Problème gestionnaire de taches
eternien
Messages postés
66
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Youpla Boum !
Voila j'ai un petit problème avec mon gestionnaire de taches qui ne veut pas s'ouvrir.
Voila donc le messages que ça m'affiche.
[img]http://images4.hiboox.com/images/4708/3080929040d0eec290b2f31b1444103b.png[/img]
Sans compter que quand mon bureau apparait quelque seconde plus tard la barre de taches et tout les icônes disparaissent et je ne peus donc plus rien faire.
S'il vous plait aidez moi à régler ce problème.
J'ai fais un scan avec Avast mais ça ne change rien.
Voila j'ai un petit problème avec mon gestionnaire de taches qui ne veut pas s'ouvrir.
Voila donc le messages que ça m'affiche.
[img]http://images4.hiboox.com/images/4708/3080929040d0eec290b2f31b1444103b.png[/img]
Sans compter que quand mon bureau apparait quelque seconde plus tard la barre de taches et tout les icônes disparaissent et je ne peus donc plus rien faire.
S'il vous plait aidez moi à régler ce problème.
J'ai fais un scan avec Avast mais ça ne change rien.
A voir également:
- Problème gestionnaire de taches
- Gestionnaire des taches - Guide
- Gestionnaire des taches windows 11 - Guide
- Windows 11 barre des taches a gauche - Guide
- Gestionnaire de périphérique - Guide
- Gestionnaire de fichiers - Télécharger - Gestion de fichiers
31 réponses
combofix
ComboFix 08-11-17.06 - Administrateur 2008-11-18 20:05:05.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2625 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 19:48 . 2008-11-18 19:48 <REP> d-------- c:\program files\InterMute
2008-11-18 19:46 . 2008-11-18 19:48 <REP> d-------- C:\CWS
2008-11-18 19:05 . 2008-11-18 19:24 <REP> d-------- C:\ToolBar SD
2008-11-18 17:55 . 2008-11-18 17:55 <REP> d-------- c:\program files\CCleaner
2008-11-18 17:44 . 2008-11-18 17:58 <REP> d-------- C:\SDFix
2008-11-18 17:41 . 2008-11-18 17:41 <REP> d-------- c:\program files\Trend Micro
2008-11-18 14:47 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-18 14:40 . 2008-11-18 14:40 <REP> d-------- c:\windows\Downloaded Program Files
2008-11-18 14:40 . 2008-11-18 16:33 <REP> d-------- c:\program files\RealAV
2008-11-18 14:00 . 2008-11-18 14:00 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-18 14:00 . 2008-11-18 14:00 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-18 13:57 . 2008-11-18 13:57 4,785 --a------ c:\windows\system32\warning.gif
2008-11-18 13:57 . 2008-11-18 13:57 1,349 --a------ c:\windows\system32\ahtn.htm
2008-11-18 13:57 . 2008-11-18 13:57 475 --a------ c:\windows\system32\win32hlp.cnf
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\qoMcaYSm.dll
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\nnnkJdeF.dll
2008-11-18 13:56 . 2008-11-18 13:56 23,552 --a------ c:\windows\system32\frmwrk32.exe
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\uniq.tll
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\test.ttt
2008-11-18 13:51 . 2008-11-18 19:03 0 --a------ c:\windows\system32\drivers\d28f34b8.sys
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\program files\Vstplugins
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-08 00:34 . 2008-11-08 00:34 <REP> d-------- c:\program files\DivX
2008-11-07 21:05 . 2008-11-07 21:05 72 ---hs---- C:\desktop.ini
2008-11-06 09:02 . 2008-11-06 09:02 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\windows\Logs
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-05 11:32 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-05 11:32 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-05 11:32 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-05 11:32 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-05 11:32 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-05 11:32 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-05 11:32 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-05 11:29 . 2008-11-05 11:29 <REP> d-------- c:\windows\system32\XPSViewer
2008-11-05 11:28 . 2008-11-05 11:28 <REP> d-------- c:\windows\system32\xlive
2008-11-02 14:54 . 2008-11-02 14:54 0 -ra------ C:\logwmemory.bin
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\windows\system32\AGEIA
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\AGEIA Technologies
2008-11-01 20:44 . 2008-11-01 20:44 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Soldat
2008-11-01 19:56 . 2008-11-01 19:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Talkback
2008-11-01 05:40 . 2008-11-14 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-10-31 23:31 . 2008-11-01 13:10 6,201,856 --a------ c:\windows\system32\CCL_Launcher.exe
2008-10-31 23:25 . 2008-10-31 23:25 1,060,864 --a------ c:\windows\system32\libeay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 916,849 --a------ c:\windows\system32\libiconv-2.dll
2008-10-31 23:25 . 2008-10-31 23:25 200,704 --a------ c:\windows\system32\ssleay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 169,092 --a------ c:\windows\system32\libpq8x.dll
2008-10-31 23:25 . 2008-10-31 23:25 149,726 --a------ c:\windows\system32\libpq.dll
2008-10-31 23:25 . 2008-10-31 23:25 51,016 --a------ c:\windows\system32\libintl-2.dll
2008-10-30 02:24 . 2008-10-30 02:24 42,320 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 18:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\DNA
2008-11-18 18:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xfire
2008-11-18 18:36 --------- d-----w c:\program files\DNA
2008-11-15 12:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\BitTorrent
2008-11-14 15:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 10:00 --------- d-----w c:\program files\Xfire
2008-11-05 10:43 --------- d-----w c:\program files\Stardock
2008-11-01 19:38 --------- d-----w c:\program files\MSN Messenger
2008-10-17 09:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\Spore
2008-09-21 11:57 --------- d-----w c:\program files\Electronic Arts
2008-09-21 10:52 --------- d-----w c:\program files\QuickTime
2008-09-21 10:52 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-21 10:52 --------- d-----w c:\program files\Apple Software Update
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-09-20 11:15 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-09-20 11:15 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-20 10:48 --------- d-----w c:\program files\Frets on Fire
2008-09-20 10:48 --------- d-----w c:\documents and settings\Administrateur\Application Data\fretsonfire
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-04 01:57 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.
------- Sigcheck -------
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\dllcache\TCPIP.SYS
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\TCPIP.SYS
2006-08-25 16:59 1407488 5d0b9a8658ec74b5f8bec2b5558694bd c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-18_19.20.39.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-18 18:35:59 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_5f4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9}]
2008-11-18 13:56 26624 --a------ c:\windows\system32\nnnkJdeF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-14 342336]
"eMuleAutoStart"="j:\emule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2006-09-05 497152]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-12-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-03-15 190024]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"Adobe Reader Speed Launcher"="c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-10-30 3104080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FBE76309-BDA9-4587-B89B-8823590B45C9}"= "c:\windows\system32\nnnkJdeF.dll" [2008-11-18 26624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjdef]
2008-11-18 13:56 26624 c:\windows\system32\nnnkJdeF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"C:1\\Everquest II\\LaunchPad.exe"=
"C:2\\Everquest II\\LaunchPad.exe"=
"C:3\\Everquest II\\LaunchPad.exe"=
"C:4\\eMule\\emule.exe"=
"C:3\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"j:\\eMule\\emule.exe"=
"i:\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"\\\\le-mien\\LAN$\\Quake III\\quake3.exe"=
"\\\\Yahooo\\Vietcong\\Vietcong\\vietcong.exe"=
"\\\\le-mien\\lan$\\DOW\\W40kWA.exe"=
"e:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\BlackDC.exe"=
"\\\\le-mien\\lan$\\UT 2004\\System\\UT2004.exe"=
"e:\\Soldat\\Soldat.exe"=
"C:0\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-11-18 110160]
R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 R54G Wireless Service;R54G Wireless Service;c:\program files\Wireless 802.11g Monitor\WLService.exe [2008-03-07 49152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2008-03-11 38656]
S1 d28f34b8;d28f34b8;c:\windows\system32\drivers\d28f34b8.sys [2008-11-18 0]
S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\MS-5530.sys [2008-08-23 7552]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'
2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-18 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 02:05]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\jxi3034h.default\
FF -: plugin - c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 20:06:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\nnnkJdeF.dll
.
Heure de fin: 2008-11-18 20:06:36
ComboFix-quarantined-files.txt 2008-11-18 19:06:34
ComboFix2.txt 2008-11-18 18:38:00
ComboFix3.txt 2008-11-18 18:21:04
Avant-CF: 2 138 312 704 octets libres
Après-CF: 2,124,492,800 octets libres
234
ComboFix 08-11-17.06 - Administrateur 2008-11-18 20:05:05.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2625 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
.
2008-11-18 19:48 . 2008-11-18 19:48 <REP> d-------- c:\program files\InterMute
2008-11-18 19:46 . 2008-11-18 19:48 <REP> d-------- C:\CWS
2008-11-18 19:05 . 2008-11-18 19:24 <REP> d-------- C:\ToolBar SD
2008-11-18 17:55 . 2008-11-18 17:55 <REP> d-------- c:\program files\CCleaner
2008-11-18 17:44 . 2008-11-18 17:58 <REP> d-------- C:\SDFix
2008-11-18 17:41 . 2008-11-18 17:41 <REP> d-------- c:\program files\Trend Micro
2008-11-18 14:47 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-18 14:40 . 2008-11-18 14:40 <REP> d-------- c:\windows\Downloaded Program Files
2008-11-18 14:40 . 2008-11-18 16:33 <REP> d-------- c:\program files\RealAV
2008-11-18 14:00 . 2008-11-18 14:00 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-18 14:00 . 2008-11-18 14:00 552 --a------ c:\windows\system32\d3d8caps.dat
2008-11-18 13:57 . 2008-11-18 13:57 4,785 --a------ c:\windows\system32\warning.gif
2008-11-18 13:57 . 2008-11-18 13:57 1,349 --a------ c:\windows\system32\ahtn.htm
2008-11-18 13:57 . 2008-11-18 13:57 475 --a------ c:\windows\system32\win32hlp.cnf
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\qoMcaYSm.dll
2008-11-18 13:56 . 2008-11-18 13:56 26,624 --a------ c:\windows\system32\nnnkJdeF.dll
2008-11-18 13:56 . 2008-11-18 13:56 23,552 --a------ c:\windows\system32\frmwrk32.exe
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\uniq.tll
2008-11-18 13:56 . 2008-11-18 13:56 1 --a------ c:\windows\system32\test.ttt
2008-11-18 13:51 . 2008-11-18 19:03 0 --a------ c:\windows\system32\drivers\d28f34b8.sys
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\program files\Vstplugins
2008-11-18 13:43 . 2008-11-18 13:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-08 00:34 . 2008-11-08 00:34 <REP> d-------- c:\program files\DivX
2008-11-07 21:05 . 2008-11-07 21:05 72 ---hs---- C:\desktop.ini
2008-11-06 09:02 . 2008-11-06 09:02 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Apple Computer
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\windows\Logs
2008-11-05 11:32 . 2008-11-05 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-11-05 11:32 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-11-05 11:32 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-11-05 11:32 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-11-05 11:32 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-11-05 11:32 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-11-05 11:32 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-11-05 11:32 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-11-05 11:29 . 2008-11-05 11:29 <REP> d-------- c:\windows\system32\XPSViewer
2008-11-05 11:28 . 2008-11-05 11:28 <REP> d-------- c:\windows\system32\xlive
2008-11-02 14:54 . 2008-11-02 14:54 0 -ra------ C:\logwmemory.bin
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\windows\system32\AGEIA
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-02 13:55 . 2008-11-02 13:55 <REP> d-------- c:\program files\AGEIA Technologies
2008-11-01 20:44 . 2008-11-01 20:44 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Soldat
2008-11-01 19:56 . 2008-11-01 19:56 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Talkback
2008-11-01 05:40 . 2008-11-14 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-10-31 23:31 . 2008-11-01 13:10 6,201,856 --a------ c:\windows\system32\CCL_Launcher.exe
2008-10-31 23:25 . 2008-10-31 23:25 1,060,864 --a------ c:\windows\system32\libeay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 916,849 --a------ c:\windows\system32\libiconv-2.dll
2008-10-31 23:25 . 2008-10-31 23:25 200,704 --a------ c:\windows\system32\ssleay32.dll
2008-10-31 23:25 . 2008-10-31 23:25 169,092 --a------ c:\windows\system32\libpq8x.dll
2008-10-31 23:25 . 2008-10-31 23:25 149,726 --a------ c:\windows\system32\libpq.dll
2008-10-31 23:25 . 2008-10-31 23:25 51,016 --a------ c:\windows\system32\libintl-2.dll
2008-10-30 02:24 . 2008-10-30 02:24 42,320 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 18:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\DNA
2008-11-18 18:37 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xfire
2008-11-18 18:36 --------- d-----w c:\program files\DNA
2008-11-15 12:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\BitTorrent
2008-11-14 15:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 10:00 --------- d-----w c:\program files\Xfire
2008-11-05 10:43 --------- d-----w c:\program files\Stardock
2008-11-01 19:38 --------- d-----w c:\program files\MSN Messenger
2008-10-17 09:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\Spore
2008-09-21 11:57 --------- d-----w c:\program files\Electronic Arts
2008-09-21 10:52 --------- d-----w c:\program files\QuickTime
2008-09-21 10:52 --------- d-----w c:\program files\Fichiers communs\Apple
2008-09-21 10:52 --------- d-----w c:\program files\Apple Software Update
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-21 10:52 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-09-20 11:15 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-09-20 11:15 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-20 10:48 --------- d-----w c:\program files\Frets on Fire
2008-09-20 10:48 --------- d-----w c:\documents and settings\Administrateur\Application Data\fretsonfire
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-04 01:57 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.
------- Sigcheck -------
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\dllcache\TCPIP.SYS
2008-03-18 15:29 360576 bd8686216e34e22c4ed45a2320b2bea1 c:\windows\system32\drivers\TCPIP.SYS
2006-08-25 16:59 1407488 5d0b9a8658ec74b5f8bec2b5558694bd c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-18_19.20.39.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-18 18:35:59 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\Temp\Perflib_Perfdata_5f4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9}]
2008-11-18 13:56 26624 --a------ c:\windows\system32\nnnkJdeF.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-14 342336]
"eMuleAutoStart"="j:\emule\emule.exe" [2008-08-01 5480448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2006-09-05 497152]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-12-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2008-03-15 190024]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"Adobe Reader Speed Launcher"="c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-10-30 3104080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FBE76309-BDA9-4587-B89B-8823590B45C9}"= "c:\windows\system32\nnnkJdeF.dll" [2008-11-18 26624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjdef]
2008-11-18 13:56 26624 c:\windows\system32\nnnkJdeF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"C:1\\Everquest II\\LaunchPad.exe"=
"C:2\\Everquest II\\LaunchPad.exe"=
"C:3\\Everquest II\\LaunchPad.exe"=
"C:4\\eMule\\emule.exe"=
"C:3\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"j:\\eMule\\emule.exe"=
"i:\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
"\\\\le-mien\\LAN$\\Quake III\\quake3.exe"=
"\\\\Yahooo\\Vietcong\\Vietcong\\vietcong.exe"=
"\\\\le-mien\\lan$\\DOW\\W40kWA.exe"=
"e:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrateur\\Bureau\\BlackDC.exe"=
"\\\\le-mien\\lan$\\UT 2004\\System\\UT2004.exe"=
"e:\\Soldat\\Soldat.exe"=
"C:0\\Everquest II\\LP_REGION_FR_FR\\LaunchPad.exe"=
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswsp.sys [2008-11-18 110160]
R2 acedrv11;acedrv11;\??\c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
R2 aswfsblk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 R54G Wireless Service;R54G Wireless Service;c:\program files\Wireless 802.11g Monitor\WLService.exe [2008-03-07 49152]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2008-03-11 38656]
S1 d28f34b8;d28f34b8;c:\windows\system32\drivers\d28f34b8.sys [2008-11-18 0]
S3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\MS-5530.sys [2008-08-23 7552]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'
2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-18 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-07 02:05]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\jxi3034h.default\
FF -: plugin - c:\documents and settings\Administrateur\Bureau\titay\certificat de non gage\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 20:06:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\nnnkJdeF.dll
.
Heure de fin: 2008-11-18 20:06:36
ComboFix-quarantined-files.txt 2008-11-18 19:06:34
ComboFix2.txt 2008-11-18 18:38:00
ComboFix3.txt 2008-11-18 18:21:04
Avant-CF: 2 138 312 704 octets libres
Après-CF: 2,124,492,800 octets libres
234
Hi,
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
- Mets le à jour
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Alut.
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
- Mets le à jour
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Alut.
Ca me met
"Ce programme requiert la version 4.0 ou supérieure de Windows NT."
Edit : c'est bon j'ai mis en mode de comptabilité NT 4.
"Ce programme requiert la version 4.0 ou supérieure de Windows NT."
Edit : c'est bon j'ai mis en mode de comptabilité NT 4.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voila le rapport
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
18/11/2008 21:10:58 Reloaded
mbam-log-2008-11-18 (21-10-58).txt
Type de recherche: Examen complet (C:\|E:\|I:\|J:\|)
Eléments examinés: 206421
Temps écoulé: 42 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkjdef (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Infected (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Suspicious (Rogue.RealAV) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcaYSm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\Documents\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\trz4.tmp (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\vscan.tsi (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\zlib.dll (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
18/11/2008 21:10:58 Reloaded
mbam-log-2008-11-18 (21-10-58).txt
Type de recherche: Examen complet (C:\|E:\|I:\|J:\|)
Eléments examinés: 206421
Temps écoulé: 42 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkjdef (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbe76309-bda9-4587-b89b-8823590b45c9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Infected (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Suspicious (Rogue.RealAV) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnkJdeF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMcaYSm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
E:\Documents\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\trz4.tmp (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\vscan.tsi (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\zlib.dll (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30 Reloaded, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Documents and Settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] J:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%SystemRoot%\Web\Wallpaper" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] cmd.exe /c md "%AppData%\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
Scan saved at 22:30 Reloaded, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Documents and Settings\Administrateur\Bureau\titay\certificat de non gage\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] J:\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%SystemRoot%\Web\Wallpaper" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] cmd.exe /c md "%AppData%\Microsoft\Internet Explorer\Quick Launch" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer = 213.36.80.1
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
Hi,
Installe [- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe smitfraudfix]
Option:1 => Recherche:
* Double cliquer sur SmitfraudFix.exe
* Sélectionner 1 et pressez =>Entrée dans le menu pour créer
un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
C:\rapport.txt
==>et colle le rapport génèrer sur le forum.
*=>Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Alut.
Installe [- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe smitfraudfix]
Option:1 => Recherche:
* Double cliquer sur SmitfraudFix.exe
* Sélectionner 1 et pressez =>Entrée dans le menu pour créer
un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
C:\rapport.txt
==>et colle le rapport génèrer sur le forum.
*=>Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Alut.
SmitFraudFix v2.375
Rapport fait à 14:06:28,84, 19/11/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: RT73 USB Wireless LAN Card
DNS Server Search Order: 213.36.80.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 14:06:28,84, 19/11/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
J:\eMule\emule.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: RT73 USB Wireless LAN Card
DNS Server Search Order: 213.36.80.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{32A86DC7-E6A3-4FD4-A4BB-E819D2B46CA0}: NameServer=213.36.80.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
