Probleme pop-up pantomi.com
vincenty2x2
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
j'ai un problème de pop-up qui ne cesse de s'afficher lorsque je change de page internet explorer.Lorsque j'utilise Mozilla,c'est antivirus 360,donc je ne l'utilise pas.Pouvez-vous m'aider?j'ai la barre de bloquage pop up google.Si vous voulez un rapport HiJackthis,c'est en mode sans échec?
j'ai un problème de pop-up qui ne cesse de s'afficher lorsque je change de page internet explorer.Lorsque j'utilise Mozilla,c'est antivirus 360,donc je ne l'utilise pas.Pouvez-vous m'aider?j'ai la barre de bloquage pop up google.Si vous voulez un rapport HiJackthis,c'est en mode sans échec?
A voir également:
- Probleme pop-up pantomi.com
- Pop up mcafee - Accueil - Piratage
- Pop corn time - Télécharger - TV & Vidéo
- Serveur pop - Guide
- Augmenter débit freebox pop fibre ✓ - Forum Freebox
- Mode securise free pop - Forum Freebox
7 réponses
Salut,
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:32, on 2008-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46FE1EE1-4FD9-4C21-BE84-9FC014EA9CD4} - C:\WINDOWS.0\system32\iifdcYrr.dll (file missing)
O2 - BHO: (no name) - {830e6c68-dbf4-409a-aedd-a3def514c407} - C:\WINDOWS.0\system32\kabahigo.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SalesMonitor] "C:\Program Files\Fichiers communs\Antimalwareguard\smamg.exe" dm=http://antimalwareguard.com;http/... ad=http://antimalwareguard.com;http/... sd=http://instlog.antimalwareguard.com/
O4 - HKLM\..\Run: [Redemption] "\redemption.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StandardInstall] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\Rioux Vincent\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zihoduyeye] Rundll32.exe "C:\WINDOWS.0\system32\dijukigo.dll",s
O4 - HKLM\..\Run: [CPM83cdeddb] Rundll32.exe "c:\windows.0\system32\zavidegu.dll",a
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [zihoduyeye] Rundll32.exe "C:\WINDOWS.0\system32\dijukigo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: fswial.dll C:\WINDOWS.0\system32\kadidika.dll c:\windows.0\system32\zavidegu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows.0\system32\zavidegu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows.0\system32\zavidegu.dll
O23 - Service: Abyss Web Server (AbyssWebServer) - Unknown owner - G:\WampServer\wamp\www\Abyss Web Server\abyssws.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: MySQL41 - Unknown owner - G:\TEST.exe (file missing)
O23 - Service: MySQL5 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: MySQL501 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: MySQL51 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\Super_DVD_Creator_9.8\NMSAccessU.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PD91Agent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe (file missing)
O23 - Service: PD91Engine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
O23 - Service: wampmysqld - Unknown owner - G:\WampServer\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
Scan saved at 21:43:32, on 2008-12-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46FE1EE1-4FD9-4C21-BE84-9FC014EA9CD4} - C:\WINDOWS.0\system32\iifdcYrr.dll (file missing)
O2 - BHO: (no name) - {830e6c68-dbf4-409a-aedd-a3def514c407} - C:\WINDOWS.0\system32\kabahigo.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SalesMonitor] "C:\Program Files\Fichiers communs\Antimalwareguard\smamg.exe" dm=http://antimalwareguard.com;http/... ad=http://antimalwareguard.com;http/... sd=http://instlog.antimalwareguard.com/
O4 - HKLM\..\Run: [Redemption] "\redemption.exe" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StandardInstall] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\Rioux Vincent\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zihoduyeye] Rundll32.exe "C:\WINDOWS.0\system32\dijukigo.dll",s
O4 - HKLM\..\Run: [CPM83cdeddb] Rundll32.exe "c:\windows.0\system32\zavidegu.dll",a
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [zihoduyeye] Rundll32.exe "C:\WINDOWS.0\system32\dijukigo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: fswial.dll C:\WINDOWS.0\system32\kadidika.dll c:\windows.0\system32\zavidegu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows.0\system32\zavidegu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows.0\system32\zavidegu.dll
O23 - Service: Abyss Web Server (AbyssWebServer) - Unknown owner - G:\WampServer\wamp\www\Abyss Web Server\abyssws.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: MySQL41 - Unknown owner - G:\TEST.exe (file missing)
O23 - Service: MySQL5 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: MySQL501 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: MySQL51 - Unknown owner - G:\bin\mysqld-nt (file missing)
O23 - Service: NMSAccessU - Unknown owner - F:\Super_DVD_Creator_9.8\NMSAccessU.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: PD91Agent - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe (file missing)
O23 - Service: PD91Engine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
O23 - Service: wampmysqld - Unknown owner - G:\WampServer\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
Infection Vundo.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Je te conseille vivement d'installer la Console de récupération.
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Bonjour,
qu,est-ce que la console de récupération(je suis nul en informatique)
et...je vais a l'école,donc je vais etre absent pendant un moment(et je vais dormir,j'habite au Québec)
qu,est-ce que la console de récupération(je suis nul en informatique)
et...je vais a l'école,donc je vais etre absent pendant un moment(et je vais dormir,j'habite au Québec)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-12-12.02 - Rioux Vincent 2008-12-12 18:12:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1535.1057 [GMT -5:00]
Lancé depuis: c:\documents and settings\Rioux Vincent\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows.0\system32\kadidika.dll
c:\windows.0\system32\zipavagi.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Chantal\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Rioux Vincent\Application Data\IUpd721
c:\documents and settings\Rioux Vincent\Application Data\IUpd721\Logs\scns.log
C:\install.exe
c:\program files\INSTALL.LOG
c:\program files\SoftwareOnline
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows.0\system32\404Fix.exe
c:\windows.0\system32\dijukigo.dll
c:\windows.0\system32\dumphive.exe
c:\windows.0\system32\feyimupa.dll
c:\windows.0\system32\gigivada.dll
c:\windows.0\system32\gokisoso.dll
c:\windows.0\system32\hhypquke.ini
c:\windows.0\system32\IEDFix.C.exe
c:\windows.0\system32\IEDFix.exe
c:\windows.0\system32\kadidika.dll.vir
c:\windows.0\system32\katowola.dll
c:\windows.0\system32\konazuki.dll
c:\windows.0\system32\lame_enc.dll
c:\windows.0\system32\o4Patch.exe
c:\windows.0\system32\qyiibija.ini
c:\windows.0\system32\SrchSTS.exe
c:\windows.0\system32\tmp.reg
c:\windows.0\system32\VACFix.exe
c:\windows.0\system32\VCCLSID.exe
c:\windows.0\system32\virojawo.dll
c:\windows.0\system32\WS2Fix.exe
c:\windows.0\system32\zavidegu.dll
c:\windows.0\system32\zegofuho.dll
c:\windows.0\system32\zipavagi.dll.vir
----- BITS: Il y a peut-être des sites infectés -----
hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.
2008-12-04 02:21 . 2008-12-04 02:21 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Malwarebytes
2008-12-03 19:36 . 2008-12-03 19:36 244 --ah-c--- C:\sqmnoopt05.sqm
2008-12-03 19:36 . 2008-12-03 19:36 232 --ah-c--- C:\sqmdata05.sqm
2008-12-03 17:57 . 2008-12-03 17:57 244 --ah-c--- C:\sqmnoopt04.sqm
2008-12-03 17:57 . 2008-12-03 17:57 244 --ah-c--- C:\sqmnoopt03.sqm
2008-12-03 17:57 . 2008-12-03 17:57 232 --ah-c--- C:\sqmdata04.sqm
2008-12-03 17:57 . 2008-12-03 17:57 232 --ah-c--- C:\sqmdata03.sqm
2008-12-03 17:56 . 2008-12-03 17:56 244 --ah-c--- C:\sqmnoopt02.sqm
2008-12-03 17:56 . 2008-12-03 17:56 232 --ah-c--- C:\sqmdata02.sqm
2008-12-03 17:04 . 2008-12-03 17:04 244 --ah-c--- C:\sqmnoopt01.sqm
2008-12-03 17:04 . 2008-12-03 17:04 232 --ah-c--- C:\sqmdata01.sqm
2008-12-01 01:44 . 2008-12-01 01:44 <REP> d----c--- c:\windows.0\Ruff Rose Client
2008-11-30 18:14 . 2008-11-30 21:16 <REP> d-------- c:\documents and settings\Rioux Vincent\.netbeans-derby
2008-11-28 17:22 . 2008-11-28 17:23 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\MozillaControl
2008-11-28 01:03 . 2008-11-28 01:03 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\nView_Profiles
2008-11-28 00:44 . 2008-11-28 00:44 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Subversion
2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\documents and settings\Rioux Vincent\.netbeans-registration
2008-11-20 19:32 . 2008-11-20 19:35 <REP> d-------- c:\documents and settings\Rioux Vincent\.netbeans
2008-11-20 18:48 . 2008-11-20 19:23 <REP> d-------- c:\program files\NetBeans 6.5
2008-11-20 18:31 . 2008-11-28 16:53 <REP> d-------- c:\documents and settings\Rioux Vincent\.nbi
2008-11-19 18:24 . 2008-11-19 18:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 18:24 . 2008-10-22 16:10 38,496 --a--c--- c:\windows.0\system32\drivers\mbamswissarmy.sys
2008-11-19 18:24 . 2008-10-22 16:10 15,504 --a--c--- c:\windows.0\system32\drivers\mbam.sys
2008-11-19 17:33 . 2008-11-19 17:33 <REP> d-------- c:\program files\Windows Defender
2008-11-19 14:25 . 2008-11-28 17:18 <REP> d----c--- C:\ProgramData
2008-11-19 14:25 . 2008-11-28 15:30 <REP> d-------- c:\program files\Angle Interactive
2008-11-18 18:17 . 2008-11-18 18:17 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\AntiMalwareGuard
2008-11-18 00:25 . 2008-11-18 00:25 <REP> d-------- c:\program files\Fichiers communs\Antimalwareguard
2008-11-18 00:25 . 2008-11-18 00:25 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\AntiMalwareGuard
2008-11-17 22:20 . 2008-11-17 22:20 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Raxco
2008-11-17 21:54 . 2008-11-17 21:57 <REP> d----c--- C:\eden.ex
2008-11-17 20:35 . 2008-11-17 20:35 <REP> d----c--- C:\fsaua.data
2008-11-17 20:27 . 2008-11-28 17:14 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\ma-config.com
2008-11-17 19:36 . 2008-11-17 19:37 <REP> d-------- c:\program files\Personal Vault
2008-11-17 19:31 . 2008-11-17 19:31 <REP> d-------- c:\program files\Fichiers communs\Authentium
2008-11-17 19:28 . 2008-12-03 22:43 <REP> d-------- c:\program files\Fichiers communs\Scanner
2008-11-17 18:53 . 2007-08-21 07:00 1,536 --a--c--- c:\windows.0\system32\Delete_Me_Dummy_karna.dat
2008-11-17 18:51 . 2008-11-17 18:51 9,662 --a--c--- c:\windows.0\system32\blackip.ico
2008-11-17 18:33 . 2008-11-17 18:33 153,488 --a--c--- c:\windows.0\system32\g16.exe
2008-11-17 17:51 . 2008-12-03 22:43 <REP> d--hsc--- c:\windows.0\U2Vhbml4IFZhbHVlZCBDdXN0b21lcg
2008-11-17 17:33 . 2008-12-12 18:12 <REP> d----c--- C:\Temp
2008-11-17 17:33 . 2008-11-17 17:33 79,094 --a--c--- c:\windows.0\system32\mrrwpjsryr.exe
2008-11-17 17:32 . 2008-11-19 21:56 <REP> d----c--- c:\windows.0\system32\nas
2008-11-17 17:32 . 2008-11-17 17:33 <REP> d----c--- c:\windows.0\system32\mex
2008-11-17 17:32 . 2008-11-17 21:51 <REP> d----c--- c:\windows.0\system32\ITX
2008-11-17 17:32 . 2008-11-17 17:32 <REP> d----c--- c:\windows.0\system32\dcs2
2008-11-16 13:54 . 2008-11-28 15:42 <REP> d-------- c:\program files\a-squared Free
2008-11-16 13:43 . 2008-11-17 22:16 53,192 --a--c--- c:\windows.0\system32\drivers\rp_skt32.sys
2008-11-16 13:43 . 2007-04-19 11:36 48,384 --a--c--- c:\windows.0\system32\drivers\rp_pkt32.sys
2008-11-16 13:42 . 2008-11-17 22:20 <REP> d-------- c:\program files\Raxco
2008-11-16 13:30 . 2008-11-16 13:30 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\Malwarebytes
2008-11-16 13:30 . 2008-11-16 13:30 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-11-14 15:20 . 2008-11-14 15:20 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\Search Settings
2008-11-14 02:11 . 2008-11-14 02:11 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Search Settings
2008-11-14 02:11 . 2008-11-14 02:11 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Dealio
2008-11-13 22:56 . 2008-11-13 22:56 <REP> d-------- c:\documents and settings\Grenier Chantal\Application Data\Search Settings
2008-11-13 22:55 . 2008-11-13 22:55 <REP> d-------- c:\documents and settings\Grenier Chantal\Application Data\Dealio
2008-11-13 22:23 . 2008-11-13 22:23 <REP> d-------- c:\program files\Search Settings
2008-11-13 22:23 . 2006-11-18 11:38 200,704 --a--c--- c:\windows.0\system32\vbalExpBar6.ocx
2008-11-13 22:23 . 1998-07-13 17:53 44,544 --a--c--- c:\windows.0\system32\GIF89.DLL
2008-11-12 19:56 . 2004-03-09 01:00 1,081,616 --a--c--- c:\windows.0\system32\MSCOMCTL.OCX
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 19:09 --------- d-----w c:\documents and settings\Rioux Mathieu\Application Data\MEGAUPLOADTOOLBAR
2008-12-12 18:13 --------- d-----w c:\documents and settings\Grenier Chantal\Application Data\MEGAUPLOADTOOLBAR
2008-12-11 05:18 --------- d-----w c:\program files\Ruff-Rose
2008-12-11 00:02 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\MySQL
2008-12-10 23:00 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Hamachi
2008-12-04 22:26 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-04 03:20 --------- d-----w c:\program files\AbiSuite2
2008-11-30 20:05 --------- d---a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2008-11-29 21:04 --------- d-----w c:\program files\AruaROSE
2008-11-29 04:23 --------- d-----w c:\program files\'Full Speed' Internet Booster + Performance Tests
2008-11-28 22:14 --------- d-----w c:\program files\Notepad++
2008-11-28 22:14 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Notepad++
2008-11-28 22:12 --------- d-----w c:\program files\InstallShield Installation Information
2008-11-27 22:22 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-21 06:26 --------- d-----w c:\program files\Tales Of Pirates Online
2008-11-19 18:18 --------- d-----w c:\documents and settings\Grenier Chantal\Application Data\Bell
2008-11-18 07:02 --------- d-----w c:\documents and settings\Rioux Mathieu\Application Data\Bell
2008-11-18 03:14 --------- d-----w c:\program files\CA
2008-11-18 02:53 2,002 -c--a-w c:\windows.0\system32\ealregsnapshot1.reg
2008-11-18 00:37 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Bell
2008-11-18 00:27 --------- d-----w c:\program files\Bell
2008-11-17 23:39 --------- d-----w c:\program files\Google
2008-11-17 23:11 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\MegauploadToolbar
2008-11-16 18:39 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Bell
2008-11-09 01:38 --------- d-----w c:\program files\Zylom Games
2008-11-09 00:36 --------- d-----w c:\documents and settings\Grenier Chantal\Application Data\Zylom
2008-11-09 00:36 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\GameHouse
2008-11-03 22:23 --------- d-----w c:\program files\HHD Software
2008-11-02 16:07 --------- d-----w c:\program files\Taksi
2008-11-02 15:58 --------- d-----w c:\program files\Game Cam
2008-11-02 15:56 --------- d-----w c:\program files\Game Cam V2
2008-11-02 15:44 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\DivX
2008-10-31 17:11 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Subversion
2008-10-31 00:28 5,916,303 -c--a-w C:\GameCam_V22_2_Setup.exe
2008-10-29 22:20 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\TeamViewer
2008-10-29 22:05 --------- d-----w c:\program files\TeamViewer3
2008-10-24 11:10 453,632 -c--a-w c:\windows.0\system32\drivers\mrxsmb.sys
2008-10-21 17:52 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\PIXELA
2008-10-21 01:29 4,769 -c--a-w C:\Auto Java File.zip
2008-10-20 21:01 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 18:01 --------- d-----w c:\program files\PIXELA
2008-10-20 00:11 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\FLEXnet
2008-10-19 23:46 --------- d-----w c:\program files\Sun
2008-10-19 23:44 --------- d-----w c:\program files\Java
2008-10-19 23:38 76,502,424 -c--a-w C:\jdk-6u10-windows-i586-p.exe
2008-10-18 02:00 --------- d-----w c:\program files\HashCalc
2008-10-03 00:33 11,691,552 -c--a-w C:\megamanager.exe
2008-10-01 23:27 410,976 -c--a-w c:\windows.0\system32\deploytk.dll
2008-09-30 21:43 1,286,152 -c--a-w c:\windows.0\system32\msxml4.dll
2008-09-15 15:39 1,846,144 -c--a-w c:\windows.0\system32\win32k.sys
2008-05-07 21:57 136 ----a-w c:\documents and settings\Vincent\hello.bat
2007-09-20 05:30 522 ----a-w c:\documents and settings\Rioux Vincent\Application Data\wklnhst.dat
2005-12-14 02:25 32 -c--a-r c:\documents and settings\All Users\hash.dat
2005-12-02 15:49 9,543 -c--a-w c:\program files\camp01.tmp
2005-12-02 15:49 26,267 -c--a-w c:\program files\camp00.tmp
2005-12-02 15:49 24,834 -c--a-w c:\program files\camp02.tmp
2005-11-06 17:25 774,144 -c--a-w c:\program files\RngInterstitial.dll
2002-06-04 15:06 65,536 -c----w c:\windows.0\inf\copyinf.exe
1999-02-22 00:33 462,848 -c--a-w c:\documents and settings\Vincent\HEROTRN.EXE
1999-02-18 18:35 2,064,384 -c--a-w c:\documents and settings\Vincent\HEROES3.EXE
1999-02-16 17:07 1,462,272 -c--a-w c:\documents and settings\Vincent\h3maped.exe
1999-02-11 23:33 109,568 -c--a-w c:\documents and settings\Vincent\GAMEUP.EXE
1998-04-01 19:37 273,408 -c--a-w c:\documents and settings\Vincent\mplaynow.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2006-09-18 86016]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2006-09-18 7630848]
"Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-05-28 1468928]
"-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"StandardInstall"="SOUNDMAN.EXE" [2004-07-27 c:\windows.0\SOUNDMAN.EXE]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows.0\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2004-08-05 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Assistant Internet.lnk]
backup=c:\windows.0\pss\Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^ImageMixer 3 SE Camera Monitor for SD.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\ImageMixer 3 SE Camera Monitor for SD.lnk
backup=c:\windows.0\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Lancer l'utilitaire d'enregistrement.lnk]
backup=c:\windows.0\pss\Lancer l'utilitaire d'enregistrement.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Rioux Vincent^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\Rioux Vincent\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows.0\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Rioux Vincent^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\Rioux Vincent\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows.0\pss\DW_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Rioux Vincent^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
path=c:\documents and settings\Rioux Vincent\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
backup=c:\windows.0\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 07:00 15360 c:\windows.0\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-01-05 02:27 176128 c:\windows.0\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-01 18:27 140696 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2006-09-18 15:25 1519616 c:\windows.0\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Softnyx\\RakionIS\\Bin\\rakion.bin"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS.0\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Nexon\\Mabinogi\\npkcmsvc.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlwriter.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S2 MySQL4;MySQL4;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL4 []
S2 MySQL41;MySQL41;"g:\test odinms pour aide\Mysql\bin\mysqld-nt" --defaults-file="g:\test odinms pour aide\Mysql\my.ini" MySQL41 []
S2 MySQL5;MySQL5;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL5 []
S2 MySQL501;MySQL501;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL501 []
S2 MySQL51;MySQL51;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL51 []
S2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk\PD91Agent.exe" []
S3 AbyssWebServer;Abyss Web Server;g:\wampserver\wamp\www\Abyss Web Server\abyssws.exe --service []
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk\PD91Engine.exe" []
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;"c:\program files\Bell\Gestionnaire de securite\RpsSecurityAware.exe" [2008-03-10 67824]
S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;"c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows.0\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);"c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-07-10 369688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835b9096-2eba-11dd-a7ae-000b23d13b47}]
\Shell\AutoRun\command - E:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835b9097-2eba-11dd-a7ae-000b23d13b47}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-12 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{46FE1EE1-4FD9-4C21-BE84-9FC014EA9CD4} - c:\windows.0\system32\iifdcYrr.dll
BHO-{830e6c68-dbf4-409a-aedd-a3def514c407} - c:\windows.0\system32\kabahigo.dll
HKLM-Run-SalesMonitor - c:\program files\Fichiers communs\Antimalwareguard\smamg.exe dm=http://antimalwareguard.com;http/... ad=http://antimalwareguard.com;http/...
HKLM-Run-Redemption - \redemption.exe
HKLM-Run-IUpd721 - c:\documents and settings\Rioux Vincent\Application Data\NI.GSCNS\IUpd721.exe
HKLM-Run-CPM83cdeddb - c:\windows.0\system32\zipavagi.dll
MSConfigStartUp-c0 - c:\aidualc3\c0.exe
MSConfigStartUp-Redemption - \redemption.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
O16 -: Microsoft XML Parser for Java - file://c:\windows.0\Java\classes\xmldso.cab
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
c:\windows.0\Downloaded Program Files\hardwaredetection.inf
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Rioux Vincent\Application Data\Mozilla\Firefox\Profiles\kvj3vyt0.default\
FF - plugin: c:\documents and settings\All Users.WINDOWS.0\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 18:19:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL4]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL4"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL41]
"ImagePath"="\"g:\test odinms pour aide\Mysql\bin\mysqld-nt\" --defaults-file=\"g:\test odinms pour aide\Mysql\my.ini\" MySQL41"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL5]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL501]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL501"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL51]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL51"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Bell\Gestionnaire de securite\Fws.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
c:\windows.0\system32\rundll32.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows.0\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows.0\system32\wdfmgr.exe
c:\program files\Bell\Gestionnaire de securite\rpsupdaterR.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows.0\system32\wscntfy.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-12 18:26:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-12 23:26:06
Avant-CF: 14 752 894 976 octets libres
Après-CF: 14,960,168,960 octets libres
369 --- E O F --- 2008-11-13 08:31:43
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1535.1057 [GMT -5:00]
Lancé depuis: c:\documents and settings\Rioux Vincent\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows.0\system32\kadidika.dll
c:\windows.0\system32\zipavagi.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Chantal\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Rioux Vincent\Application Data\IUpd721
c:\documents and settings\Rioux Vincent\Application Data\IUpd721\Logs\scns.log
C:\install.exe
c:\program files\INSTALL.LOG
c:\program files\SoftwareOnline
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows.0\system32\404Fix.exe
c:\windows.0\system32\dijukigo.dll
c:\windows.0\system32\dumphive.exe
c:\windows.0\system32\feyimupa.dll
c:\windows.0\system32\gigivada.dll
c:\windows.0\system32\gokisoso.dll
c:\windows.0\system32\hhypquke.ini
c:\windows.0\system32\IEDFix.C.exe
c:\windows.0\system32\IEDFix.exe
c:\windows.0\system32\kadidika.dll.vir
c:\windows.0\system32\katowola.dll
c:\windows.0\system32\konazuki.dll
c:\windows.0\system32\lame_enc.dll
c:\windows.0\system32\o4Patch.exe
c:\windows.0\system32\qyiibija.ini
c:\windows.0\system32\SrchSTS.exe
c:\windows.0\system32\tmp.reg
c:\windows.0\system32\VACFix.exe
c:\windows.0\system32\VCCLSID.exe
c:\windows.0\system32\virojawo.dll
c:\windows.0\system32\WS2Fix.exe
c:\windows.0\system32\zavidegu.dll
c:\windows.0\system32\zegofuho.dll
c:\windows.0\system32\zipavagi.dll.vir
----- BITS: Il y a peut-être des sites infectés -----
hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.
2008-12-04 02:21 . 2008-12-04 02:21 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Malwarebytes
2008-12-03 19:36 . 2008-12-03 19:36 244 --ah-c--- C:\sqmnoopt05.sqm
2008-12-03 19:36 . 2008-12-03 19:36 232 --ah-c--- C:\sqmdata05.sqm
2008-12-03 17:57 . 2008-12-03 17:57 244 --ah-c--- C:\sqmnoopt04.sqm
2008-12-03 17:57 . 2008-12-03 17:57 244 --ah-c--- C:\sqmnoopt03.sqm
2008-12-03 17:57 . 2008-12-03 17:57 232 --ah-c--- C:\sqmdata04.sqm
2008-12-03 17:57 . 2008-12-03 17:57 232 --ah-c--- C:\sqmdata03.sqm
2008-12-03 17:56 . 2008-12-03 17:56 244 --ah-c--- C:\sqmnoopt02.sqm
2008-12-03 17:56 . 2008-12-03 17:56 232 --ah-c--- C:\sqmdata02.sqm
2008-12-03 17:04 . 2008-12-03 17:04 244 --ah-c--- C:\sqmnoopt01.sqm
2008-12-03 17:04 . 2008-12-03 17:04 232 --ah-c--- C:\sqmdata01.sqm
2008-12-01 01:44 . 2008-12-01 01:44 <REP> d----c--- c:\windows.0\Ruff Rose Client
2008-11-30 18:14 . 2008-11-30 21:16 <REP> d-------- c:\documents and settings\Rioux Vincent\.netbeans-derby
2008-11-28 17:22 . 2008-11-28 17:23 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\MozillaControl
2008-11-28 01:03 . 2008-11-28 01:03 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\nView_Profiles
2008-11-28 00:44 . 2008-11-28 00:44 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Subversion
2008-11-20 19:35 . 2008-11-20 19:35 <REP> d-------- c:\documents and settings\Rioux Vincent\.netbeans-registration
2008-11-20 19:32 . 2008-11-20 19:35 <REP> d-------- c:\documents and settings\Rioux Vincent\.netbeans
2008-11-20 18:48 . 2008-11-20 19:23 <REP> d-------- c:\program files\NetBeans 6.5
2008-11-20 18:31 . 2008-11-28 16:53 <REP> d-------- c:\documents and settings\Rioux Vincent\.nbi
2008-11-19 18:24 . 2008-11-19 18:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 18:24 . 2008-10-22 16:10 38,496 --a--c--- c:\windows.0\system32\drivers\mbamswissarmy.sys
2008-11-19 18:24 . 2008-10-22 16:10 15,504 --a--c--- c:\windows.0\system32\drivers\mbam.sys
2008-11-19 17:33 . 2008-11-19 17:33 <REP> d-------- c:\program files\Windows Defender
2008-11-19 14:25 . 2008-11-28 17:18 <REP> d----c--- C:\ProgramData
2008-11-19 14:25 . 2008-11-28 15:30 <REP> d-------- c:\program files\Angle Interactive
2008-11-18 18:17 . 2008-11-18 18:17 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\AntiMalwareGuard
2008-11-18 00:25 . 2008-11-18 00:25 <REP> d-------- c:\program files\Fichiers communs\Antimalwareguard
2008-11-18 00:25 . 2008-11-18 00:25 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\AntiMalwareGuard
2008-11-17 22:20 . 2008-11-17 22:20 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Raxco
2008-11-17 21:54 . 2008-11-17 21:57 <REP> d----c--- C:\eden.ex
2008-11-17 20:35 . 2008-11-17 20:35 <REP> d----c--- C:\fsaua.data
2008-11-17 20:27 . 2008-11-28 17:14 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\ma-config.com
2008-11-17 19:36 . 2008-11-17 19:37 <REP> d-------- c:\program files\Personal Vault
2008-11-17 19:31 . 2008-11-17 19:31 <REP> d-------- c:\program files\Fichiers communs\Authentium
2008-11-17 19:28 . 2008-12-03 22:43 <REP> d-------- c:\program files\Fichiers communs\Scanner
2008-11-17 18:53 . 2007-08-21 07:00 1,536 --a--c--- c:\windows.0\system32\Delete_Me_Dummy_karna.dat
2008-11-17 18:51 . 2008-11-17 18:51 9,662 --a--c--- c:\windows.0\system32\blackip.ico
2008-11-17 18:33 . 2008-11-17 18:33 153,488 --a--c--- c:\windows.0\system32\g16.exe
2008-11-17 17:51 . 2008-12-03 22:43 <REP> d--hsc--- c:\windows.0\U2Vhbml4IFZhbHVlZCBDdXN0b21lcg
2008-11-17 17:33 . 2008-12-12 18:12 <REP> d----c--- C:\Temp
2008-11-17 17:33 . 2008-11-17 17:33 79,094 --a--c--- c:\windows.0\system32\mrrwpjsryr.exe
2008-11-17 17:32 . 2008-11-19 21:56 <REP> d----c--- c:\windows.0\system32\nas
2008-11-17 17:32 . 2008-11-17 17:33 <REP> d----c--- c:\windows.0\system32\mex
2008-11-17 17:32 . 2008-11-17 21:51 <REP> d----c--- c:\windows.0\system32\ITX
2008-11-17 17:32 . 2008-11-17 17:32 <REP> d----c--- c:\windows.0\system32\dcs2
2008-11-16 13:54 . 2008-11-28 15:42 <REP> d-------- c:\program files\a-squared Free
2008-11-16 13:43 . 2008-11-17 22:16 53,192 --a--c--- c:\windows.0\system32\drivers\rp_skt32.sys
2008-11-16 13:43 . 2007-04-19 11:36 48,384 --a--c--- c:\windows.0\system32\drivers\rp_pkt32.sys
2008-11-16 13:42 . 2008-11-17 22:20 <REP> d-------- c:\program files\Raxco
2008-11-16 13:30 . 2008-11-16 13:30 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\Malwarebytes
2008-11-16 13:30 . 2008-11-16 13:30 <REP> d-------- c:\documents and settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-11-14 15:20 . 2008-11-14 15:20 <REP> d-------- c:\documents and settings\Rioux Vincent\Application Data\Search Settings
2008-11-14 02:11 . 2008-11-14 02:11 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Search Settings
2008-11-14 02:11 . 2008-11-14 02:11 <REP> d-------- c:\documents and settings\Rioux Mathieu\Application Data\Dealio
2008-11-13 22:56 . 2008-11-13 22:56 <REP> d-------- c:\documents and settings\Grenier Chantal\Application Data\Search Settings
2008-11-13 22:55 . 2008-11-13 22:55 <REP> d-------- c:\documents and settings\Grenier Chantal\Application Data\Dealio
2008-11-13 22:23 . 2008-11-13 22:23 <REP> d-------- c:\program files\Search Settings
2008-11-13 22:23 . 2006-11-18 11:38 200,704 --a--c--- c:\windows.0\system32\vbalExpBar6.ocx
2008-11-13 22:23 . 1998-07-13 17:53 44,544 --a--c--- c:\windows.0\system32\GIF89.DLL
2008-11-12 19:56 . 2004-03-09 01:00 1,081,616 --a--c--- c:\windows.0\system32\MSCOMCTL.OCX
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 19:09 --------- d-----w c:\documents and settings\Rioux Mathieu\Application Data\MEGAUPLOADTOOLBAR
2008-12-12 18:13 --------- d-----w c:\documents and settings\Grenier Chantal\Application Data\MEGAUPLOADTOOLBAR
2008-12-11 05:18 --------- d-----w c:\program files\Ruff-Rose
2008-12-11 00:02 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\MySQL
2008-12-10 23:00 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Hamachi
2008-12-04 22:26 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-04 03:20 --------- d-----w c:\program files\AbiSuite2
2008-11-30 20:05 --------- d---a-w c:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2008-11-29 21:04 --------- d-----w c:\program files\AruaROSE
2008-11-29 04:23 --------- d-----w c:\program files\'Full Speed' Internet Booster + Performance Tests
2008-11-28 22:14 --------- d-----w c:\program files\Notepad++
2008-11-28 22:14 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Notepad++
2008-11-28 22:12 --------- d-----w c:\program files\InstallShield Installation Information
2008-11-27 22:22 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-21 06:26 --------- d-----w c:\program files\Tales Of Pirates Online
2008-11-19 18:18 --------- d-----w c:\documents and settings\Grenier Chantal\Application Data\Bell
2008-11-18 07:02 --------- d-----w c:\documents and settings\Rioux Mathieu\Application Data\Bell
2008-11-18 03:14 --------- d-----w c:\program files\CA
2008-11-18 02:53 2,002 -c--a-w c:\windows.0\system32\ealregsnapshot1.reg
2008-11-18 00:37 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Bell
2008-11-18 00:27 --------- d-----w c:\program files\Bell
2008-11-17 23:39 --------- d-----w c:\program files\Google
2008-11-17 23:11 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\MegauploadToolbar
2008-11-16 18:39 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Bell
2008-11-09 01:38 --------- d-----w c:\program files\Zylom Games
2008-11-09 00:36 --------- d-----w c:\documents and settings\Grenier Chantal\Application Data\Zylom
2008-11-09 00:36 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\GameHouse
2008-11-03 22:23 --------- d-----w c:\program files\HHD Software
2008-11-02 16:07 --------- d-----w c:\program files\Taksi
2008-11-02 15:58 --------- d-----w c:\program files\Game Cam
2008-11-02 15:56 --------- d-----w c:\program files\Game Cam V2
2008-11-02 15:44 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\DivX
2008-10-31 17:11 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\Subversion
2008-10-31 00:28 5,916,303 -c--a-w C:\GameCam_V22_2_Setup.exe
2008-10-29 22:20 --------- d-----w c:\documents and settings\Rioux Vincent\Application Data\TeamViewer
2008-10-29 22:05 --------- d-----w c:\program files\TeamViewer3
2008-10-24 11:10 453,632 -c--a-w c:\windows.0\system32\drivers\mrxsmb.sys
2008-10-21 17:52 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\PIXELA
2008-10-21 01:29 4,769 -c--a-w C:\Auto Java File.zip
2008-10-20 21:01 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 18:01 --------- d-----w c:\program files\PIXELA
2008-10-20 00:11 --------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\FLEXnet
2008-10-19 23:46 --------- d-----w c:\program files\Sun
2008-10-19 23:44 --------- d-----w c:\program files\Java
2008-10-19 23:38 76,502,424 -c--a-w C:\jdk-6u10-windows-i586-p.exe
2008-10-18 02:00 --------- d-----w c:\program files\HashCalc
2008-10-03 00:33 11,691,552 -c--a-w C:\megamanager.exe
2008-10-01 23:27 410,976 -c--a-w c:\windows.0\system32\deploytk.dll
2008-09-30 21:43 1,286,152 -c--a-w c:\windows.0\system32\msxml4.dll
2008-09-15 15:39 1,846,144 -c--a-w c:\windows.0\system32\win32k.sys
2008-05-07 21:57 136 ----a-w c:\documents and settings\Vincent\hello.bat
2007-09-20 05:30 522 ----a-w c:\documents and settings\Rioux Vincent\Application Data\wklnhst.dat
2005-12-14 02:25 32 -c--a-r c:\documents and settings\All Users\hash.dat
2005-12-02 15:49 9,543 -c--a-w c:\program files\camp01.tmp
2005-12-02 15:49 26,267 -c--a-w c:\program files\camp00.tmp
2005-12-02 15:49 24,834 -c--a-w c:\program files\camp02.tmp
2005-11-06 17:25 774,144 -c--a-w c:\program files\RngInterstitial.dll
2002-06-04 15:06 65,536 -c----w c:\windows.0\inf\copyinf.exe
1999-02-22 00:33 462,848 -c--a-w c:\documents and settings\Vincent\HEROTRN.EXE
1999-02-18 18:35 2,064,384 -c--a-w c:\documents and settings\Vincent\HEROES3.EXE
1999-02-16 17:07 1,462,272 -c--a-w c:\documents and settings\Vincent\h3maped.exe
1999-02-11 23:33 109,568 -c--a-w c:\documents and settings\Vincent\GAMEUP.EXE
1998-04-01 19:37 273,408 -c--a-w c:\documents and settings\Vincent\mplaynow.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2006-09-18 86016]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2006-09-18 7630848]
"Gestionnaire de sécurité Sympatico"="c:\program files\Bell\Gestionnaire de securite\Rps.exe" [2008-03-10 311024]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-05-28 1468928]
"-FreedomNeedsReboot"="c:\program files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" [2008-03-10 13552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"StandardInstall"="SOUNDMAN.EXE" [2004-07-27 c:\windows.0\SOUNDMAN.EXE]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows.0\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="c:\program files\Bell\Gestionnaire de securite\IdxClnR.exe" [2008-03-10 61168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2004-08-05 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Assistant Internet.lnk]
backup=c:\windows.0\pss\Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^ImageMixer 3 SE Camera Monitor for SD.lnk]
path=c:\documents and settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\ImageMixer 3 SE Camera Monitor for SD.lnk
backup=c:\windows.0\pss\ImageMixer 3 SE Camera Monitor for SD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Lancer l'utilitaire d'enregistrement.lnk]
backup=c:\windows.0\pss\Lancer l'utilitaire d'enregistrement.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Rioux Vincent^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\Rioux Vincent\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows.0\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Rioux Vincent^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\Rioux Vincent\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows.0\pss\DW_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Rioux Vincent^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
path=c:\documents and settings\Rioux Vincent\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
backup=c:\windows.0\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 07:00 15360 c:\windows.0\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-01-05 02:27 176128 c:\windows.0\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-01 18:27 140696 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2006-09-18 15:25 1519616 c:\windows.0\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Softnyx\\RakionIS\\Bin\\rakion.bin"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS.0\\system32\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Nexon\\Mabinogi\\npkcmsvc.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlwriter.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL
R2 VaultClientUpgrade;Personal Vault Upgrade Service;c:\program files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S2 MySQL4;MySQL4;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL4 []
S2 MySQL41;MySQL41;"g:\test odinms pour aide\Mysql\bin\mysqld-nt" --defaults-file="g:\test odinms pour aide\Mysql\my.ini" MySQL41 []
S2 MySQL5;MySQL5;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL5 []
S2 MySQL501;MySQL501;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL501 []
S2 MySQL51;MySQL51;"g:\bin\mysqld-nt" --defaults-file="G:\my.ini" MySQL51 []
S2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk\PD91Agent.exe" []
S3 AbyssWebServer;Abyss Web Server;g:\wampserver\wamp\www\Abyss Web Server\abyssws.exe --service []
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk\PD91Engine.exe" []
S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico;"c:\program files\Bell\Gestionnaire de securite\RpsSecurityAware.exe" [2008-03-10 67824]
S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;"c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows.0\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;Agent SQL Server (SQLEXPRESS);"c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-07-10 369688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835b9096-2eba-11dd-a7ae-000b23d13b47}]
\Shell\AutoRun\command - E:\ONSPCLCK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{835b9097-2eba-11dd-a7ae-000b23d13b47}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-12-12 c:\windows.0\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{46FE1EE1-4FD9-4C21-BE84-9FC014EA9CD4} - c:\windows.0\system32\iifdcYrr.dll
BHO-{830e6c68-dbf4-409a-aedd-a3def514c407} - c:\windows.0\system32\kabahigo.dll
HKLM-Run-SalesMonitor - c:\program files\Fichiers communs\Antimalwareguard\smamg.exe dm=http://antimalwareguard.com;http/... ad=http://antimalwareguard.com;http/...
HKLM-Run-Redemption - \redemption.exe
HKLM-Run-IUpd721 - c:\documents and settings\Rioux Vincent\Application Data\NI.GSCNS\IUpd721.exe
HKLM-Run-CPM83cdeddb - c:\windows.0\system32\zipavagi.dll
MSConfigStartUp-c0 - c:\aidualc3\c0.exe
MSConfigStartUp-Redemption - \redemption.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
O16 -: Microsoft XML Parser for Java - file://c:\windows.0\Java\classes\xmldso.cab
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_4_0.cab
c:\windows.0\Downloaded Program Files\hardwaredetection.inf
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Rioux Vincent\Application Data\Mozilla\Firefox\Profiles\kvj3vyt0.default\
FF - plugin: c:\documents and settings\All Users.WINDOWS.0\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 18:19:33
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL4]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL4"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL41]
"ImagePath"="\"g:\test odinms pour aide\Mysql\bin\mysqld-nt\" --defaults-file=\"g:\test odinms pour aide\Mysql\my.ini\" MySQL41"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL5]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL5"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL501]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL501"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL51]
"ImagePath"="\"g:\bin\mysqld-nt\" --defaults-file=\"g:\my.ini\" MySQL51"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Bell\Gestionnaire de securite\Fws.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
c:\windows.0\system32\rundll32.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows.0\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows.0\system32\wdfmgr.exe
c:\program files\Bell\Gestionnaire de securite\rpsupdaterR.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows.0\system32\wscntfy.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-12 18:26:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-12 23:26:06
Avant-CF: 14 752 894 976 octets libres
Après-CF: 14,960,168,960 octets libres
369 --- E O F --- 2008-11-13 08:31:43
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen complet.
---> Clique sur Rechercher. L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen complet.
---> Clique sur Rechercher. L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
