Problème gestionnaire de taches
Fermé
eternien
Messages postés
60
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
25 novembre 2018
-
18 nov. 2008 à 16:47
Utilisateur anonyme - 19 nov. 2008 à 19:16
Utilisateur anonyme - 19 nov. 2008 à 19:16
A voir également:
- Problème gestionnaire de taches
- Gestionnaire des taches linux - Forum Linux / Unix
- Gestionnaire des taches - Guide
- Barre des taches bloquée - Guide
- Gestionnaire de photos - Guide
- Gestionnaire de périphérique - Guide
31 réponses
eternien
Messages postés
60
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
25 novembre 2018
2
18 nov. 2008 à 20:07
18 nov. 2008 à 20:07
combofix
ComboFix 08-11-17.06 - Administrateur 2008-11-18 20:05:05.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2625 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 19:48 . 2008-11-18 19:48 <REP> d-------- c:\program files\InterMute
2008-11-18 19:46 . 2008-11-18 19:48 <REP> d-------- C:\CWS
2008-11-18 19:05 . 2008-11-18 19:24 <REP> d-------- C:\ToolBar SD
2008-11-18 17:55 . 2008-11-18 17:55 <REP> d-------- c:\program files\CCleaner
2008-11-18 17:44 . 2008-11-18 17:58 <REP> d-------- C:\SDFix
2008-11-18 17:41 . 2008-11-18 17:41 <REP> d-------- c:\program files\Trend Micro
2008-11-18 14:47 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-18 14:40 . 2008-11-18 14:40 <REP> d-------- c:\windows\Downloaded Program Files
2008-11-18 14:40 . 2008-11-18 16:33 <REP> d-------- c:\program files\RealAV
2008-11-18 14:00 . 2008-11-18 14:00 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-18 14:00 . 2008-11-18 14:00 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-18 13:57 . 2008-11-18 13:57 4,785 --a------ c:\windows\system32\warning.gif
2008-11-18 13:57 . 2008-11-18 13:57 1,349 --a------ c:\windows\system32\ahtn.htm
2008-11-18 13:57 . 2008-11-18 13:57 475 --a------ c:\windows\system32\win32hlp.cnf
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\qoMcaYSm.dll
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\nnnkJdeF.dll
2008-11-18 13:56 . 2008-11-18 13:56 23,552 --a------ c:\windows\system32\frmwrk32.exe
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\uniq.tll
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\test.ttt
2008-11-18 13:51 . 2008-11-18 19:03 0 --a------ c:\windows\system32\drivers\d28f34b8.sys
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\program files\Vstplugins
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-08 00:34 . 2008-11-08 00:34 <REP> d-------- c:\program files\DivX
2008-11-07 21:05 . 2008-11-07 21:05 72 ---hs---- C:\desktop.ini
2008-11-06 09:02 . 2008-11-06 09:02 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\windows\Logs
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-05 11:32 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-05 11:32 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-05 11:32 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-05 11:32 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-05 11:32 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-05 11:32 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-05 11:32 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-05 11:29 . 2008-11-05 11:29 <REP> d-------- c:\windows\system32\XPSViewer
2008-11-05 11:28 . 2008-11-05 11:28 <REP> d-------- c:\windows\system32\xlive
2008-11-02 14:54 . 2008-11-02 14:54 0 -ra------ C:\logwmemory.bin
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\windows\system32\AGEIA
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\AGEIA Technologies
2008-11-01 20:44 . 2008-11-01 20:44 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Soldat
2008-11-01 19:56 . 2008-11-01 19:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Talkback
2008-11-01 05:40 . 2008-11-14 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-10-31 23:31 . 2008-11-01 13:10 6,201,856 --a------ c:\windows\system32\CCL_Launcher.exe
2008-10-31 23:25 . 2008-10-31 23:25 1,060,864 --a------ c:\windows\system32\libeay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 916,849 --a------ c:\windows\system32\libiconv-2.dll
2008-10-31 23:25 . 2008-10-31 23:25 200,704 --a------ c:\windows\system32\ssleay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 169,092 --a------ c:\windows\system32\libpq8x.dll
2008-10-31 23:25 . 2008-10-31 23:25 149,726 --a------ c:\windows\system32\libpq.dll
2008-10-31 23:25 . 2008-10-31 23:25 51,016 --a------ c:\windows\system32\libintl-2.dll
2008-10-30 02:24 . 2008-10-30 02:24 42,320 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 18:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\DNA
2008-11-18 18:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xfire
2008-11-18 18:36 --------- d-----w c:\program files\DNA
2008-11-15 12:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\BitTorrent
2008-11-14 15:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 10:00 --------- d-----w c:\program files\Xfire
2008-11-05 10:43 --------- d-----w c:\program files\Stardock
2008-11-01 19:38 --------- d-----w c:\program files\MSN Messenger
2008-10-17 09:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\Spore
2008-09-21 11:57 --------- d-----w c:\program files\Electronic Arts
2008-09-21 10:52 --------- d-----w c:\program files\QuickTime
2008-09-21 10:52 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-21 10:52 --------- d-----w c:\program files\Apple Software Update
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-09-20 11:15 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-09-20 11:15 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-20 10:48 --------- d-----w c:\program files\Frets on Fire
2008-09-20 10:48 --------- d-----w c:\documents and settings\Administrateur\Application Data\fretsonfire
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-04 01:57 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.
------- Sigcheck -------
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\dllcache\TCPIP.SYS
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\TCPIP.SYS
2006-08-25 16:59 1407488 5d0b9a8658ec74b5f8bec2b5558694bd c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-18_19.20.39.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-18 18:35:59 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_5f4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9}]
2008-11-18 13:56 26624 --a------ c:\windows\system32\nnnkJdeF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-14 342336]
"eMuleAutoStart"="j:\emule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2006-09-05 497152]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-12-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-03-15 190024]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"Adobe Reader Speed Launcher"="c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-10-30 3104080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FBE76309-BDA9-4587-B89B-8823590B45C9}"= "c:\windows\system32\nnnkJdeF.dll" [2008-11-18 26624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjdef]
2008-11-18 13:56 26624 c:\windows\system32\nnnkJdeF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"C:1\\Everquest II\\LaunchPad.exe"=
"C:2\\Everquest II\\LaunchPad.exe"=
"C:3\\Everquest II\\LaunchPad.exe"=
"C:4\\eMule\\emule.exe"=
"C:3\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"j:\\eMule\\emule.exe"=
"i:\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"\\\\le-mien\\LAN$\\Quake III\\quake3.exe"=
"\\\\Yahooo\\Vietcong\\Vietcong\\vietcong.exe"=
"\\\\le-mien\\lan$\\DOW\\W40kWA.exe"=
"e:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\BlackDC.exe"=
"\\\\le-mien\\lan$\\UT 2004\\System\\UT2004.exe"=
"e:\\Soldat\\Soldat.exe"=
"C:0\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-11-18 110160]
R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 R54G Wireless Service;R54G Wireless Service;c:\program files\Wireless 802.11g Monitor\WLService.exe [2008-03-07 49152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2008-03-11 38656]
S1 d28f34b8;d28f34b8;c:\windows\system32\drivers\d28f34b8.sys [2008-11-18 0]
S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\MS-5530.sys [2008-08-23 7552]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'
2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-18 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 02:05]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\jxi3034h.default\
FF -: plugin - c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 20:06:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\nnnkJdeF.dll
.
Heure de fin: 2008-11-18 20:06:36
ComboFix-quarantined-files.txt 2008-11-18 19:06:34
ComboFix2.txt 2008-11-18 18:38:00
ComboFix3.txt 2008-11-18 18:21:04
Avant-CF: 2 138 312 704 octets libres
Après-CF: 2,124,492,800 octets libres
234
ComboFix 08-11-17.06 - Administrateur 2008-11-18 20:05:05.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2625 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 19:48 . 2008-11-18 19:48 <REP> d-------- c:\program files\InterMute
2008-11-18 19:46 . 2008-11-18 19:48 <REP> d-------- C:\CWS
2008-11-18 19:05 . 2008-11-18 19:24 <REP> d-------- C:\ToolBar SD
2008-11-18 17:55 . 2008-11-18 17:55 <REP> d-------- c:\program files\CCleaner
2008-11-18 17:44 . 2008-11-18 17:58 <REP> d-------- C:\SDFix
2008-11-18 17:41 . 2008-11-18 17:41 <REP> d-------- c:\program files\Trend Micro
2008-11-18 14:47 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-18 14:40 . 2008-11-18 14:40 <REP> d-------- c:\windows\Downloaded Program Files
2008-11-18 14:40 . 2008-11-18 16:33 <REP> d-------- c:\program files\RealAV
2008-11-18 14:00 . 2008-11-18 14:00 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-18 14:00 . 2008-11-18 14:00 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-18 13:57 . 2008-11-18 13:57 4,785 --a------ c:\windows\system32\warning.gif
2008-11-18 13:57 . 2008-11-18 13:57 1,349 --a------ c:\windows\system32\ahtn.htm
2008-11-18 13:57 . 2008-11-18 13:57 475 --a------ c:\windows\system32\win32hlp.cnf
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\qoMcaYSm.dll
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\nnnkJdeF.dll
2008-11-18 13:56 . 2008-11-18 13:56 23,552 --a------ c:\windows\system32\frmwrk32.exe
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\uniq.tll
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\test.ttt
2008-11-18 13:51 . 2008-11-18 19:03 0 --a------ c:\windows\system32\drivers\d28f34b8.sys
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\program files\Vstplugins
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-08 00:34 . 2008-11-08 00:34 <REP> d-------- c:\program files\DivX
2008-11-07 21:05 . 2008-11-07 21:05 72 ---hs---- C:\desktop.ini
2008-11-06 09:02 . 2008-11-06 09:02 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\windows\Logs
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-05 11:32 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-05 11:32 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-05 11:32 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-05 11:32 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-05 11:32 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-05 11:32 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-05 11:32 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-05 11:29 . 2008-11-05 11:29 <REP> d-------- c:\windows\system32\XPSViewer
2008-11-05 11:28 . 2008-11-05 11:28 <REP> d-------- c:\windows\system32\xlive
2008-11-02 14:54 . 2008-11-02 14:54 0 -ra------ C:\logwmemory.bin
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\windows\system32\AGEIA
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\AGEIA Technologies
2008-11-01 20:44 . 2008-11-01 20:44 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Soldat
2008-11-01 19:56 . 2008-11-01 19:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Talkback
2008-11-01 05:40 . 2008-11-14 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-10-31 23:31 . 2008-11-01 13:10 6,201,856 --a------ c:\windows\system32\CCL_Launcher.exe
2008-10-31 23:25 . 2008-10-31 23:25 1,060,864 --a------ c:\windows\system32\libeay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 916,849 --a------ c:\windows\system32\libiconv-2.dll
2008-10-31 23:25 . 2008-10-31 23:25 200,704 --a------ c:\windows\system32\ssleay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 169,092 --a------ c:\windows\system32\libpq8x.dll
2008-10-31 23:25 . 2008-10-31 23:25 149,726 --a------ c:\windows\system32\libpq.dll
2008-10-31 23:25 . 2008-10-31 23:25 51,016 --a------ c:\windows\system32\libintl-2.dll
2008-10-30 02:24 . 2008-10-30 02:24 42,320 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 18:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\DNA
2008-11-18 18:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xfire
2008-11-18 18:36 --------- d-----w c:\program files\DNA
2008-11-15 12:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\BitTorrent
2008-11-14 15:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 10:00 --------- d-----w c:\program files\Xfire
2008-11-05 10:43 --------- d-----w c:\program files\Stardock
2008-11-01 19:38 --------- d-----w c:\program files\MSN Messenger
2008-10-17 09:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\Spore
2008-09-21 11:57 --------- d-----w c:\program files\Electronic Arts
2008-09-21 10:52 --------- d-----w c:\program files\QuickTime
2008-09-21 10:52 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-21 10:52 --------- d-----w c:\program files\Apple Software Update
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-09-20 11:15 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-09-20 11:15 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-20 10:48 --------- d-----w c:\program files\Frets on Fire
2008-09-20 10:48 --------- d-----w c:\documents and settings\Administrateur\Application Data\fretsonfire
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-04 01:57 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.
------- Sigcheck -------
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\dllcache\TCPIP.SYS
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\TCPIP.SYS
2006-08-25 16:59 1407488 5d0b9a8658ec74b5f8bec2b5558694bd c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-18_19.20.39.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-18 18:35:59 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_5f4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9}]
2008-11-18 13:56 26624 --a------ c:\windows\system32\nnnkJdeF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-14 342336]
"eMuleAutoStart"="j:\emule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2006-09-05 497152]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-12-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-03-15 190024]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"Adobe Reader Speed Launcher"="c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-10-30 3104080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FBE76309-BDA9-4587-B89B-8823590B45C9}"= "c:\windows\system32\nnnkJdeF.dll" [2008-11-18 26624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjdef]
2008-11-18 13:56 26624 c:\windows\system32\nnnkJdeF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"C:1\\Everquest II\\LaunchPad.exe"=
"C:2\\Everquest II\\LaunchPad.exe"=
"C:3\\Everquest II\\LaunchPad.exe"=
"C:4\\eMule\\emule.exe"=
"C:3\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"j:\\eMule\\emule.exe"=
"i:\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"\\\\le-mien\\LAN$\\Quake III\\quake3.exe"=
"\\\\Yahooo\\Vietcong\\Vietcong\\vietcong.exe"=
"\\\\le-mien\\lan$\\DOW\\W40kWA.exe"=
"e:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\BlackDC.exe"=
"\\\\le-mien\\lan$\\UT 2004\\System\\UT2004.exe"=
"e:\\Soldat\\Soldat.exe"=
"C:0\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-11-18 110160]
R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 R54G Wireless Service;R54G Wireless Service;c:\program files\Wireless 802.11g Monitor\WLService.exe [2008-03-07 49152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2008-03-11 38656]
S1 d28f34b8;d28f34b8;c:\windows\system32\drivers\d28f34b8.sys [2008-11-18 0]
S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\MS-5530.sys [2008-08-23 7552]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'
2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-18 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 02:05]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\jxi3034h.default\
FF -: plugin - c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 20:06:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\nnnkJdeF.dll
.
Heure de fin: 2008-11-18 20:06:36
ComboFix-quarantined-files.txt 2008-11-18 19:06:34
ComboFix2.txt 2008-11-18 18:38:00
ComboFix3.txt 2008-11-18 18:21:04
Avant-CF: 2 138 312 704 octets libres
Après-CF: 2,124,492,800 octets libres
234
Hi,
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
- Mets le à jour
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Alut.
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
- Mets le à jour
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Alut.
eternien
Messages postés
60
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
25 novembre 2018
2
18 nov. 2008 à 20:24
18 nov. 2008 à 20:24
Ca me met
"Ce programme requiert la version 4.0 ou supérieure de Windows NT."
Edit : c'est bon j'ai mis en mode de comptabilité NT 4.
"Ce programme requiert la version 4.0 ou supérieure de Windows NT."
Edit : c'est bon j'ai mis en mode de comptabilité NT 4.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
eternien
Messages postés
60
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
25 novembre 2018
2
18 nov. 2008 à 21:14
18 nov. 2008 à 21:14
Voila le rapport
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
18/11/2008 21:10:58 Reloaded
mbam-log-2008-11-18 (21-10-58).txt
Type de recherche: Examen complet (C:\|E:\|I:\|J:\|)
Eléments examinés: 206421
Temps écoulé: 42 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkjdef (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Infected (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Suspicious (Rogue.RealAV) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcaYSm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\Documents\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\trz4.tmp (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\vscan.tsi (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\zlib.dll (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
18/11/2008 21:10:58 Reloaded
mbam-log-2008-11-18 (21-10-58).txt
Type de recherche: Examen complet (C:\|E:\|I:\|J:\|)
Eléments examinés: 206421
Temps écoulé: 42 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkjdef (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Infected (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Suspicious (Rogue.RealAV) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcaYSm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\Documents\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\trz4.tmp (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\vscan.tsi (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\zlib.dll (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
eternien
Messages postés
60
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
25 novembre 2018
2
18 nov. 2008 à 22:31
18 nov. 2008 à 22:31
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30 Reloaded, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Documents and Settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] J:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%SystemRoot%\Web\Wallpaper" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] cmd.exe /c md "%AppData%\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
Scan saved at 22:30 Reloaded, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Documents and Settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] J:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%SystemRoot%\Web\Wallpaper" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] cmd.exe /c md "%AppData%\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
Hi,
Installe [- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe smitfraudfix]
Option:1 => Recherche:
* Double cliquer sur SmitfraudFix.exe
* Sélectionner 1 et pressez =>Entrée dans le menu pour créer
un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
C:\rapport.txt
==>et colle le rapport génèrer sur le forum.
*=>Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Alut.
Installe [- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe smitfraudfix]
Option:1 => Recherche:
* Double cliquer sur SmitfraudFix.exe
* Sélectionner 1 et pressez =>Entrée dans le menu pour créer
un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
C:\rapport.txt
==>et colle le rapport génèrer sur le forum.
*=>Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Alut.
eternien
Messages postés
60
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
25 novembre 2018
2
18 nov. 2008 à 22:38
18 nov. 2008 à 22:38
Oki ferais ça demain, la je suis crevé.
eternien
Messages postés
60
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
25 novembre 2018
2
19 nov. 2008 à 14:07
19 nov. 2008 à 14:07
SmitFraudFix v2.375
Rapport fait à 14:06:28,84, 19/11/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: RT73 USB Wireless LAN Card
DNS Server Search Order: 213.36.80.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 14:06:28,84, 19/11/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: RT73 USB Wireless LAN Card
DNS Server Search Order: 213.36.80.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin