08 19:36 <REP> d-------- G:\Program Files\Orange
2008-10-01 22:37 . 2008-10-01 22:37 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\ESET
2008-10-01 21:41 . 2008-10-01 23:21 <REP> d-------- G:\Program Files\ESET
2008-10-01 21:41 . 2008-10-01 21:41 <REP> d-------- G:\Documents and Settings\All Users\Application Data\ESET
2008-10-01 21:38 . 2008-10-01 22:40 174,513 --a------ G:\WINDOWS\Dasumo Fix v3.2.exe
2008-09-30 19:09 . 2008-04-17 13:12 107,368 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-09-30 19:09 . 2008-04-17 13:12 15,464 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-30 19:08 . 2008-09-30 19:09 <REP> d-------- G:\Program Files\iTunes
2008-09-30 19:08 . 2008-09-30 19:08 <REP> d-------- G:\Program Files\iPod
2008-09-30 19:08 . 2008-09-30 19:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 19:05 . 2008-09-30 19:06 <REP> d-------- G:\Program Files\QuickTime
2008-09-27 12:48 . 2008-09-27 12:48 <REP> d-------- G:\Program Files\Service Record
2008-09-27 00:10 . 2006-06-10 21:40 1,085,440 --a------ G:\WINDOWS\system32\GflAx.dll
2008-09-27 00:10 . 2004-03-09 00:00 609,824 --a------ G:\WINDOWS\system32\comctl32.ocx
2008-09-27 00:10 . 2001-04-24 16:22 140,288 --a------ G:\WINDOWS\system32\comdlg32.ocx
2008-09-27 00:10 . 2000-10-02 01:00 119,568 --a------ G:\WINDOWS\system32\vb6fr.dll
2008-09-27 00:10 . 2001-06-11 20:03 98,304 --a------ G:\WINDOWS\system32\HLBButton6.ocx
2008-09-27 00:10 . 2002-12-16 15:27 40,960 --a------ G:\WINDOWS\system32\vbalFlBr6.dll
2008-09-27 00:10 . 2003-02-06 07:58 40,960 --a------ G:\WINDOWS\system32\MouseEventsCapture.ocx
2008-09-27 00:10 . 2008-03-05 22:38 40,960 --a------ G:\WINDOWS\system32\LedCommon.dll
2008-09-26 19:02 . 2008-09-26 19:02 <REP> d-------- G:\Program Files\ffdshow
2008-09-26 19:02 . 2008-06-08 23:58 60,273 --a------ G:\WINDOWS\system32\pthreadGC2.dll
2008-09-26 19:02 . 2008-06-12 20:36 7,680 --a------ G:\WINDOWS\system32\ff_vfw.dll
2008-09-26 19:02 . 2007-07-10 18:10 547 --a------ G:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-23 18:09 . 2008-09-23 18:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-09-23 18:08 . 2008-09-23 18:08 <REP> d-------- G:\Program Files\Team MediaPortal
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 16:50 --------- d-----w G:\Program Files\FlashGet
2008-10-21 21:09 --------- d-----w G:\Program Files\a-squared Free
2008-10-18 10:06 --------- d-----w G:\Program Files\Ad-Aware
2008-10-18 07:47 --------- d-----w G:\Program Files\eMule
2008-10-08 17:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-10-04 11:21 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-10-04 11:19 --------- d-----w G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 17:05 --------- d-----w G:\Program Files\Fichiers communs\Apple
2008-09-30 16:56 --------- d-----w G:\Program Files\Bonjour
2008-08-29 14:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\TomTom
2008-08-29 14:48 --------- d-----w G:\Program Files\TomTom HOME 2
2008-08-29 14:48 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TomTom
2008-08-29 08:18 87,336 ----a-w G:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w G:\WINDOWS\system32\dnssd.dll
2008-08-27 18:57 --------- d-----w G:\Program Files\Apple Software Update
2008-08-26 21:03 --------- d-----w G:\Program Files\Freeplayer
2008-08-25 19:36 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TeamViewer
.
------- Sigcheck -------
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2GDR\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2QFE\user32.dll
2006-12-15 00:21 578048 4a048552ca537ef146a8c21a0881b1ba G:\WINDOWS\system32\user32.dll
2008-03-01 14:58 826368 8e027981ddffa690d456fe18b37415a0 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2GDR\wininet.dll
2008-03-01 14:34 827392 5a0093f59b505c008ed0cee615563c72 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2QFE\wininet.dll
2006-12-16 01:51 838656 1cc220712da13c68aa19ab97436aed79 G:\WINDOWS\system32\wininet.dll
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-04 14:57 360576 c7be59b07c6eb74bea6fd67c1b164015 G:\WINDOWS\system32\drivers\tcpip.sys
2006-12-15 00:30 507904 fb66744d525ea5df9a719f1db9b2dff4 G:\WINDOWS\system32\winlogon.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntkrnlpa.exe
2007-02-28 08:08 2061440 7a56a64eb50399613587e90292dd2aab G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntkrnlpa.exe
2004-08-28 14:00 2217344 4348884ddd80826b35bcbe5bc67a4a1b G:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntoskrnl.exe
2001-08-28 14:00 2340096 49f2e8f99dfa03763270bc1aaf521573 G:\WINDOWS\system32\ntoskrnl.exe
2001-08-28 14:00 1934848 1630d57b8370b7a20a41bb4c1e459edf G:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2GDR\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2QFE\explorer.exe
2006-12-06 18:56 25088 43836cffabac8d6779e8ee55e308df2c G:\WINDOWS\system32\ctfmon.exe
2006-12-24 03:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 G:\WINDOWS\system32\spoolsv.exe
2006-12-24 02:59 297984 70921de4c83652dc301a05f0cc46c985 G:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
"MsnMsgr"="G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="G:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 86016]
"Easy-PrintToolBox"="G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Flashget"="G:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"Ptipbmf"="ptipbmf.dll" [2006-12-24 G:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2006-03-09 G:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 G:\WINDOWS\system32\bthprops.cpl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="G:\WINDOWS\system32\sti_ci.dll" [2006-09-08 678912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2006-12-24 G:\WINDOWS\system32\advpack.dll]
G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 3746856]
G:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - G:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 g:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=G:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
G:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 G:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 G:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 23:25 937984 G:\Program Files\FileZilla Server\FileZilla Server Interface.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 10:10 2007088 G:\Program Files\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
--a------ 2008-06-15 12:14 1692672 G:\Program Files\HDD Health\hddhealth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 G:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 G:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 G:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 10:42 202088 G:\Program Files\TomTom HOME 2\HOMERunner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 G:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 G:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\ECCenter1.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Documents and Settings\\Administrateur\\temp\\TeamViewer3\\TeamViewer.exe"=
"G:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:212.27.63.113/255.255.255.255:Enabled:freeplayer
R0 viasraid;viasraid;G:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 videX32;videX32;G:\WINDOWS\system32\DRIVERS\videX32.sys [2006-12-24 9728]
R1 aswSP;avast! Self Protection;G:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;G:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 usbscan;Pilote de scanneur USB;G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB;G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
S3 memsweep2;MEMSWEEP2;G:\WINDOWS\system32\15.tmp [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84236c93-75d9-11dd-8f3e-00112fd53b65}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe
*Newly Created Service* - catchme
.
Contenu du dossier 'Tâches planifiées'
2008-10-14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-23 G:\WINDOWS\Tasks\User_Feed_Synchronization-{F291CBA0-B3BF-47DD-A780-F1DCC8E365BA}.job
- G:\WINDOWS\system32\msfeedssync.exe [2006-12-24 03:07]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
MSConfigStartUp-Styler - C:\Program Files\styler\Styler.exe
MSConfigStartUp-TopDesk - C:\WINDOWS\system32\topdesk.exe
MSConfigStartUp-TransBar - C:\Windows\System32\TransBar.exe
MSConfigStartUp-UberIcon - C:\Program Files\UberIcon\UberIcon Manager.exe
MSConfigStartUp-Vistadrv - C:\Windows\system32\Vistadrive\vsdrv.exe
MSConfigStartUp-VisualTaskTips - C:\Windows\System32\VisualTaskTips.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - G:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\twgiie0r.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
FF -: plugin - G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npornap.dll
FF -: plugin - G:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 21:28:21
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"="\??\G:\WINDOWS\system32\drivers\glaide32.sys"
.
Heure de fin: 2008-10-23 21:30:46
ComboFix-quarantined-files.txt 2008-10-23 19:30:08
Avant-CF: 2,476,314,624 octets libres
Après-CF: 2,468,466,688 octets libres
270
lance ccleaner pour virer les traces d'infection:
https://www.malekal.com/tutoriel-ccleaner/
________
remets un rapport hijackthis et dis tes soucis actuels
https://www.malekal.com/tutoriel-ccleaner/
________
remets un rapport hijackthis et dis tes soucis actuels
