Problème d'ordinateur
Fermé
Ultima Ryder
-
30 oct. 2008 à 13:00
VIRUS_KILLER Messages postés 2032 Date d'inscription samedi 22 décembre 2007 Statut Contributeur Dernière intervention 28 août 2015 - 30 oct. 2008 à 18:51
VIRUS_KILLER Messages postés 2032 Date d'inscription samedi 22 décembre 2007 Statut Contributeur Dernière intervention 28 août 2015 - 30 oct. 2008 à 18:51
A voir également:
- Problème d'ordinateur
- Ordinateur qui rame - Guide
- Réinitialiser ordinateur - Guide
- D'où peut venir un problème de connexion internet sur un ordinateur ? - Guide
- Comment réinitialiser un ordinateur verrouillé - Guide
- Pad ordinateur - Guide
12 réponses
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
30 oct. 2008 à 13:03
30 oct. 2008 à 13:03
Salut
Telecharge et installe Hijackthis a partir de ce lien :
http://download.hijackthis.eu/HJTInstall.exe
Ensuite poste moi un rapport.
Au besoin aide toi du guide de mon Forum :
https://informatique-123.superforum.fr/t5-tutorial-hijackthis
Telecharge et installe Hijackthis a partir de ce lien :
http://download.hijackthis.eu/HJTInstall.exe
Ensuite poste moi un rapport.
Au besoin aide toi du guide de mon Forum :
https://informatique-123.superforum.fr/t5-tutorial-hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:43, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sysconf32] C:\WINDOWS\metin2-trainer.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FOR RECT] C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [tmobd] C:\Documents and Settings\edouard\Application Data\tmobd.exe
O4 - HKCU\..\Run: [ssf] C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://img.bestofmedia.com/static/commun/js/framework/framework-3.js
Scan saved at 13:14:43, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sysconf32] C:\WINDOWS\metin2-trainer.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FOR RECT] C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [tmobd] C:\Documents and Settings\edouard\Application Data\tmobd.exe
O4 - HKCU\..\Run: [ssf] C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://img.bestofmedia.com/static/commun/js/framework/framework-3.js
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
30 oct. 2008 à 13:51
30 oct. 2008 à 13:51
Bon,maitenant telecharge Combofix crée par sUBs a partir de ce lien :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Au besoin suit le guide ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Aprés avoir passer Combofix join moi son rapport ainsi que celui de Hijackthis.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Au besoin suit le guide ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Aprés avoir passer Combofix join moi son rapport ainsi que celui de Hijackthis.
ComboFix 08-10-30.04 - edouard 2008-10-30 14:15:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\edouard\Application Data\hd2.exe
C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
C:\Documents and Settings\edouard\Application Data\python25.dll
C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\jiirxkto.ini
C:\WINDOWS\system32\lkscrsjj.ini
C:\WINDOWS\system32\loaeclde.ini
C:\WINDOWS\system32\lovavped.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkaoktgv.exe
C:\WINDOWS\system32\ndneoxea.dll.VIR
C:\WINDOWS\system32\s8Ok711M.exe.a_a
C:\WINDOWS\system32\srxoufbo.ini
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\urkxqoap.ini
C:\WINDOWS\system32\xlowxoiy.exe
C:\WINDOWS\system32\xtywaomd.ini
C:\WINDOWS\system32\ymtejmid.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
"tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
"ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:19:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
ComboFix-quarantined-files.txt 2008-10-30 13:21:39
Avant-CF: 15,946,661,888 octets libres
Après-CF: 17,689,841,664 octets libres
320 --- E O F --- 2008-05-14 18:53:33
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\edouard\Application Data\hd2.exe
C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
C:\Documents and Settings\edouard\Application Data\python25.dll
C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\jiirxkto.ini
C:\WINDOWS\system32\lkscrsjj.ini
C:\WINDOWS\system32\loaeclde.ini
C:\WINDOWS\system32\lovavped.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkaoktgv.exe
C:\WINDOWS\system32\ndneoxea.dll.VIR
C:\WINDOWS\system32\s8Ok711M.exe.a_a
C:\WINDOWS\system32\srxoufbo.ini
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\urkxqoap.ini
C:\WINDOWS\system32\xlowxoiy.exe
C:\WINDOWS\system32\xtywaomd.ini
C:\WINDOWS\system32\ymtejmid.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
"tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
"ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:19:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
ComboFix-quarantined-files.txt 2008-10-30 13:21:39
Avant-CF: 15,946,661,888 octets libres
Après-CF: 17,689,841,664 octets libres
320 --- E O F --- 2008-05-14 18:53:33
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-10-30.04 - edouard 2008-10-30 14:15:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\edouard\Application Data\hd2.exe
C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
C:\Documents and Settings\edouard\Application Data\python25.dll
C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\jiirxkto.ini
C:\WINDOWS\system32\lkscrsjj.ini
C:\WINDOWS\system32\loaeclde.ini
C:\WINDOWS\system32\lovavped.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkaoktgv.exe
C:\WINDOWS\system32\ndneoxea.dll.VIR
C:\WINDOWS\system32\s8Ok711M.exe.a_a
C:\WINDOWS\system32\srxoufbo.ini
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\urkxqoap.ini
C:\WINDOWS\system32\xlowxoiy.exe
C:\WINDOWS\system32\xtywaomd.ini
C:\WINDOWS\system32\ymtejmid.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
"tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
"ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:19:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
ComboFix-quarantined-files.txt 2008-10-30 13:21:39
Avant-CF: 15,946,661,888 octets libres
Après-CF: 17,689,841,664 octets libres
320 --- E O F --- 2008-05-14 18:53:33
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\edouard\Application Data\hd2.exe
C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
C:\Documents and Settings\edouard\Application Data\python25.dll
C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\jiirxkto.ini
C:\WINDOWS\system32\lkscrsjj.ini
C:\WINDOWS\system32\loaeclde.ini
C:\WINDOWS\system32\lovavped.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkaoktgv.exe
C:\WINDOWS\system32\ndneoxea.dll.VIR
C:\WINDOWS\system32\s8Ok711M.exe.a_a
C:\WINDOWS\system32\srxoufbo.ini
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\urkxqoap.ini
C:\WINDOWS\system32\xlowxoiy.exe
C:\WINDOWS\system32\xtywaomd.ini
C:\WINDOWS\system32\ymtejmid.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
"tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
"ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:19:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
ComboFix-quarantined-files.txt 2008-10-30 13:21:39
Avant-CF: 15,946,661,888 octets libres
Après-CF: 17,689,841,664 octets libres
320 --- E O F --- 2008-05-14 18:53:33
ComboFix 08-10-30.04 - edouard 2008-10-30 14:15:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\edouard\Application Data\hd2.exe
C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
C:\Documents and Settings\edouard\Application Data\python25.dll
C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\jiirxkto.ini
C:\WINDOWS\system32\lkscrsjj.ini
C:\WINDOWS\system32\loaeclde.ini
C:\WINDOWS\system32\lovavped.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkaoktgv.exe
C:\WINDOWS\system32\ndneoxea.dll.VIR
C:\WINDOWS\system32\s8Ok711M.exe.a_a
C:\WINDOWS\system32\srxoufbo.ini
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\urkxqoap.ini
C:\WINDOWS\system32\xlowxoiy.exe
C:\WINDOWS\system32\xtywaomd.ini
C:\WINDOWS\system32\ymtejmid.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
"tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
"ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:19:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
ComboFix-quarantined-files.txt 2008-10-30 13:21:39
Avant-CF: 15,946,661,888 octets libres
Après-CF: 17,689,841,664 octets libres
320 --- E O F --- 2008-05-14 18:53:33
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1559 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\edouard\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\edouard\Application Data\hd2.exe
C:\Documents and Settings\edouard\Application Data\MSVCR71.dll
C:\Documents and Settings\edouard\Application Data\python25.dll
C:\Documents and Settings\edouard\Application Data\w9xpopen.exe
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\jiirxkto.ini
C:\WINDOWS\system32\lkscrsjj.ini
C:\WINDOWS\system32\loaeclde.ini
C:\WINDOWS\system32\lovavped.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkaoktgv.exe
C:\WINDOWS\system32\ndneoxea.dll.VIR
C:\WINDOWS\system32\s8Ok711M.exe.a_a
C:\WINDOWS\system32\srxoufbo.ini
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\urkxqoap.ini
C:\WINDOWS\system32\xlowxoiy.exe
C:\WINDOWS\system32\xtywaomd.ini
C:\WINDOWS\system32\ymtejmid.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 14:18 . 2008-10-30 14:18 0 --------- C:\Documents and Settings\edouard\Application Data\hd2.exe
2008-10-29 23:39 . 2008-10-30 00:03 <REP> d-------- C:\Program Files\Super macro
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Macro Express3
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Program Files\Fichiers communs\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
2008-10-29 23:29 . 2008-10-29 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Insight Software
2008-10-29 12:37 . 2008-10-29 12:09 1,474,920 --a------ C:\Documents and Settings\edouard\Application Data\library.zip
2008-10-29 12:37 . 2008-10-29 12:09 16,896 --a------ C:\Documents and Settings\edouard\Application Data\httpddos.exe
2008-10-28 23:00 . 2008-10-28 23:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-28 15:49 . 2008-10-28 15:49 <REP> d-------- C:\Documents and Settings\edouard\Application Data\finalssf
2008-10-28 14:58 . 2008-10-28 14:58 1,847,106 --a------ C:\Documents and Settings\edouard\Application Data\killer.exe
2008-10-28 14:58 . 2008-10-28 14:58 45,672 --a------ C:\Documents and Settings\edouard\Application Data\uptime.exe
2008-10-28 14:56 . 2008-10-28 14:58 2,827,492 --a------ C:\Documents and Settings\edouard\Application Data\finalssf.exe
2008-10-28 14:56 . 2008-10-28 14:56 2,438,299 --a------ C:\Documents and Settings\edouard\Application Data\tmobd.exe
2008-10-28 13:29 . 2008-10-28 13:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-10-25 17:50 . 2008-10-27 18:23 <REP> d-------- C:\Fraps
2008-10-24 21:31 . 2008-10-29 11:46 <REP> d-------- C:\Program Files\Bodom-Child - RaBBi
2008-10-24 19:35 . 2008-10-24 19:35 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Blender Foundation
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\WIN.INI
2008-10-24 19:26 . 2008-10-28 21:28 0 --a------ C:\WINDOWS\system32\SYSTEM.INI
2008-10-24 19:25 . 2008-10-24 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-23 17:50 . 2008-10-23 17:50 <REP> d-------- C:\Program Files\RPG Maker VX
2008-10-19 08:48 . 2008-10-19 08:48 <REP> d-------- C:\Program Files\Common Files
2008-10-19 08:48 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-10-19 08:48 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-10-18 17:41 . 2008-10-18 17:41 <REP> d-------- C:\Program Files\DNA
2008-10-18 17:41 . 2008-10-30 14:17 <REP> d-------- C:\Documents and Settings\edouard\Application Data\DNA
2008-10-15 13:47 . 2008-10-15 13:47 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Wings3D
2008-10-13 17:21 . 2008-10-13 19:42 <REP> d-------- C:\Documents and Settings\edouard\Application Data\Creative
2008-10-13 17:18 . 2008-10-13 17:18 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-13 17:18 . 2008-10-13 17:18 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-13 17:04 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-10-13 17:03 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-10-13 17:00 . 1999-12-12 18:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-10-13 17:00 . 1999-11-17 18:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-10-10 15:23 . 2008-10-10 15:23 <REP> d-------- C:\Program Files\Team Phobic
2008-10-05 19:49 . 2008-10-05 19:49 <REP> d-------- C:\Program Files\Inno Setup 5
2008-10-05 11:08 . 2008-10-27 09:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-10-03 00:46 . 2008-10-03 00:46 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll
2008-10-02 19:28 . 2008-10-02 19:20 17,146,244 --a------ C:\WINDOWS\Language.dsres
2008-10-02 19:06 . 2002-01-10 19:39 102,400 --a------ C:\WINDOWS\Language.dll
2008-10-02 17:53 . 2008-10-02 17:53 <REP> d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2008-10-01 16:08 . 2008-10-01 16:44 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-10-01 16:08 . 2008-10-01 16:44 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-10-01 16:08 . 2008-10-01 16:44 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-10-01 14:20 . 2008-10-13 17:16 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-10-01 14:19 . 2008-10-12 17:22 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 08:45 . 2008-09-28 08:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\SPORE
2008-09-28 08:43 . 2008-09-28 08:43 <REP> d-------- C:\ProgramData
2008-09-28 08:43 . 2008-09-28 08:43 <REP> dr-h----- C:\Documents and Settings\edouard\Application Data\SecuROM
2008-09-28 08:43 . 2008-09-28 08:43 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:42 . 2008-09-28 08:42 1,686 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-28 08:38 . 2008-09-28 08:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-09-26 20:28 . 2008-09-26 20:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-26 20:23 . 2008-09-26 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-26 20:22 . 2008-09-26 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-26 17:35 . 2008-10-02 17:53 <REP> d-------- C:\Program Files\Microsoft Games
2008-09-26 17:31 . 2008-09-26 17:31 <REP> d-------- C:\Program Files\MagicDisc
2008-09-26 17:31 . 2008-07-28 16:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-09-26 17:14 . 2008-09-26 17:14 <REP> d-------- C:\Program Files\MagicISO
2008-09-24 15:46 . 2008-09-24 15:46 <REP> d-------- C:\Program Files\Lost Universe Games
2008-09-16 19:15 . 2008-09-16 19:15 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-09-16 19:13 . 2008-09-16 19:13 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-09-16 19:13 . 2008-09-16 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-09-16 19:11 . 2008-09-16 19:11 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-09-16 18:16 . 2008-09-16 19:45 <REP> d-------- C:\Documents and Settings\edouard\Application Data\codeblocks
2008-09-16 16:53 . 2008-09-16 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-09-16 16:51 . 2008-09-16 16:54 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-09-16 16:48 . 2008-09-16 16:50 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-16 16:48 . 2008-09-16 19:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-15 18:57 . 2004-08-03 22:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-12 15:21 . 2008-09-12 15:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-12 15:18 . 2008-10-28 21:18 <REP> d-------- C:\Program Files\gPotato.eu
2008-09-12 15:18 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-09-05 20:31 . 2008-09-05 20:31 754 --a------ C:\WINDOWS\WORDPAD.INI
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-29 10:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\about download
2008-10-29 10:03 --------- d-----w C:\Documents and Settings\edouard\Application Data\about download
2008-10-28 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 20:22 --------- d-----w C:\Program Files\GIMP-2.0
2008-10-28 20:20 --------- d-----w C:\Program Files\Creative
2008-10-27 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 08:05 --------- d-----w C:\Documents and Settings\edouard\Application Data\gtk-2.0
2008-09-27 06:30 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-09-26 19:29 --------- d-----w C:\Program Files\Windows Live
2008-09-26 19:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-26 19:21 --------- d-----w C:\Program Files\MSN Messengerdddddd
2008-09-12 14:18 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-03-16 10:53 22,328 ----a-w C:\Documents and Settings\edouard\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-18 289088]
"tmobd"="C:\Documents and Settings\edouard\Application Data\tmobd.exe" [2008-10-28 2438299]
"ssf"="C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe" [2008-10-12 19968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-09-06 626688]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2008-02-03 798968]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 C:\WINDOWS\RTHDCPL.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 C:\WINDOWS\system32\CTHELPER.EXE]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\edouard\Menu D‚marrer\Programmes\D‚marrage\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-09-26 575488]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Macro Express 3.lnk - C:\Program Files\Macro Express3\MacExp.exe [2008-10-29 3556864]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode 1 joueur\\age2_x1\\age2_x1.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"D:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Documents and Settings\\edouard\\Bureau\\Age Of Empire II Mode Multijoueur\\age2_x1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 PStrip;PSTRIP;C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS [2007-07-15 27992]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
HKCU-Run-FOR RECT - C:\DOCUME~1\LOCALS~1\APPLIC~1\ABOUTD~1\1 lies balm.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://fr.yahoo.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:19:06
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 14:21:42 - La machine a redémarré [edouard]
ComboFix-quarantined-files.txt 2008-10-30 13:21:39
Avant-CF: 15,946,661,888 octets libres
Après-CF: 17,689,841,664 octets libres
320 --- E O F --- 2008-05-14 18:53:33
excusez pour le triple post ( quadruple maintenant oO )
J'avais GW allumé ( pour regarder si les éléments supprimés avaient déjà changés quelquechoses )
vu que ce compte est anonyme je trouve pas comment supprimer mon post
PS : je m'y attendais, pour l'instant rien de nouveau, j'attends ton prochain message avec impatience ;)
J'avais GW allumé ( pour regarder si les éléments supprimés avaient déjà changés quelquechoses )
vu que ce compte est anonyme je trouve pas comment supprimer mon post
PS : je m'y attendais, pour l'instant rien de nouveau, j'attends ton prochain message avec impatience ;)
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
30 oct. 2008 à 14:58
30 oct. 2008 à 14:58
T'inquete pas pour les post en double,si un Modérateur passe il les supprimera.
Telecharge maitenant MalwareBytes'Anti-Malware a partir de ce lien :
https://www.malwarebytes.com/
Suit le guide au besoin :
http://www.vista-xp.fr/forum/topic68.html
En fin d'analyse un rapport va s'ouvrir,copie/colle le moi.
N'oubli pas de poster un rapport Hijackthis aprés le scan complet de MalwareBytes'Anti-Malware
A présent comment se comporte ton PC ?
Que se passe t'il quand tu joue ?
Telecharge maitenant MalwareBytes'Anti-Malware a partir de ce lien :
https://www.malwarebytes.com/
Suit le guide au besoin :
http://www.vista-xp.fr/forum/topic68.html
En fin d'analyse un rapport va s'ouvrir,copie/colle le moi.
N'oubli pas de poster un rapport Hijackthis aprés le scan complet de MalwareBytes'Anti-Malware
A présent comment se comporte ton PC ?
Que se passe t'il quand tu joue ?
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1028
Windows 5.1.2600 Service Pack 2
16:25:21 30/10/2008
mbam-log-10-30-2008 (16-25-21).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 102045
Temps écoulé: 22 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
le HJT arrive plus tard
PS : je crois de + en + que c'est du à une sruchauffe carte graphique ...
_ bug ordi avec message "Overclocking is failed" (rarement )
_ rapport d'erreur de ATITool quand je joue ( rarement )
le plus souvent ce sont des "no signal" + écran noir
Version de la base de données: 1028
Windows 5.1.2600 Service Pack 2
16:25:21 30/10/2008
mbam-log-10-30-2008 (16-25-21).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 102045
Temps écoulé: 22 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
le HJT arrive plus tard
PS : je crois de + en + que c'est du à une sruchauffe carte graphique ...
_ bug ordi avec message "Overclocking is failed" (rarement )
_ rapport d'erreur de ATITool quand je joue ( rarement )
le plus souvent ce sont des "no signal" + écran noir
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
30 oct. 2008 à 17:40
30 oct. 2008 à 17:40
VU
Join moi maitenant un rapport Hijackthis pour vérifier que tout va bien ,,,
Join moi maitenant un rapport Hijackthis pour vérifier que tout va bien ,,,
bonjour , il reste pleins de saletées dans ton pc
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\zfhxby.dll
2008-08-05 09:14 105,472 ----a-w C:\WINDOWS\system32\xxmxmwrm.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ospbemgn.dll
2008-08-03 09:10 114,176 ----a-w C:\WINDOWS\system32\ljcojw.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\xrxgpahp.dll
2008-08-02 08:27 114,176 ----a-w C:\WINDOWS\system32\exbugu.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\qdpyljoc.dll
2008-08-01 08:26 105,472 ----a-w C:\WINDOWS\system32\miqkpi.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\uqxtnisv.dll
2008-07-31 08:25 105,472 ----a-w C:\WINDOWS\system32\ijkbqt.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\xwmnvy.dll
2008-07-30 08:22 105,472 ----a-w C:\WINDOWS\system32\shobojmj.dll
2008-07-30 08:21 91,648 ----a-w C:\WINDOWS\system32\gcuaesvp.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\toomjj.dll
2008-07-29 08:15 105,472 ----a-w C:\WINDOWS\system32\nikjogct.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\qkdmfl.dll
2008-07-28 08:09 105,472 ----a-w C:\WINDOWS\system32\cbrvximd.dll
2008-07-28 08:06 91,648 ----a-w C:\WINDOWS\system32\uvlrrgub.dll
2008-10-30 C:\WINDOWS\Tasks\A0A305469174B5B2.job
- c:\docume~1\edouard\applic~1\aboutd~1\Owns Burn Mapi.exe []
2008-09-29 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-27 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-30 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-29 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-10-29 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-09-30 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\s8Ok711M.exe []
2008-07-01 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\s8Ok711M.exe []
Pour le HJT :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:35, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\edouard\Application Data\hd\httpddos.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [tmobd] C:\Documents and Settings\edouard\Application Data\tmobd.exe
O4 - HKCU\..\Run: [ssf] C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://img.bestofmedia.com/static/commun/js/framework/framework-3.js
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:35, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\Documents and Settings\edouard\Application Data\tmobd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\edouard\Application Data\hd\httpddos.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [tmobd] C:\Documents and Settings\edouard\Application Data\tmobd.exe
O4 - HKCU\..\Run: [ssf] C:\Documents and Settings\edouard\Application Data\finalssf\fssf.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b1f134ae12d7452b94d0ec140af692b9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b1f134ae12d7452b94d0ec140af692b9
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://img.bestofmedia.com/static/commun/js/framework/framework-3.js
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
30 oct. 2008 à 18:51
30 oct. 2008 à 18:51
Il reste encore des infections !
A présent telecharge Sdfix :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Suit le guide ici :
http://site-naheulbeuk.com/
Et poste un rapport Sdfix.
Je voit également que ta version de navigateur n'est pas a jour.
Prend la version 7 de Internet Explorer :
http://download.microsoft.com/download/d/7/6/d7635233-5433-45aa-981b-4690ae90b785/IE7-WindowsXP-x86-fra.exe
Ovre Hijackthis > Coche ces lignes :
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
Ensuite clique sur : Fixchecked.
A présent telecharge Sdfix :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Suit le guide ici :
http://site-naheulbeuk.com/
Et poste un rapport Sdfix.
Je voit également que ta version de navigateur n'est pas a jour.
Prend la version 7 de Internet Explorer :
http://download.microsoft.com/download/d/7/6/d7635233-5433-45aa-981b-4690ae90b785/IE7-WindowsXP-x86-fra.exe
Ovre Hijackthis > Coche ces lignes :
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)
Ensuite clique sur : Fixchecked.