Probleme virale?
Résolu
Utilisateur anonyme
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, Pour ceux qui me connaise et OUI! je suis de retour bon je vous raconte mon probleme:
Mon pc est devenu plus lent que d'habitude (je l'ai demonté mais j'ai bien fais attention de pas forcer et ne pas toucher au endroit fragile car j'ai bloquez une mini sd dans un fente a carte sd que je n'ai pas reussis a enlever Lol)
je vous donne le raport hijacktis mais je ne pense pas que sa a rapport etant donné que le son et l'image sont decalé des fois [exemple : quand j'ouvre msn j'entend msn mais je le vois pas ] mais bon je vous montre quand meme le rapport !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:16, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avira\Avira Premium Security Suite\avscan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA541] command /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3058] cmd /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8743] command /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3736] cmd /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4573] command /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7620] cmd /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1492] command /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8423] cmd /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9012] command /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKLM\..\RunOnce: [SpybotDeletingC679] cmd /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB2183] command /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8657] cmd /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4528] command /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8289] cmd /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKCU\..\RunOnce: [SpybotDeletingB393] command /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7959] cmd /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4996] command /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9569] cmd /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4534] command /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKCU\..\RunOnce: [SpybotDeletingD570] cmd /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Mon pc est devenu plus lent que d'habitude (je l'ai demonté mais j'ai bien fais attention de pas forcer et ne pas toucher au endroit fragile car j'ai bloquez une mini sd dans un fente a carte sd que je n'ai pas reussis a enlever Lol)
je vous donne le raport hijacktis mais je ne pense pas que sa a rapport etant donné que le son et l'image sont decalé des fois [exemple : quand j'ouvre msn j'entend msn mais je le vois pas ] mais bon je vous montre quand meme le rapport !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:16, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avira\Avira Premium Security Suite\avscan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA541] command /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3058] cmd /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8743] command /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3736] cmd /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4573] command /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7620] cmd /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1492] command /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8423] cmd /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9012] command /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKLM\..\RunOnce: [SpybotDeletingC679] cmd /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB2183] command /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8657] cmd /c del "C:\WINDOWS\system32\28463\EINC.001"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4528] command /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8289] cmd /c del "C:\WINDOWS\system32\28463\EINC.006"
O4 - HKCU\..\RunOnce: [SpybotDeletingB393] command /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7959] cmd /c del "C:\WINDOWS\system32\28463\EINC.007"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4996] command /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9569] cmd /c del "C:\WINDOWS\system32\28463\EINC.002"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4534] command /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - HKCU\..\RunOnce: [SpybotDeletingD570] cmd /c del "C:\WINDOWS\system32\28463\EINC.005"
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
A voir également:
- Probleme virale?
- Alerte virale critique virus defender - Accueil - Arnaque
- Carte virale - Guide
13 réponses
slt
vire ce qui est en quarantaine (sauvegarde) de spybot puis desinstalle spybot
ensuite si tu as la suite avira il ne faut pas activer le parefeu de cette suite si tu as zone alarm actif!
ensuite
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
vire ce qui est en quarantaine (sauvegarde) de spybot puis desinstalle spybot
ensuite si tu as la suite avira il ne faut pas activer le parefeu de cette suite si tu as zone alarm actif!
ensuite
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ComboFix 08-11-27.03 - MUSTAPHA 2008-11-27 20:06:58.6 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1443 [GMT 1:00]
Lancé depuis: c:\documents and settings\MUSTAPHA\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\ktd32.atm
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
.
2008-11-27 14:47 . 2008-11-27 14:47 <REP> d--hs---- C:\FOUND.003
2008-11-26 18:53 . 2008-11-26 18:53 <REP> d--hs---- C:\FOUND.002
2008-11-25 18:38 . 2008-11-25 23:07 99 -r-hs---- c:\windows\smms.bat
2008-11-22 16:29 . 2008-11-22 16:29 0 --a------ c:\windows\optiflash.INI
2008-11-21 18:07 . 2008-11-21 18:07 <REP> d-------- c:\program files\SCi
2008-11-20 20:00 . 2008-11-20 20:00 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\Jasc
2008-11-20 19:39 . 2008-11-20 19:39 <REP> d-------- c:\program files\Jasc Software Inc
2008-11-20 19:36 . 2008-11-20 19:36 <REP> d-------- c:\program files\WMV9_VCM
2008-11-20 19:36 . 2008-11-20 19:36 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\MAGIX
2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\program files\Fichiers communs\MAGIX Shared
2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2008-11-20 19:31 . 2008-11-20 19:31 <REP> d-------- c:\windows\system32\MAGIX
2008-11-20 19:31 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
2008-11-20 19:31 . 2007-04-27 10:43 120,200 --a------ c:\windows\system32\DLLDEV32i.dll
2008-11-20 19:31 . 2008-11-20 19:31 7,023 --a------ c:\windows\mgxoschk.ini
2008-11-19 22:21 . 2008-11-19 22:21 <REP> d-------- c:\program files\PCMesh
2008-11-19 22:21 . 2008-11-19 22:21 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\PCMesh
2008-11-19 22:13 . 2008-11-19 22:13 <REP> d-------- c:\program files\NetConceal
2008-11-19 21:42 . 2008-11-19 21:42 <REP> d-------- c:\program files\Lavalys
2008-11-19 21:31 . 2008-11-19 21:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 18:47 . 2008-11-17 18:20 783 --a------ c:\windows\Gfact.ini
2008-11-16 18:47 . 2008-11-16 18:47 27 --a------ c:\windows\gdx.ini
2008-11-16 18:41 . 2000-07-08 15:06 87,040 --a------ c:\windows\UnGins.exe
2008-11-15 23:01 . 2008-11-15 23:01 <REP> d-------- c:\documents and settings\MUSTAPHA\.housecall6.6
2008-11-13 20:53 . 2008-11-16 00:28 4,194,378 --a------ c:\windows\pfirewall.log.old
2008-11-13 17:43 . 2008-11-13 17:43 <REP> d-------- c:\program files\MSXML 4.0
2008-11-13 17:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 17:40 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-08 17:19 . 2008-11-08 17:19 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\gtk-2.0
2008-11-08 17:18 . 2008-11-08 17:18 <REP> d-------- c:\documents and settings\MUSTAPHA\.thumbnails
2008-11-08 16:32 . 2008-11-08 16:32 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\mioObjects
2008-11-08 16:31 . 2008-11-08 16:31 <REP> d-------- c:\program files\Mioplanet
2008-11-08 16:31 . 2008-11-08 16:31 407,047 --a------ c:\windows\system32\mioengine.exe
2008-11-08 16:23 . 2008-11-08 16:23 <REP> d-------- c:\program files\PSPad editor
2008-11-08 16:23 . 2008-11-08 16:23 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\PSpad
2008-11-06 23:00 . 2008-11-06 23:00 <REP> d--h----- c:\windows\PIF
2008-11-06 17:07 . 2008-11-06 17:07 <REP> d-------- c:\program files\ArtMoney
2008-11-02 19:18 . 2008-11-02 19:18 268 --ah----- C:\sqmdata04.sqm
2008-11-02 19:18 . 2008-11-02 19:18 172 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 16:48 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-27 16:48 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-27 14:19 1,497,600 ------w c:\windows\Internet Logs\xDB9.tmp
2008-11-20 19:42 2,990,592 ------w c:\windows\Internet Logs\xDB1E8.tmp
2008-11-20 19:42 1,484,800 ------w c:\windows\Internet Logs\xDB1E9.tmp
2008-11-20 18:51 1,501,184 ------w c:\windows\Internet Logs\xDB8.tmp
2008-11-17 20:16 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-11-16 21:52 1,483,776 ------w c:\windows\Internet Logs\xDB7.tmp
2008-10-29 08:11 2,882,048 ------w c:\windows\Internet Logs\xDB6.tmp
2008-10-27 10:16 1,426,944 ------w c:\windows\Internet Logs\xDB5.tmp
2008-10-26 17:14 1,420,800 ------w c:\windows\Internet Logs\xDB4.tmp
2008-10-25 18:30 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\dvdcss
2008-10-25 18:07 983,040 ------w c:\windows\Internet Logs\xDB2.tmp
2008-10-25 18:07 1,419,776 ------w c:\windows\Internet Logs\xDB3.tmp
2008-10-25 15:41 --------- d-----w c:\program files\BitTorrent
2008-10-25 15:41 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\BitTorrent
2008-10-25 14:49 25,600 ------w c:\windows\Internet Logs\xDB1.tmp
2008-10-25 13:59 2,921,984 ------w c:\windows\Internet Logs\xDB9F.tmp
2008-10-25 13:59 1,419,776 ------w c:\windows\Internet Logs\xDBA0.tmp
2008-10-25 13:48 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Samsung
2008-10-25 13:33 --------- d-----w c:\program files\Samsung
2008-10-24 23:03 --------- d-----w c:\documents and settings\adelus\Application Data\vlc
2008-10-24 20:09 --------- d-----w c:\program files\Gimp-2.0
2008-10-24 20:07 --------- d-----w c:\program files\Unlocker
2008-10-24 20:07 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Desktopicon
2008-10-24 20:02 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\vlc
2008-10-24 20:00 --------- d-----w c:\program files\VideoLAN
2008-10-24 19:51 --------- d-----w c:\program files\Fichiers communs\Reallusion
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:53 --------- d-----w c:\program files\PhotoFiltre
2008-10-22 18:06 --------- d-----w c:\program files\Avira
2008-10-22 18:06 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-22 17:58 --------- d-----w c:\program files\Zone Labs
2008-10-22 17:55 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-22 17:32 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\XnView
2008-10-22 17:20 --------- d-----w c:\program files\Opera
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-20 16:43 --------- d-----w c:\program files\Lphant
2008-10-20 16:43 --------- d-----w c:\program files\Conduit
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 16:46 --------- d-----w c:\program files\UsbFix
2008-10-14 20:37 24,282,856 ------w c:\windows\Internet Logs\vsmon_on_demand_2008_10_14_21_33_03_full.dmp.zip
2008-10-14 18:40 --------- d-----w c:\program files\Counter-Strike Source
2008-10-14 18:40 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 18:10 --------- d-----w c:\program files\Valve Lan
2008-10-13 18:31 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-13 18:31 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-12 19:33 --------- d-----w c:\documents and settings\adelus\Application Data\MailFrontier
2008-10-12 16:10 --------- d-----w c:\program files\Alwil Software
2008-10-12 13:31 --------- d-----w c:\program files\Sunbelt Software
2008-10-12 13:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-12 11:37 --------- d-----w c:\program files\MSN Password Recovery
2008-10-11 22:19 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 22:09 --------- d-----w c:\program files\Yahoo!
2008-10-11 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 15:53 --------- d-----w c:\program files\OpenDNS Updater
2008-10-09 20:03 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 19:56 --------- d-----w c:\program files\Free Window Registry Repair
2008-10-09 18:41 --------- d-----w c:\program files\Microsoft Works
2008-10-09 18:37 --------- d-----w c:\program files\Microsoft.NET
2008-10-09 18:26 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-08 22:15 --------- d-----w c:\program files\MSN Messenger
2008-10-08 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-08 10:10 --------- d-----w c:\documents and settings\adelus\Application Data\HiYo
2008-10-07 06:46 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-07 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 17:36 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\HiYo
2008-10-04 18:49 --------- d-----w c:\program files\MessengerDiscovery
2008-10-03 18:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-02 21:30 --------- d-----w c:\program files\Wakfu
2008-10-01 14:47 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 20:35 --------- d-----w c:\documents and settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 14:08 --------- d-----w c:\program files\MSBuild
2008-09-28 14:07 --------- d-----w c:\program files\Reference Assemblies
2008-09-27 20:27 --------- d-----w c:\program files\WinPcap
2008-09-27 19:55 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-09-27 19:45 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2006-06-15 19:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-10-12 03:09 94,208 --sh--w c:\windows\system32\SalaatTime.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"ccleaner"="c:\documents and settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" [2008-09-24 1279216]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2183"="command" [X]
"SpybotDeletingD8657"="del" [X]
"SpybotDeletingB4528"="command" [X]
"SpybotDeletingD8289"="del" [X]
"SpybotDeletingB393"="command" [X]
"SpybotDeletingD7959"="del" [X]
"SpybotDeletingB4996"="command" [X]
"SpybotDeletingD9569"="del" [X]
"SpybotDeletingB4534"="command" [X]
"SpybotDeletingD570"="del" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"c:\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Lphant\\eLePhantClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-10-22 258305]
R2 AVEService;Service d'assistance Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-10-22 41217]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2006-08-18 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-13 38496]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-11-30 57024]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2007-01-25 42000]
S3 RTSTOR;USB Mass Stroage Device; []
S4 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-10-22 164097]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d92fee2-bb17-11dd-943c-001d60c57f04}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o
*Newly Created Service* - MBAMSWISSARMY
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-_BackupService - c:\program files\Astase\UltraBackup\4.9\bin\tbs.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 20:09:50
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1744)
c:\windows\system32\avsda.dll
.
Heure de fin: 2008-11-27 20:11:14
ComboFix-quarantined-files.txt 2008-11-27 19:11:10
Avant-CF: 52 493 484 032 octets libres
Après-CF: 52,604,010,496 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
284 --- E O F --- 2008-11-13 16:48:42
Voila je n'ai pas utilisez votre topic pour me depecher j'espere que sa ira :)
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1443 [GMT 1:00]
Lancé depuis: c:\documents and settings\MUSTAPHA\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\ktd32.atm
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
.
2008-11-27 14:47 . 2008-11-27 14:47 <REP> d--hs---- C:\FOUND.003
2008-11-26 18:53 . 2008-11-26 18:53 <REP> d--hs---- C:\FOUND.002
2008-11-25 18:38 . 2008-11-25 23:07 99 -r-hs---- c:\windows\smms.bat
2008-11-22 16:29 . 2008-11-22 16:29 0 --a------ c:\windows\optiflash.INI
2008-11-21 18:07 . 2008-11-21 18:07 <REP> d-------- c:\program files\SCi
2008-11-20 20:00 . 2008-11-20 20:00 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\Jasc
2008-11-20 19:39 . 2008-11-20 19:39 <REP> d-------- c:\program files\Jasc Software Inc
2008-11-20 19:36 . 2008-11-20 19:36 <REP> d-------- c:\program files\WMV9_VCM
2008-11-20 19:36 . 2008-11-20 19:36 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\MAGIX
2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\program files\Fichiers communs\MAGIX Shared
2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\documents and settings\All Users\Application Data\MAGIX
2008-11-20 19:31 . 2008-11-20 19:31 <REP> d-------- c:\windows\system32\MAGIX
2008-11-20 19:31 . 2008-04-15 16:14 700,416 --a------ c:\windows\system32\mgxoschk.dll
2008-11-20 19:31 . 2007-04-27 10:43 120,200 --a------ c:\windows\system32\DLLDEV32i.dll
2008-11-20 19:31 . 2008-11-20 19:31 7,023 --a------ c:\windows\mgxoschk.ini
2008-11-19 22:21 . 2008-11-19 22:21 <REP> d-------- c:\program files\PCMesh
2008-11-19 22:21 . 2008-11-19 22:21 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\PCMesh
2008-11-19 22:13 . 2008-11-19 22:13 <REP> d-------- c:\program files\NetConceal
2008-11-19 21:42 . 2008-11-19 21:42 <REP> d-------- c:\program files\Lavalys
2008-11-19 21:31 . 2008-11-19 21:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 18:47 . 2008-11-17 18:20 783 --a------ c:\windows\Gfact.ini
2008-11-16 18:47 . 2008-11-16 18:47 27 --a------ c:\windows\gdx.ini
2008-11-16 18:41 . 2000-07-08 15:06 87,040 --a------ c:\windows\UnGins.exe
2008-11-15 23:01 . 2008-11-15 23:01 <REP> d-------- c:\documents and settings\MUSTAPHA\.housecall6.6
2008-11-13 20:53 . 2008-11-16 00:28 4,194,378 --a------ c:\windows\pfirewall.log.old
2008-11-13 17:43 . 2008-11-13 17:43 <REP> d-------- c:\program files\MSXML 4.0
2008-11-13 17:41 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 17:40 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-08 17:19 . 2008-11-08 17:19 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\gtk-2.0
2008-11-08 17:18 . 2008-11-08 17:18 <REP> d-------- c:\documents and settings\MUSTAPHA\.thumbnails
2008-11-08 16:32 . 2008-11-08 16:32 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\mioObjects
2008-11-08 16:31 . 2008-11-08 16:31 <REP> d-------- c:\program files\Mioplanet
2008-11-08 16:31 . 2008-11-08 16:31 407,047 --a------ c:\windows\system32\mioengine.exe
2008-11-08 16:23 . 2008-11-08 16:23 <REP> d-------- c:\program files\PSPad editor
2008-11-08 16:23 . 2008-11-08 16:23 <REP> d-------- c:\documents and settings\MUSTAPHA\Application Data\PSpad
2008-11-06 23:00 . 2008-11-06 23:00 <REP> d--h----- c:\windows\PIF
2008-11-06 17:07 . 2008-11-06 17:07 <REP> d-------- c:\program files\ArtMoney
2008-11-02 19:18 . 2008-11-02 19:18 268 --ah----- C:\sqmdata04.sqm
2008-11-02 19:18 . 2008-11-02 19:18 172 --ah----- C:\sqmnoopt04.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 16:48 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-27 16:48 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-27 14:19 1,497,600 ------w c:\windows\Internet Logs\xDB9.tmp
2008-11-20 19:42 2,990,592 ------w c:\windows\Internet Logs\xDB1E8.tmp
2008-11-20 19:42 1,484,800 ------w c:\windows\Internet Logs\xDB1E9.tmp
2008-11-20 18:51 1,501,184 ------w c:\windows\Internet Logs\xDB8.tmp
2008-11-17 20:16 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-11-16 21:52 1,483,776 ------w c:\windows\Internet Logs\xDB7.tmp
2008-10-29 08:11 2,882,048 ------w c:\windows\Internet Logs\xDB6.tmp
2008-10-27 10:16 1,426,944 ------w c:\windows\Internet Logs\xDB5.tmp
2008-10-26 17:14 1,420,800 ------w c:\windows\Internet Logs\xDB4.tmp
2008-10-25 18:30 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\dvdcss
2008-10-25 18:07 983,040 ------w c:\windows\Internet Logs\xDB2.tmp
2008-10-25 18:07 1,419,776 ------w c:\windows\Internet Logs\xDB3.tmp
2008-10-25 15:41 --------- d-----w c:\program files\BitTorrent
2008-10-25 15:41 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\BitTorrent
2008-10-25 14:49 25,600 ------w c:\windows\Internet Logs\xDB1.tmp
2008-10-25 13:59 2,921,984 ------w c:\windows\Internet Logs\xDB9F.tmp
2008-10-25 13:59 1,419,776 ------w c:\windows\Internet Logs\xDBA0.tmp
2008-10-25 13:48 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Samsung
2008-10-25 13:33 --------- d-----w c:\program files\Samsung
2008-10-24 23:03 --------- d-----w c:\documents and settings\adelus\Application Data\vlc
2008-10-24 20:09 --------- d-----w c:\program files\Gimp-2.0
2008-10-24 20:07 --------- d-----w c:\program files\Unlocker
2008-10-24 20:07 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Desktopicon
2008-10-24 20:02 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\vlc
2008-10-24 20:00 --------- d-----w c:\program files\VideoLAN
2008-10-24 19:51 --------- d-----w c:\program files\Fichiers communs\Reallusion
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:53 --------- d-----w c:\program files\PhotoFiltre
2008-10-22 18:06 --------- d-----w c:\program files\Avira
2008-10-22 18:06 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-10-22 17:58 --------- d-----w c:\program files\Zone Labs
2008-10-22 17:55 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-22 17:32 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\XnView
2008-10-22 17:20 --------- d-----w c:\program files\Opera
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-20 16:43 --------- d-----w c:\program files\Lphant
2008-10-20 16:43 --------- d-----w c:\program files\Conduit
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:57 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 16:46 --------- d-----w c:\program files\UsbFix
2008-10-14 20:37 24,282,856 ------w c:\windows\Internet Logs\vsmon_on_demand_2008_10_14_21_33_03_full.dmp.zip
2008-10-14 18:40 --------- d-----w c:\program files\Counter-Strike Source
2008-10-14 18:40 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 18:10 --------- d-----w c:\program files\Valve Lan
2008-10-13 18:31 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-13 18:31 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-12 19:33 --------- d-----w c:\documents and settings\adelus\Application Data\MailFrontier
2008-10-12 16:10 --------- d-----w c:\program files\Alwil Software
2008-10-12 13:31 --------- d-----w c:\program files\Sunbelt Software
2008-10-12 13:22 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-12 11:37 --------- d-----w c:\program files\MSN Password Recovery
2008-10-11 22:19 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 22:09 --------- d-----w c:\program files\Yahoo!
2008-10-11 09:03 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 15:53 --------- d-----w c:\program files\OpenDNS Updater
2008-10-09 20:03 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 19:56 --------- d-----w c:\program files\Free Window Registry Repair
2008-10-09 18:41 --------- d-----w c:\program files\Microsoft Works
2008-10-09 18:37 --------- d-----w c:\program files\Microsoft.NET
2008-10-09 18:26 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-08 22:15 --------- d-----w c:\program files\MSN Messenger
2008-10-08 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-08 10:10 --------- d-----w c:\documents and settings\adelus\Application Data\HiYo
2008-10-07 06:46 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-07 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 17:36 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\HiYo
2008-10-04 18:49 --------- d-----w c:\program files\MessengerDiscovery
2008-10-03 18:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-02 21:30 --------- d-----w c:\program files\Wakfu
2008-10-01 14:47 --------- d-----w c:\documents and settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 20:35 --------- d-----w c:\documents and settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 14:08 --------- d-----w c:\program files\MSBuild
2008-09-28 14:07 --------- d-----w c:\program files\Reference Assemblies
2008-09-27 20:27 --------- d-----w c:\program files\WinPcap
2008-09-27 19:55 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-09-27 19:45 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2006-06-15 19:33 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2006-10-12 03:09 94,208 --sh--w c:\windows\system32\SalaatTime.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-12 342336]
"ccleaner"="c:\documents and settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" [2008-09-24 1279216]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2183"="command" [X]
"SpybotDeletingD8657"="del" [X]
"SpybotDeletingB4528"="command" [X]
"SpybotDeletingD8289"="del" [X]
"SpybotDeletingB393"="command" [X]
"SpybotDeletingD7959"="del" [X]
"SpybotDeletingB4996"="command" [X]
"SpybotDeletingD9569"="del" [X]
"SpybotDeletingB4534"="command" [X]
"SpybotDeletingD570"="del" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"c:\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Lphant\\eLePhantClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"c:\program files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2008-10-22 258305]
R2 AVEService;Service d'assistance Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avesvc.exe" [2008-10-22 41217]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2006-08-18 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-13 38496]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-11-30 57024]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\NPF.sys [2007-01-25 42000]
S3 RTSTOR;USB Mass Stroage Device; []
S4 AntiVirMailService;Avira Premium Security Suite MailGuard;"c:\program files\Avira\Avira Premium Security Suite\avmailc.exe" [2008-10-22 164097]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d92fee2-bb17-11dd-943c-001d60c57f04}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o
*Newly Created Service* - MBAMSWISSARMY
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-_BackupService - c:\program files\Astase\UltraBackup\4.9\bin\tbs.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 20:09:50
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1688)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1744)
c:\windows\system32\avsda.dll
.
Heure de fin: 2008-11-27 20:11:14
ComboFix-quarantined-files.txt 2008-11-27 19:11:10
Avant-CF: 52 493 484 032 octets libres
Après-CF: 52,604,010,496 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
284 --- E O F --- 2008-11-13 16:48:42
Voila je n'ai pas utilisez votre topic pour me depecher j'espere que sa ira :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:46, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Scan saved at 20:30:46, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Planificateur Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service d'assistance Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
si tu connais la premiere ligne tu laisse sinon tu vire les deux
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
le rapport est clean!
___________
vire combofix
_____________
encore des soucis? fais un scan avec antivir pour verifier
si tu connais la premiere ligne tu laisse sinon tu vire les deux
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
le rapport est clean!
___________
vire combofix
_____________
encore des soucis? fais un scan avec antivir pour verifier
Y a t'il un moyen de savoir si ma carte son et video on un default?
y a t'il un moyen d'essuyez le ventilo? car il y a de la poussiere et sa pourrai ralentir mon ordinateur? si oui, combien coute t'il?
y a t'il un moyen d'essuyez le ventilo? car il y a de la poussiere et sa pourrai ralentir mon ordinateur? si oui, combien coute t'il?
pour le ventilo si c'est un fixe tu ouvre et tu vire la poussiere en utilisant eventuellement un aérosol à air comprimé ,
si c'est un portable tu achète un aérosol a air (qui envoie de l'air) après avoir eteinds l'ordi depuis un petit moment et par la suite attendre un quart d'heure avant de le rallumer
____________________
pour voir la carte son : utilise
GPUZ https://tt-hardware.com/?option=com_content&view=article&id=11705
ou sisoft sandra
https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/308.html
ou
EVERSET home edition:
https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/30728.html
si c'est un portable tu achète un aérosol a air (qui envoie de l'air) après avoir eteinds l'ordi depuis un petit moment et par la suite attendre un quart d'heure avant de le rallumer
____________________
pour voir la carte son : utilise
GPUZ https://tt-hardware.com/?option=com_content&view=article&id=11705
ou sisoft sandra
https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/308.html
ou
EVERSET home edition:
https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/30728.html
moins de 10 euros:
pour voir:
http://www.leguide.net/go/search/idx/2081000/mot/Bombe_air_comprime/t/1/go.htm
mais meme si c'est de l'air il faut avoir eteind l'ordi un moment et attendre avant de le rallumer!!!!
pour voir:
http://www.leguide.net/go/search/idx/2081000/mot/Bombe_air_comprime/t/1/go.htm
mais meme si c'est de l'air il faut avoir eteind l'ordi un moment et attendre avant de le rallumer!!!!
juste pour verifier:
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
