[publicités intenpestives]
Infecté
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Tout d'abord merci de l'éventuel aide que vous me porterez.
A chaque ouverture de mon navigateur (firefox) des publicités apparaissent sans cesse.
Voici mon rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:48, on 09/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\kill-me-or-die\local settings\application data\mkjhnekc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [mkjhnekc] "c:\documents and settings\kill-me-or-die\local settings\application data\mkjhnekc.exe" mkjhnekc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wnslvxtf - {E494F8EE-A1B2-4657-BB71-941DBD5BE754} - C:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {BA987C73-23BB-41A1-972E-633B73D3B358} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
Tout d'abord merci de l'éventuel aide que vous me porterez.
A chaque ouverture de mon navigateur (firefox) des publicités apparaissent sans cesse.
Voici mon rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:48, on 09/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\kill-me-or-die\local settings\application data\mkjhnekc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [mkjhnekc] "c:\documents and settings\kill-me-or-die\local settings\application data\mkjhnekc.exe" mkjhnekc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wnslvxtf - {E494F8EE-A1B2-4657-BB71-941DBD5BE754} - C:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {BA987C73-23BB-41A1-972E-633B73D3B358} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
A voir également:
- [publicités intenpestives]
- Supprimer les publicités - Guide
- Comment bloquer les publicités sur youtube - Accueil - Streaming
- Future engineer solution saison 1 episode 7 les publicités - Forum Python
- Dailymotion bloqueur de publicités détecté ✓ - Forum Google Chrome
- Publicité dans dailymotion - Forum Lecteurs et supports vidéo
25 réponses
Merci encore de ton aide.
Voici le rapport:
ComboFix 08-11-07.01 - kill-me-or-die 2008-11-09 19:17:58.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.688 [GMT 1:00]
Lancé depuis: c:\documents and settings\kill-me-or-die\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\kill-me-or-die\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:54 . 2008-11-09 17:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 17:54 . 2008-11-09 17:54 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\Malwarebytes
2008-11-09 17:54 . 2008-11-09 17:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 17:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 17:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-09 17:47 . 2008-11-09 17:47 <REP> d-------- c:\program files\Yahoo!
2008-11-09 17:46 . 2008-11-09 17:47 <REP> d-------- c:\program files\CCleaner
2008-11-09 16:19 . 2008-11-09 16:19 <REP> d-------- C:\rsit
2008-11-09 15:43 . 2008-11-09 16:13 <REP> d-------- c:\program files\Navilog1
2008-11-09 15:35 . 2008-11-09 15:35 <REP> d-------- c:\program files\Trend Micro
2008-11-09 00:05 . 2008-11-09 00:05 <REP> d-------- c:\program files\ESET
2008-11-09 00:05 . 2008-11-09 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-08 14:41 . 2008-11-09 14:14 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\dvdcss
2008-11-07 22:13 . 2008-11-07 22:29 <REP> d-------- C:\maps
2008-11-06 22:11 . 2008-11-06 22:26 <REP> d-------- c:\program files\FlashGet
2008-11-06 22:11 . 2004-08-03 22:14 359,040 --a------ c:\windows\system32\drivers\tcpip.sys.flg
2008-11-04 20:13 . 2008-11-04 20:13 <REP> d-------- C:\skins
2008-11-03 12:10 . 2008-11-03 12:42 <REP> d-------- C:\HammerAutosave
2008-11-02 20:49 . 2008-11-02 21:00 <REP> d-------- c:\program files\GCFScape
2008-10-31 21:35 . 2008-10-31 21:35 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\vlc
2008-10-28 16:33 . 2008-10-28 16:33 <REP> d-------- c:\windows\system32\QuickTime
2008-10-28 16:33 . 2008-10-28 16:33 <REP> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-10-28 16:33 . 2008-01-18 03:36 107,864 --a------ c:\windows\system32\tsccvid.dll
2008-10-28 16:32 . 2008-10-28 16:32 <REP> d-------- c:\program files\TechSmith
2008-10-28 16:32 . 2008-10-28 16:32 <REP> d-------- c:\program files\Fichiers communs\TechSmith Shared
2008-10-22 23:27 . 2008-10-22 23:27 <REP> d-------- C:\srcds
2008-10-22 23:12 . 2008-10-23 12:25 <REP> d-------- c:\documents and settings\kill-me-or-die\dwhelper
2008-10-22 20:00 . 2008-10-22 20:00 <REP> d--h----- c:\windows\PIF
2008-10-21 23:04 . 2008-10-21 23:04 <REP> d-------- c:\program files\PCNetSoftware
2008-10-21 22:39 . 2008-10-21 22:39 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-10-21 22:38 . 2008-10-21 22:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-21 22:38 . 2007-03-28 13:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll
2008-10-21 22:37 . 2008-10-21 22:37 <REP> d-------- c:\program files\HP
2008-10-21 22:37 . 2007-03-18 07:11 675,840 --a------ c:\windows\system32\hpowiax3.dll
2008-10-21 22:37 . 2007-03-18 07:11 569,344 --a------ c:\windows\system32\hpotscl3.dll
2008-10-21 22:37 . 2007-03-08 20:20 364,544 --a------ c:\windows\system32\hppldcoi.dll
2008-10-21 22:37 . 2007-03-08 20:20 309,760 --a------ c:\windows\system32\difxapi.dll
2008-10-21 22:37 . 2007-03-18 07:11 303,104 --a------ c:\windows\system32\hpovst10.dll
2008-10-21 22:37 . 2007-03-31 06:07 267,864 --a------ c:\windows\system32\hpzids01.dll
2008-10-21 22:37 . 2007-03-08 20:20 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2008-10-21 22:37 . 2007-03-08 20:20 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys
2008-10-21 22:37 . 2007-03-08 20:20 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2008-10-15 15:17 . 2008-10-15 15:18 <REP> d-------- c:\program files\TS Admin-Client 2
2008-10-15 14:35 . 2008-10-15 14:35 55 --a------ c:\windows\SpeedGear.INI
2008-10-15 14:03 . 2008-10-15 14:04 318 --a------ c:\windows\WPE PRO.INI
2008-10-15 10:28 . 2008-11-08 23:51 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\CVitae
2008-10-13 18:30 . 2008-10-13 18:30 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\OpenOffice.org
2008-10-13 18:27 . 2008-10-13 18:27 <REP> d-------- c:\program files\OpenOffice.org 3
2008-10-13 18:27 . 2008-10-13 18:27 <REP> d-------- c:\program files\JRE
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:11 --------- d-----w c:\program files\Steam
2008-11-09 11:25 --------- d-----w c:\program files\Speed Gear 5
2008-11-08 23:03 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\uTorrent
2008-11-08 18:59 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\HLSW
2008-11-08 18:36 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\FileZilla
2008-11-07 16:36 --------- d-----w c:\program files\Steganos Internet Anonym VPN
2008-11-05 12:45 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\LimeWire
2008-10-28 14:42 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\teamspeak2
2008-10-27 16:15 --------- d-----w c:\program files\Windows Live
2008-10-27 08:24 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Skype
2008-10-27 07:46 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\skypePM
2008-10-24 19:05 --------- d-----w c:\program files\Warcraft III
2008-10-15 17:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-15 17:28 --------- d-----w c:\program files\Panzer Elite Action - Dunes Of War
2008-10-15 14:45 --------- d-----w c:\program files\Teamspeak2_RC2
2008-10-15 14:36 --------- d-----w c:\program files\Teamspeak2_RC21
2008-10-14 15:30 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-13 08:58 --------- d-----w c:\program files\lx_cats
2008-10-04 18:20 138,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-02 16:59 2,829 ----a-w c:\windows\War3Unin.pif
2008-10-02 16:59 139,264 ----a-w c:\windows\War3Unin.exe
2008-10-01 15:10 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\MSN6
2008-10-01 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2008-10-01 10:07 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\PngOptimizer
2008-09-24 18:16 --------- d-----w c:\program files\EA GAMES
2008-09-23 19:39 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Hamachi
2008-09-23 18:21 --------- d-----w c:\program files\Dofus
2008-09-23 16:29 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-09-22 17:31 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\DivX
2008-09-22 17:21 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-09-20 12:26 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Download Manager
2008-09-19 22:05 --------- d-----w c:\program files\Fichiers communs\Nero
2008-09-19 22:05 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-18 19:26 --------- d-----w c:\program files\NeroInstall.bak
2008-09-18 19:26 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Nero
2008-09-14 16:37 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-09-13 16:19 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-09-12 23:26 --------- d-----w c:\program files\Omni-Bot
2008-09-12 19:12 --------- d-----w c:\program files\Xara
2008-09-12 19:12 --------- d-----w c:\program files\Common Files
2008-09-11 16:46 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-10 20:46 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Audacity
2008-09-09 19:01 --------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2008-09-09 16:40 --------- d-----w c:\program files\Minimizor
2008-09-09 10:34 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-09-08 17:33 650,338 ----a-w c:\windows\Revolution Script CS UnRevoCS.exe
2008-09-05 20:04 3,902,784 ----a-w c:\documents and settings\kill-me-or-die\gosetup.exe
2008-08-28 23:28 1,748 ----a-w c:\windows\system32\LindiKeyabc.sys
2008-08-15 18:29 86,075 ----a-w c:\windows\system32\vstdlib.dll
2008-08-12 14:07 724,984 ----a-w c:\documents and settings\kill-me-or-die\gotomypc_437.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-09_16.37.28,37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 17:11:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-10-29 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-07 185896]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\kill-me-or-die\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\linkinminor\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Teamspeak2_RC21\\server_windows.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\CarnivorePE.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\vdlakgoq.exe"=
"c:\\Program Files\\Panzer Elite Action - Dunes Of War\\pea.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Steam\\steamapps\\darknessarmy49\\counter-strike\\hl.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\kill-me-or-die\\Mes documents\\Portable mIRC fr\\mIRC.exe"=
"c:\\Program Files\\Steam\\steamapps\\linkinminor\\insurgency\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2008-08-02 4096]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
S3 vhack;vhack;c:\docume~1\KILL-M~1\LOCALS~1\Temp\Rar$EX00.562\vhack.sys [ ]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
2008-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:21:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-09 19:27:21
ComboFix-quarantined-files.txt 2008-11-09 18:26:56
ComboFix2.txt 2008-11-09 16:45:39
ComboFix3.txt 2008-11-09 15:38:10
Avant-CF: 73 004 544 000 octets libres
Après-CF: 72,994,725,888 octets libres
208
Voici le rapport:
ComboFix 08-11-07.01 - kill-me-or-die 2008-11-09 19:17:58.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.688 [GMT 1:00]
Lancé depuis: c:\documents and settings\kill-me-or-die\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\kill-me-or-die\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:54 . 2008-11-09 17:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 17:54 . 2008-11-09 17:54 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\Malwarebytes
2008-11-09 17:54 . 2008-11-09 17:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 17:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 17:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-09 17:47 . 2008-11-09 17:47 <REP> d-------- c:\program files\Yahoo!
2008-11-09 17:46 . 2008-11-09 17:47 <REP> d-------- c:\program files\CCleaner
2008-11-09 16:19 . 2008-11-09 16:19 <REP> d-------- C:\rsit
2008-11-09 15:43 . 2008-11-09 16:13 <REP> d-------- c:\program files\Navilog1
2008-11-09 15:35 . 2008-11-09 15:35 <REP> d-------- c:\program files\Trend Micro
2008-11-09 00:05 . 2008-11-09 00:05 <REP> d-------- c:\program files\ESET
2008-11-09 00:05 . 2008-11-09 00:05 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-08 14:41 . 2008-11-09 14:14 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\dvdcss
2008-11-07 22:13 . 2008-11-07 22:29 <REP> d-------- C:\maps
2008-11-06 22:11 . 2008-11-06 22:26 <REP> d-------- c:\program files\FlashGet
2008-11-06 22:11 . 2004-08-03 22:14 359,040 --a------ c:\windows\system32\drivers\tcpip.sys.flg
2008-11-04 20:13 . 2008-11-04 20:13 <REP> d-------- C:\skins
2008-11-03 12:10 . 2008-11-03 12:42 <REP> d-------- C:\HammerAutosave
2008-11-02 20:49 . 2008-11-02 21:00 <REP> d-------- c:\program files\GCFScape
2008-10-31 21:35 . 2008-10-31 21:35 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\vlc
2008-10-28 16:33 . 2008-10-28 16:33 <REP> d-------- c:\windows\system32\QuickTime
2008-10-28 16:33 . 2008-10-28 16:33 <REP> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-10-28 16:33 . 2008-01-18 03:36 107,864 --a------ c:\windows\system32\tsccvid.dll
2008-10-28 16:32 . 2008-10-28 16:32 <REP> d-------- c:\program files\TechSmith
2008-10-28 16:32 . 2008-10-28 16:32 <REP> d-------- c:\program files\Fichiers communs\TechSmith Shared
2008-10-22 23:27 . 2008-10-22 23:27 <REP> d-------- C:\srcds
2008-10-22 23:12 . 2008-10-23 12:25 <REP> d-------- c:\documents and settings\kill-me-or-die\dwhelper
2008-10-22 20:00 . 2008-10-22 20:00 <REP> d--h----- c:\windows\PIF
2008-10-21 23:04 . 2008-10-21 23:04 <REP> d-------- c:\program files\PCNetSoftware
2008-10-21 22:39 . 2008-10-21 22:39 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard
2008-10-21 22:38 . 2008-10-21 22:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-10-21 22:38 . 2007-03-28 13:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll
2008-10-21 22:37 . 2008-10-21 22:37 <REP> d-------- c:\program files\HP
2008-10-21 22:37 . 2007-03-18 07:11 675,840 --a------ c:\windows\system32\hpowiax3.dll
2008-10-21 22:37 . 2007-03-18 07:11 569,344 --a------ c:\windows\system32\hpotscl3.dll
2008-10-21 22:37 . 2007-03-08 20:20 364,544 --a------ c:\windows\system32\hppldcoi.dll
2008-10-21 22:37 . 2007-03-08 20:20 309,760 --a------ c:\windows\system32\difxapi.dll
2008-10-21 22:37 . 2007-03-18 07:11 303,104 --a------ c:\windows\system32\hpovst10.dll
2008-10-21 22:37 . 2007-03-31 06:07 267,864 --a------ c:\windows\system32\hpzids01.dll
2008-10-21 22:37 . 2007-03-08 20:20 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2008-10-21 22:37 . 2007-03-08 20:20 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys
2008-10-21 22:37 . 2007-03-08 20:20 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2008-10-15 15:17 . 2008-10-15 15:18 <REP> d-------- c:\program files\TS Admin-Client 2
2008-10-15 14:35 . 2008-10-15 14:35 55 --a------ c:\windows\SpeedGear.INI
2008-10-15 14:03 . 2008-10-15 14:04 318 --a------ c:\windows\WPE PRO.INI
2008-10-15 10:28 . 2008-11-08 23:51 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\CVitae
2008-10-13 18:30 . 2008-10-13 18:30 <REP> d-------- c:\documents and settings\kill-me-or-die\Application Data\OpenOffice.org
2008-10-13 18:27 . 2008-10-13 18:27 <REP> d-------- c:\program files\OpenOffice.org 3
2008-10-13 18:27 . 2008-10-13 18:27 <REP> d-------- c:\program files\JRE
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:11 --------- d-----w c:\program files\Steam
2008-11-09 11:25 --------- d-----w c:\program files\Speed Gear 5
2008-11-08 23:03 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\uTorrent
2008-11-08 18:59 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\HLSW
2008-11-08 18:36 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\FileZilla
2008-11-07 16:36 --------- d-----w c:\program files\Steganos Internet Anonym VPN
2008-11-05 12:45 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\LimeWire
2008-10-28 14:42 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\teamspeak2
2008-10-27 16:15 --------- d-----w c:\program files\Windows Live
2008-10-27 08:24 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Skype
2008-10-27 07:46 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\skypePM
2008-10-24 19:05 --------- d-----w c:\program files\Warcraft III
2008-10-15 17:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-15 17:28 --------- d-----w c:\program files\Panzer Elite Action - Dunes Of War
2008-10-15 14:45 --------- d-----w c:\program files\Teamspeak2_RC2
2008-10-15 14:36 --------- d-----w c:\program files\Teamspeak2_RC21
2008-10-14 15:30 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-13 08:58 --------- d-----w c:\program files\lx_cats
2008-10-04 18:20 138,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-02 16:59 2,829 ----a-w c:\windows\War3Unin.pif
2008-10-02 16:59 139,264 ----a-w c:\windows\War3Unin.exe
2008-10-01 15:10 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\MSN6
2008-10-01 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2008-10-01 10:07 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\PngOptimizer
2008-09-24 18:16 --------- d-----w c:\program files\EA GAMES
2008-09-23 19:39 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Hamachi
2008-09-23 18:21 --------- d-----w c:\program files\Dofus
2008-09-23 16:29 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-09-22 17:31 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\DivX
2008-09-22 17:21 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-09-20 12:26 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Download Manager
2008-09-19 22:05 --------- d-----w c:\program files\Fichiers communs\Nero
2008-09-19 22:05 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-18 19:26 --------- d-----w c:\program files\NeroInstall.bak
2008-09-18 19:26 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Nero
2008-09-14 16:37 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-09-13 16:19 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-09-12 23:26 --------- d-----w c:\program files\Omni-Bot
2008-09-12 19:12 --------- d-----w c:\program files\Xara
2008-09-12 19:12 --------- d-----w c:\program files\Common Files
2008-09-11 16:46 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-10 20:46 --------- d-----w c:\documents and settings\kill-me-or-die\Application Data\Audacity
2008-09-09 19:01 --------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2008-09-09 16:40 --------- d-----w c:\program files\Minimizor
2008-09-09 10:34 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-09-08 17:33 650,338 ----a-w c:\windows\Revolution Script CS UnRevoCS.exe
2008-09-05 20:04 3,902,784 ----a-w c:\documents and settings\kill-me-or-die\gosetup.exe
2008-08-28 23:28 1,748 ----a-w c:\windows\system32\LindiKeyabc.sys
2008-08-15 18:29 86,075 ----a-w c:\windows\system32\vstdlib.dll
2008-08-12 14:07 724,984 ----a-w c:\documents and settings\kill-me-or-die\gotomypc_437.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-09_16.37.28,37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-09 17:11:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-10-29 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-07 185896]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\kill-me-or-die\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\linkinminor\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Namo\\WebEditor 5 Trial\\bin\\WebEditor.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Teamspeak2_RC21\\server_windows.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\CarnivorePE.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\vdlakgoq.exe"=
"c:\\Program Files\\Panzer Elite Action - Dunes Of War\\pea.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Steam\\steamapps\\darknessarmy49\\counter-strike\\hl.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Documents and Settings\\kill-me-or-die\\Mes documents\\Portable mIRC fr\\mIRC.exe"=
"c:\\Program Files\\Steam\\steamapps\\linkinminor\\insurgency\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2008-08-02 4096]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
S3 vhack;vhack;c:\docume~1\KILL-M~1\LOCALS~1\Temp\Rar$EX00.562\vhack.sys [ ]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
2008-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:21:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-09 19:27:21
ComboFix-quarantined-files.txt 2008-11-09 18:26:56
ComboFix2.txt 2008-11-09 16:45:39
ComboFix3.txt 2008-11-09 15:38:10
Avant-CF: 73 004 544 000 octets libres
Après-CF: 72,994,725,888 octets libres
208
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Désolé de te faire refaire la manip mais je me suis emmêler les pinceaux (merci noppp)
fait ce qui suit pour ce soir et on reprends demain si tu veux bien
Sélectionne ceci
Driver::
tap0801
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ensuite Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
Ensuite
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
@+
fait ce qui suit pour ce soir et on reprends demain si tu veux bien
Sélectionne ceci
Driver::
tap0801
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur. si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.
ensuite Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
Ensuite
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
@+
