Impossible de faire le scan
azidil2008
Messages postés
69
Statut
Membre
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
besoin urgent d'aide
mon PC est infecté, au démarrage il m'affiche un message d'erreur " Error while unpacking program, code LP5, please report to author"
*impossible de faire le scan avec AVG, ou même intrompu en plein scan
*impossible de nettoyer avec ccleaner
*des application qui ne fonctionne plus AVG, realplayer
j'ai lancer combofix et voici le rapport final
ComboFix 08-07-26.1 - S@D 2008-12-15 23:40:59.5 - [color=red][b]FAT32[/b][/color]x86
Endroit: D:\down\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-15 11:18 . 93,420 C:\WINDOWS\system32\drivers\d00a2fde.sys
2008-12-15 02:39 . 2008-12-15 02:39 160 --a------ C:\log.udt
2008-12-15 02:33 . 93,420 C:\WINDOWS\system32\drivers\b16bc237.sys
2008-12-15 02:33 . 2008-12-15 11:18 473 --a------ C:\image199.exe
2008-12-15 02:32 . 2008-12-15 11:17 287,248 --a------ C:\kwvo.exe
2008-12-15 02:32 . 2008-12-15 11:18 184,832 --a------ C:\image166.exe
2008-12-15 02:32 . 2008-12-15 11:18 131,072 --a------ C:\image188.exe
2008-12-15 02:32 . 2008-12-15 05:38 102,400 --a------ C:\rjyywg.exe
2008-12-15 02:32 . 2008-12-15 05:38 102,400 --a------ C:\eybdluq.exe
2008-12-15 02:32 . 2008-12-15 05:38 102,400 --a------ C:\bbcci.exe
2008-12-15 02:32 . 2008-12-15 11:17 2 --a------ C:\-724651947
2008-12-15 02:28 . 2008-12-15 02:28 <REP> d--h----- C:\$AVG8.VAULT$
2008-12-15 02:26 . 2008-12-15 02:26 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-12-15 02:26 . 2008-12-15 02:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-12-15 02:26 . 2008-12-15 02:27 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Program Files\AVG
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-15 02:16 . 2008-12-15 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-12-15 02:16 . 2008-12-15 02:16 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-12-14 23:52 . 2008-12-14 23:52 <REP> d-------- C:\Documents and Settings\S@D\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-14 23:51 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-14 21:09 . 2008-12-14 21:09 <REP> d-------- C:\DCC
2008-12-14 19:44 . 2001-08-17 19:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2008-12-14 17:27 . 2008-12-14 17:27 <REP> d-------- C:\Program Files\DynDNS Updater
2008-12-14 17:27 . 2008-12-14 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DynDNS
2008-12-14 16:51 . 2008-12-14 16:51 <REP> d--hs---- C:\FOUND.002
2008-12-14 15:14 . 2004-08-19 12:09 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-12-14 15:14 . 2004-08-19 12:09 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-12-14 15:14 . 2004-08-19 11:53 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-12-14 15:14 . 2004-08-19 12:09 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-12-14 15:14 . 2004-08-19 12:09 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-12-14 15:14 . 2004-08-19 12:09 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-12-14 15:10 . 2004-08-03 18:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-12-14 12:24 . 2008-12-08 16:22 177,152 -r-hs---- C:\h3.bat
2008-12-10 16:54 . 2008-12-14 20:28 85,504 -r-hs---- C:\WINDOWS\system32\vbsdfe0.dll
2008-12-10 07:37 . 2008-12-08 16:22 177,152 -r-hs---- C:\6fnlpetp.exe
2008-12-09 20:07 . 2008-12-14 13:16 85,504 -r-hs---- C:\WINDOWS\system32\vbsdfe1.dll
2008-12-09 05:29 . 2008-12-08 16:22 177,152 -r-hs---- C:\3rl3lqbq.bat
2008-12-08 16:23 . 2008-12-08 16:22 177,152 -r-hs---- C:\m9ma.exe
2008-12-06 22:54 . 2008-12-06 22:55 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-05 05:48 . 2008-12-06 16:13 178,176 -r-hs---- C:\2u.com
2008-12-04 15:09 . 2008-12-04 15:09 84,992 -r-hs---- C:\WINDOWS\system32\gasretyw3.dll
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\My Videos
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\aHisoft
2008-12-03 16:57 . 2008-12-03 16:57 <REP> d-------- C:\Program Files\aHisoft
2008-12-03 05:33 . 2008-12-03 05:34 183,296 -r-hs---- C:\ncyrf.bat
2008-11-30 09:20 . 2008-12-02 15:37 186,880 -r-hs---- C:\e.cmd
2008-11-30 02:29 . 2008-11-30 02:29 <REP> d-------- C:\Program Files\eMule
2008-11-29 23:02 . 2008-11-29 23:02 182,272 -r-hs---- C:\i.bat
2008-11-28 05:33 . 2008-11-28 05:32 179,200 -r-hs---- C:\o1.com
2008-11-27 13:38 . 2008-12-05 05:48 84,992 -r-hs---- C:\WINDOWS\system32\gasretyw2.dll
2008-11-27 04:28 . 2008-11-27 13:38 186,368 -r-hs---- C:\m2nl.bat
2008-11-25 06:00 . 2008-11-26 15:16 179,200 -r-hs---- C:\ij.bat
2008-11-25 05:34 . 2008-11-25 05:34 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-11-18 09:45 . 2008-11-24 13:48 182,784 -r-hs---- C:\abk.bat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 22:54 5,632 --sha-w C:\Program Files\Thumbs.db
2008-11-16 14:07 106,363 --sh--r C:\[u]0[/u]w.com
2008-11-14 15:01 --------- d-----w C:\Program Files\Bonjour
2008-11-14 05:30 173,568 --sh--r C:\lky.exe
2008-11-12 21:28 3,532 ----a-w C:\drmHeader.bin
2008-11-11 14:11 109,736 --sh--r C:\whi.com
2008-11-09 13:42 110,013 --sh--r C:\sq.com
2008-11-04 23:05 --------- d-----w C:\Program Files\SuperCopier2
2008-11-03 23:57 --------- d-----w C:\Program Files\BitComet
2008-10-22 19:02 104,123 --sh--r C:\xlk9.com
2008-10-19 08:03 105,115 --sh--r C:\2fiji.com
2008-10-02 09:41 101,418 --sh--r C:\bo1dhu.bat
2008-10-01 15:58 101,964 --sh--r C:\jdhc2x2.com
2008-09-27 05:50 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 17:46 98,304 ----a-w C:\Program Files\rpshellextension.dll
.
((((((((((((((((((((((((((((( snapshot_2008-12-15_ 2.30.54.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-04-02 12:15:26 312,847 ------w C:\WINDOWS\system32\beacbadacfcdb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\beacbadacfcdb]
2006-04-02 12:15 312847 C:\WINDOWS\system32\beacbadacfcdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\S@D\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\WINDOWS\\Explorer.EXE"=
"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ctfmon.exe"=
"C:\\Program Files\\DAP\\DAP.EXE"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"=
"C:\\WINDOWS\\system32\\netsh.exe"=
"C:\\Documents and Settings\\S@D\\Bureau\\AVG_Anti-Virus_Pro_Plus_Firewall_8.0.138\\avg_afwt_stf_en_8_138a1332.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\WINDOWS\\system32\\cmd.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgscanx.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-12-15 02:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-12-15 02:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 02:25]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-15 02:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-12-15 02:27]
R3 abp470n5;abp470n5;C:\WINDOWS\system32\drivers\ofngpk.sys []
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:20]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-15 02:25]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:55]
S2 NNServ;NNServ;C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\NewDotNet\nncore.dll ServiceStart []
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
S3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 19:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0b4e32-7ea5-11dd-9f24-4d6564696130}]
\Shell\AutoRun\command - G:\6fnlpetp.exe
\Shell\explore\Command - G:\6fnlpetp.exe
\Shell\open\Command - G:\6fnlpetp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39456512-c772-11dd-9f97-4d6564696130}]
\shelL\AuToplaY\cOmmaNd - G:\lbwun.pif
\shelL\AutoRun\command - G:\lbwun.pif
\shelL\eXplOre\ComMAnD - G:\lbwun.pif
\shelL\open\coMMAnD - G:\lbwun.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e88c580-c917-11dd-9f99-4d6564696130}]
\sheLL\Autoplay\cOmmAnD - G:\vbpc.exe
\sheLL\AutoRun\command - G:\vbpc.exe
\sheLL\ExpLore\CoMmand - G:\vbpc.exe
\sheLL\oPen\COmmAnD - G:\vbpc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5143cdba-9cad-11dd-9f4f-d711f00324b2}]
\Shell\AUTOpLaY\CommanD - G:\cjnqd.pif
\Shell\AutoRun\command - G:\cjnqd.pif
\Shell\EXploRE\coMmand - G:\cjnqd.pif
\Shell\Open\CommanD - G:\cjnqd.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de58e072-b0fe-11dd-9f70-4d6564696130}]
\sHeLl\AutoPlay\COMmAnd - G:\jpkjbo.pif
\sHeLl\AutoRun\command - G:\jpkjbo.pif
\sHeLl\exPloRE\CommaNd - G:\jpkjbo.pif
\sHeLl\oPEn\ComMand - G:\jpkjbo.pif
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-12-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!.8:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0. []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.menara.ma
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 23:41:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchinjdrv]
"ImagePath"="\??\C:\DOCUME~1\S@D\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\beacbadacfcdb.dll
.
Temps d'accomplissement: 2008-12-15 23:45:17
ComboFix-quarantined-files.txt 2008-12-15 23:44:54
ComboFix4.txt 2008-10-02 17:42:02
ComboFix3.txt 2008-12-15 10:40:16
ComboFix2.txt 2008-12-15 12:11:04
Pre-Run: 2,140,471,296 octets libres
Post-Run: 2,149,138,432 octets libres
237 --- E O F --- 2008-10-21 15:47:34
--------------------------------------------------------------------------------------------------------------
merci d'avance pour vos intervention
besoin urgent d'aide
mon PC est infecté, au démarrage il m'affiche un message d'erreur " Error while unpacking program, code LP5, please report to author"
*impossible de faire le scan avec AVG, ou même intrompu en plein scan
*impossible de nettoyer avec ccleaner
*des application qui ne fonctionne plus AVG, realplayer
j'ai lancer combofix et voici le rapport final
ComboFix 08-07-26.1 - S@D 2008-12-15 23:40:59.5 - [color=red][b]FAT32[/b][/color]x86
Endroit: D:\down\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés 2008-11-15 to 2008-12-15 ))))))))))))))))))))))))))))))))))))
.
2008-12-15 11:18 . 93,420 C:\WINDOWS\system32\drivers\d00a2fde.sys
2008-12-15 02:39 . 2008-12-15 02:39 160 --a------ C:\log.udt
2008-12-15 02:33 . 93,420 C:\WINDOWS\system32\drivers\b16bc237.sys
2008-12-15 02:33 . 2008-12-15 11:18 473 --a------ C:\image199.exe
2008-12-15 02:32 . 2008-12-15 11:17 287,248 --a------ C:\kwvo.exe
2008-12-15 02:32 . 2008-12-15 11:18 184,832 --a------ C:\image166.exe
2008-12-15 02:32 . 2008-12-15 11:18 131,072 --a------ C:\image188.exe
2008-12-15 02:32 . 2008-12-15 05:38 102,400 --a------ C:\rjyywg.exe
2008-12-15 02:32 . 2008-12-15 05:38 102,400 --a------ C:\eybdluq.exe
2008-12-15 02:32 . 2008-12-15 05:38 102,400 --a------ C:\bbcci.exe
2008-12-15 02:32 . 2008-12-15 11:17 2 --a------ C:\-724651947
2008-12-15 02:28 . 2008-12-15 02:28 <REP> d--h----- C:\$AVG8.VAULT$
2008-12-15 02:26 . 2008-12-15 02:26 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-12-15 02:26 . 2008-12-15 02:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-12-15 02:26 . 2008-12-15 02:27 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Program Files\AVG
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-15 02:16 . 2008-12-15 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-12-15 02:16 . 2008-12-15 02:16 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-12-14 23:52 . 2008-12-14 23:52 <REP> d-------- C:\Documents and Settings\S@D\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-14 23:51 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-14 21:09 . 2008-12-14 21:09 <REP> d-------- C:\DCC
2008-12-14 19:44 . 2001-08-17 19:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2008-12-14 17:27 . 2008-12-14 17:27 <REP> d-------- C:\Program Files\DynDNS Updater
2008-12-14 17:27 . 2008-12-14 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DynDNS
2008-12-14 16:51 . 2008-12-14 16:51 <REP> d--hs---- C:\FOUND.002
2008-12-14 15:14 . 2004-08-19 12:09 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-12-14 15:14 . 2004-08-19 12:09 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-12-14 15:14 . 2004-08-19 11:53 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-12-14 15:14 . 2004-08-19 12:09 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-12-14 15:14 . 2004-08-19 12:09 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-12-14 15:14 . 2004-08-19 12:09 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-12-14 15:10 . 2004-08-03 18:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-12-14 12:24 . 2008-12-08 16:22 177,152 -r-hs---- C:\h3.bat
2008-12-10 16:54 . 2008-12-14 20:28 85,504 -r-hs---- C:\WINDOWS\system32\vbsdfe0.dll
2008-12-10 07:37 . 2008-12-08 16:22 177,152 -r-hs---- C:\6fnlpetp.exe
2008-12-09 20:07 . 2008-12-14 13:16 85,504 -r-hs---- C:\WINDOWS\system32\vbsdfe1.dll
2008-12-09 05:29 . 2008-12-08 16:22 177,152 -r-hs---- C:\3rl3lqbq.bat
2008-12-08 16:23 . 2008-12-08 16:22 177,152 -r-hs---- C:\m9ma.exe
2008-12-06 22:54 . 2008-12-06 22:55 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-05 05:48 . 2008-12-06 16:13 178,176 -r-hs---- C:\2u.com
2008-12-04 15:09 . 2008-12-04 15:09 84,992 -r-hs---- C:\WINDOWS\system32\gasretyw3.dll
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\My Videos
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\aHisoft
2008-12-03 16:57 . 2008-12-03 16:57 <REP> d-------- C:\Program Files\aHisoft
2008-12-03 05:33 . 2008-12-03 05:34 183,296 -r-hs---- C:\ncyrf.bat
2008-11-30 09:20 . 2008-12-02 15:37 186,880 -r-hs---- C:\e.cmd
2008-11-30 02:29 . 2008-11-30 02:29 <REP> d-------- C:\Program Files\eMule
2008-11-29 23:02 . 2008-11-29 23:02 182,272 -r-hs---- C:\i.bat
2008-11-28 05:33 . 2008-11-28 05:32 179,200 -r-hs---- C:\o1.com
2008-11-27 13:38 . 2008-12-05 05:48 84,992 -r-hs---- C:\WINDOWS\system32\gasretyw2.dll
2008-11-27 04:28 . 2008-11-27 13:38 186,368 -r-hs---- C:\m2nl.bat
2008-11-25 06:00 . 2008-11-26 15:16 179,200 -r-hs---- C:\ij.bat
2008-11-25 05:34 . 2008-11-25 05:34 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-11-18 09:45 . 2008-11-24 13:48 182,784 -r-hs---- C:\abk.bat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 22:54 5,632 --sha-w C:\Program Files\Thumbs.db
2008-11-16 14:07 106,363 --sh--r C:\[u]0[/u]w.com
2008-11-14 15:01 --------- d-----w C:\Program Files\Bonjour
2008-11-14 05:30 173,568 --sh--r C:\lky.exe
2008-11-12 21:28 3,532 ----a-w C:\drmHeader.bin
2008-11-11 14:11 109,736 --sh--r C:\whi.com
2008-11-09 13:42 110,013 --sh--r C:\sq.com
2008-11-04 23:05 --------- d-----w C:\Program Files\SuperCopier2
2008-11-03 23:57 --------- d-----w C:\Program Files\BitComet
2008-10-22 19:02 104,123 --sh--r C:\xlk9.com
2008-10-19 08:03 105,115 --sh--r C:\2fiji.com
2008-10-02 09:41 101,418 --sh--r C:\bo1dhu.bat
2008-10-01 15:58 101,964 --sh--r C:\jdhc2x2.com
2008-09-27 05:50 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2008-09-15 15:39 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 17:46 98,304 ----a-w C:\Program Files\rpshellextension.dll
.
((((((((((((((((((((((((((((( snapshot_2008-12-15_ 2.30.54.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-04-02 12:15:26 312,847 ------w C:\WINDOWS\system32\beacbadacfcdb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\beacbadacfcdb]
2006-04-02 12:15 312847 C:\WINDOWS\system32\beacbadacfcdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\S@D\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\WINDOWS\\Explorer.EXE"=
"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ctfmon.exe"=
"C:\\Program Files\\DAP\\DAP.EXE"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"=
"C:\\WINDOWS\\system32\\netsh.exe"=
"C:\\Documents and Settings\\S@D\\Bureau\\AVG_Anti-Virus_Pro_Plus_Firewall_8.0.138\\avg_afwt_stf_en_8_138a1332.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\WINDOWS\\system32\\cmd.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgscanx.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-12-15 02:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-12-15 02:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 02:25]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-15 02:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-12-15 02:27]
R3 abp470n5;abp470n5;C:\WINDOWS\system32\drivers\ofngpk.sys []
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:20]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-15 02:25]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:55]
S2 NNServ;NNServ;C:\Program Files\NewDotNet\nnrun.exe C:\Program Files\NewDotNet\nncore.dll ServiceStart []
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
S3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 19:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0b4e32-7ea5-11dd-9f24-4d6564696130}]
\Shell\AutoRun\command - G:\6fnlpetp.exe
\Shell\explore\Command - G:\6fnlpetp.exe
\Shell\open\Command - G:\6fnlpetp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39456512-c772-11dd-9f97-4d6564696130}]
\shelL\AuToplaY\cOmmaNd - G:\lbwun.pif
\shelL\AutoRun\command - G:\lbwun.pif
\shelL\eXplOre\ComMAnD - G:\lbwun.pif
\shelL\open\coMMAnD - G:\lbwun.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e88c580-c917-11dd-9f99-4d6564696130}]
\sheLL\Autoplay\cOmmAnD - G:\vbpc.exe
\sheLL\AutoRun\command - G:\vbpc.exe
\sheLL\ExpLore\CoMmand - G:\vbpc.exe
\sheLL\oPen\COmmAnD - G:\vbpc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5143cdba-9cad-11dd-9f4f-d711f00324b2}]
\Shell\AUTOpLaY\CommanD - G:\cjnqd.pif
\Shell\AutoRun\command - G:\cjnqd.pif
\Shell\EXploRE\coMmand - G:\cjnqd.pif
\Shell\Open\CommanD - G:\cjnqd.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de58e072-b0fe-11dd-9f70-4d6564696130}]
\sHeLl\AutoPlay\COMmAnd - G:\jpkjbo.pif
\sHeLl\AutoRun\command - G:\jpkjbo.pif
\sHeLl\exPloRE\CommaNd - G:\jpkjbo.pif
\sHeLl\oPEn\ComMand - G:\jpkjbo.pif
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-12-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!.8:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0. []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.menara.ma
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 23:41:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchinjdrv]
"ImagePath"="\??\C:\DOCUME~1\S@D\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\beacbadacfcdb.dll
.
Temps d'accomplissement: 2008-12-15 23:45:17
ComboFix-quarantined-files.txt 2008-12-15 23:44:54
ComboFix4.txt 2008-10-02 17:42:02
ComboFix3.txt 2008-12-15 10:40:16
ComboFix2.txt 2008-12-15 12:11:04
Pre-Run: 2,140,471,296 octets libres
Post-Run: 2,149,138,432 octets libres
237 --- E O F --- 2008-10-21 15:47:34
--------------------------------------------------------------------------------------------------------------
merci d'avance pour vos intervention
A voir également:
- Impossible de faire le scan
- Scan qr code pc - Guide
- Sfc scan - Guide
- Scan spotify - Guide
- Google traduction photo scan - Guide
- Scan manga - Forum Réseaux sociaux
16 réponses
salut,
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/1366464061/UsbFix.rar
dezip le sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
@+
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/1366464061/UsbFix.rar
dezip le sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
@+
bonne nouvelle le message du démarge n'apparait plus, le gestionnaire de tache fonctionne de nouveau,
mais l'antivirus s'arrete aucours du scan
le rapport de usbfix
-------- UsbFix V2.413.4 ---------------
* User : S@D - XPSP2-D167D58C7
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 2:43:45 le 16/12/2008
* Windows Xp - Internet Explorer 6.0.2900.2180
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DOCUME~1\S@D\LOCALS~1\Temp\1.tmp\b2e.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[27/08/2008 13:29][--a------] C:\AUTOEXEC.BAT
[27/08/2008 13:29][--a------] C:\h3.bat
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[08/12/2008 16:22][-r-hs----] C:\m9ma.exe
[27/08/2008 13:22][---hs----] C:\boot.ini
[16/12/2008 02:44][--a------] C:\UsbFix.txt
[16/12/2008 02:44][--a------] C:\ComboFix.txt
[27/08/2008 13:29][--a------] C:\CONFIG.SYS
[27/08/2008 13:29][--a------] C:\IO.SYS
[27/08/2008 13:29][--a------] C:\MSDOS.SYS
[27/08/2008 13:29][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[08/12/2008 16:22][-r-hs----] D:\h3.bat
[08/12/2008 16:22][-r-hs----] D:\m9ma.exe
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
uTorrent="C:\Program Files\uTorrent\uTorrent.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
DownloadAccelerator="C:\Program Files\DAP\DAP.EXE" /STARTUP
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[27/08/2008 13:29][--a------] C:\AUTOEXEC.BAT
[27/08/2008 13:29][--a------] C:\h3.bat
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[08/12/2008 16:22][-r-hs----] C:\m9ma.exe
[27/08/2008 13:22][---hs----] C:\boot.ini
[08/12/2008 16:22][-r-hs----] D:\h3.bat
[08/12/2008 16:22][-r-hs----] D:\m9ma.exe
--------------- ! Fin du rapport ! ----------------
mais l'antivirus s'arrete aucours du scan
le rapport de usbfix
-------- UsbFix V2.413.4 ---------------
* User : S@D - XPSP2-D167D58C7
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 2:43:45 le 16/12/2008
* Windows Xp - Internet Explorer 6.0.2900.2180
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\DOCUME~1\S@D\LOCALS~1\Temp\1.tmp\b2e.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[27/08/2008 13:29][--a------] C:\AUTOEXEC.BAT
[27/08/2008 13:29][--a------] C:\h3.bat
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[08/12/2008 16:22][-r-hs----] C:\m9ma.exe
[27/08/2008 13:22][---hs----] C:\boot.ini
[16/12/2008 02:44][--a------] C:\UsbFix.txt
[16/12/2008 02:44][--a------] C:\ComboFix.txt
[27/08/2008 13:29][--a------] C:\CONFIG.SYS
[27/08/2008 13:29][--a------] C:\IO.SYS
[27/08/2008 13:29][--a------] C:\MSDOS.SYS
[27/08/2008 13:29][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[08/12/2008 16:22][-r-hs----] D:\h3.bat
[08/12/2008 16:22][-r-hs----] D:\m9ma.exe
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
uTorrent="C:\Program Files\uTorrent\uTorrent.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
DownloadAccelerator="C:\Program Files\DAP\DAP.EXE" /STARTUP
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
--------------- [ Registre / Mountpoint2 ] ----------------
-> Recherche négative.
--------------- [ Nettoyage des disques ] ----------------
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[27/08/2008 13:29][--a------] C:\AUTOEXEC.BAT
[27/08/2008 13:29][--a------] C:\h3.bat
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[08/12/2008 16:22][-r-hs----] C:\m9ma.exe
[27/08/2008 13:22][---hs----] C:\boot.ini
[08/12/2008 16:22][-r-hs----] D:\h3.bat
[08/12/2008 16:22][-r-hs----] D:\m9ma.exe
--------------- ! Fin du rapport ! ----------------
ok
passe ceci :
Télécharge DDS.scr de sUBs
https://download.bleepingcomputer.com/sUBs/dds.scr
Sur le bureau.
L'outil ne nécessite pas d'installation.
Lances-le en cliquant sur l'icône dds.scr
Cette fenêtre DOS va apparaitre:
https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg
Le scan ne doit pas dépasser trois minutes.
Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui
Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste le rapport DDS.txt
passe ceci :
Télécharge DDS.scr de sUBs
https://download.bleepingcomputer.com/sUBs/dds.scr
Sur le bureau.
L'outil ne nécessite pas d'installation.
Lances-le en cliquant sur l'icône dds.scr
Cette fenêtre DOS va apparaitre:
https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg
Le scan ne doit pas dépasser trois minutes.
Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui
Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste le rapport DDS.txt
vla le rapport
DDS (Version 1.0.1) - FAT32x86
Run by S@D at 3:06:55,28 on 16/12/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.255.42 [GMT 0:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\down\dds.scr
============== Pseudo HJT Report ===============
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
mRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRunOnce: [Config] %systemroot%\system32\run.cmd
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\dslmon.lnk - c:\program files\menara\dslmon.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: {191CF18C-676F-4546-B6E8-CEBE660A4A92} = 196.217.246.210 212.217.0.13
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: beacbadacfcdb - c:\windows\system32\beacbadacfcdb.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\s@d\applic~1\mozilla\firefox\profiles\x5hohrge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-15 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-15 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-15 26824]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-15 231192]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-12-15 1219352]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-15 76040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-15 23296]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-8-27 114616]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-15 873752]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-8-27 63555]
S2 NNServ;NNServ;"c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" ServiceStart []
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ofngpk.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-15 23296]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [2008-8-27 77824]
=============== Created Last 30 ================
2008-12-16 02:32 <DIR> --d----- c:\program files\UsbFix
2008-12-16 00:19 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-15 23:34 <DIR> --d----- C:\ComboFix
2008-12-15 11:18 93,420 a------- c:\windows\system32\drivers\d00a2fde.sys
2008-12-15 02:33 93,420 a------- c:\windows\system32\drivers\b16bc237.sys
2008-12-15 02:28 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-15 02:26 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-15 02:26 96,520 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-15 02:26 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-15 02:26 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-15 02:26 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-15 02:25 <DIR> --d----- c:\program files\AVG
2008-12-15 02:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-15 02:16 45,568 a------- c:\windows\system32\avgfwdx.dll
2008-12-15 02:16 23,296 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-12-14 23:52 <DIR> --d----- c:\docume~1\s@d\applic~1\Malwarebytes
2008-12-14 23:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 23:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 23:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-14 23:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 21:09 <DIR> --d----- C:\DCC
2008-12-14 19:44 66,591 a------- c:\windows\system32\drivers\el90xbc5.sys
2008-12-14 16:51 <DIR> --dsh--- C:\FOUND.002
2008-12-14 15:14 1,888,992 a------- c:\windows\system32\ati3duag.dll
2008-12-14 15:14 516,768 a------- c:\windows\system32\ativvaxx.dll
2008-12-14 15:14 870,784 a------- c:\windows\system32\ati3d1ag.dll
2008-12-14 15:14 701,440 a------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-14 15:14 229,376 a------- c:\windows\system32\ati2cqag.dll
2008-12-14 15:14 201,728 a------- c:\windows\system32\ati2dvag.dll
2008-12-14 15:10 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2008-12-14 12:24 177,152 ---shr-- C:\h3.bat
2008-12-08 16:23 177,152 ---shr-- C:\m9ma.exe
2008-12-06 22:54 7,168 a--sh--- c:\windows\system32\Thumbs.db
2008-12-03 16:58 <DIR> --d----- C:\My Videos
2008-12-03 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\aHisoft
2008-12-03 16:57 <DIR> --d----- c:\program files\aHisoft
2008-11-30 02:29 <DIR> --d----- c:\program files\eMule
2008-11-25 05:34 <DIR> --d-h--- c:\windows\system32\GroupPolicy
==================== Find3M ====================
2008-12-12 21:34 2,064 a------- c:\windows\system32\d3d8caps.dat
2008-12-12 20:44 2,176 a------- c:\windows\system32\d3d9caps.dat
2008-12-06 22:54 5,632 a--sh--- c:\program files\Thumbs.db
2008-11-25 17:21 460,986 a------- c:\windows\system32\perfh00C.dat
2008-11-25 17:21 72,126 a------- c:\windows\system32\perfc00C.dat
2008-09-27 05:50 8,464 a------- c:\windows\system32\sporder.dll
2008-08-28 17:46 102,400 a------- c:\program files\HXAudioDeviceHook.dll
============= FINISH: 3:07:58,39 ===============
DDS (Version 1.0.1) - FAT32x86
Run by S@D at 3:06:55,28 on 16/12/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.255.42 [GMT 0:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\down\dds.scr
============== Pseudo HJT Report ===============
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
mRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRunOnce: [Config] %systemroot%\system32\run.cmd
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\dslmon.lnk - c:\program files\menara\dslmon.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: {191CF18C-676F-4546-B6E8-CEBE660A4A92} = 196.217.246.210 212.217.0.13
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: beacbadacfcdb - c:\windows\system32\beacbadacfcdb.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\s@d\applic~1\mozilla\firefox\profiles\x5hohrge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
============= SERVICES / DRIVERS ===============
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-15 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-15 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-15 26824]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-15 231192]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2008-12-15 1219352]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-15 76040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-15 23296]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-8-27 114616]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-15 873752]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-8-27 63555]
S2 NNServ;NNServ;"c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" ServiceStart []
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\ofngpk.sys []
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-15 23296]
S3 S3SAVAGE4M;S3SAVAGE4M;c:\windows\system32\drivers\s3sav4m.sys [2008-8-27 77824]
=============== Created Last 30 ================
2008-12-16 02:32 <DIR> --d----- c:\program files\UsbFix
2008-12-16 00:19 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-15 23:34 <DIR> --d----- C:\ComboFix
2008-12-15 11:18 93,420 a------- c:\windows\system32\drivers\d00a2fde.sys
2008-12-15 02:33 93,420 a------- c:\windows\system32\drivers\b16bc237.sys
2008-12-15 02:28 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-15 02:26 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-15 02:26 96,520 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-15 02:26 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-15 02:26 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2008-12-15 02:26 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-15 02:25 <DIR> --d----- c:\program files\AVG
2008-12-15 02:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-12-15 02:16 45,568 a------- c:\windows\system32\avgfwdx.dll
2008-12-15 02:16 23,296 a------- c:\windows\system32\drivers\avgfwdx.sys
2008-12-14 23:52 <DIR> --d----- c:\docume~1\s@d\applic~1\Malwarebytes
2008-12-14 23:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 23:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 23:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-14 23:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 21:09 <DIR> --d----- C:\DCC
2008-12-14 19:44 66,591 a------- c:\windows\system32\drivers\el90xbc5.sys
2008-12-14 16:51 <DIR> --dsh--- C:\FOUND.002
2008-12-14 15:14 1,888,992 a------- c:\windows\system32\ati3duag.dll
2008-12-14 15:14 516,768 a------- c:\windows\system32\ativvaxx.dll
2008-12-14 15:14 870,784 a------- c:\windows\system32\ati3d1ag.dll
2008-12-14 15:14 701,440 a------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-14 15:14 229,376 a------- c:\windows\system32\ati2cqag.dll
2008-12-14 15:14 201,728 a------- c:\windows\system32\ati2dvag.dll
2008-12-14 15:10 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2008-12-14 12:24 177,152 ---shr-- C:\h3.bat
2008-12-08 16:23 177,152 ---shr-- C:\m9ma.exe
2008-12-06 22:54 7,168 a--sh--- c:\windows\system32\Thumbs.db
2008-12-03 16:58 <DIR> --d----- C:\My Videos
2008-12-03 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\aHisoft
2008-12-03 16:57 <DIR> --d----- c:\program files\aHisoft
2008-11-30 02:29 <DIR> --d----- c:\program files\eMule
2008-11-25 05:34 <DIR> --d-h--- c:\windows\system32\GroupPolicy
==================== Find3M ====================
2008-12-12 21:34 2,064 a------- c:\windows\system32\d3d8caps.dat
2008-12-12 20:44 2,176 a------- c:\windows\system32\d3d9caps.dat
2008-12-06 22:54 5,632 a--sh--- c:\program files\Thumbs.db
2008-11-25 17:21 460,986 a------- c:\windows\system32\perfh00C.dat
2008-11-25 17:21 72,126 a------- c:\windows\system32\perfc00C.dat
2008-09-27 05:50 8,464 a------- c:\windows\system32\sporder.dll
2008-08-28 17:46 102,400 a------- c:\program files\HXAudioDeviceHook.dll
============= FINISH: 3:07:58,39 ===============
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok
Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
En mode sans échec:
Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,
:Processes
explorer.exe
:Services
NNServ
abp470n5
:Files
c:\windows\system32\drivers\d00a2fde.sys
c:\windows\system32\drivers\b16bc237.sys
c:\program files\newdotnet
C:\h3.bat
c:\windows\system32\drivers\ofngpk.sys
C:\m9ma.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]
et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)
-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...
( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)
-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).
@+
Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
En mode sans échec:
Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,
:Processes
explorer.exe
:Services
NNServ
abp470n5
:Files
c:\windows\system32\drivers\d00a2fde.sys
c:\windows\system32\drivers\b16bc237.sys
c:\program files\newdotnet
C:\h3.bat
c:\windows\system32\drivers\ofngpk.sys
C:\m9ma.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]
et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)
-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...
( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)
-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).
@+
au démarrage cette fois le message d'erreur "error while unpacking....." réaparait
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service NNServ stopped successfully.
Service NNServ deleted successfully.
Service abp470n5 stopped successfully.
Service abp470n5 deleted successfully.
========== FILES ==========
File move failed. c:\windows\system32\drivers\d00a2fde.sys scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\b16bc237.sys scheduled to be moved on reboot.
File/Folder c:\program files\newdotnet not found.
C:\h3.bat moved successfully.
File/Folder c:\windows\system32\drivers\ofngpk.sys not found.
C:\m9ma.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12162008_033127
Files moved on Reboot...
File c:\windows\system32\drivers\d00a2fde.sys not found!
File c:\windows\system32\drivers\b16bc237.sys not found!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service NNServ stopped successfully.
Service NNServ deleted successfully.
Service abp470n5 stopped successfully.
Service abp470n5 deleted successfully.
========== FILES ==========
File move failed. c:\windows\system32\drivers\d00a2fde.sys scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\b16bc237.sys scheduled to be moved on reboot.
File/Folder c:\program files\newdotnet not found.
C:\h3.bat moved successfully.
File/Folder c:\windows\system32\drivers\ofngpk.sys not found.
C:\m9ma.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12162008_033127
Files moved on Reboot...
File c:\windows\system32\drivers\d00a2fde.sys not found!
File c:\windows\system32\drivers\b16bc237.sys not found!
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
fais ça aussi :
telecharge ce fichier :
http://sd-1.archive-host.com/membres/up/116615172019703188/Scan.bat
double click sur scan.bat
et post le rapport list.txt
@+
telecharge ce fichier :
http://sd-1.archive-host.com/membres/up/116615172019703188/Scan.bat
double click sur scan.bat
et post le rapport list.txt
@+
le lien il est là
http://sd-1.archive-host.com/membres/up/116615172019703188/Scan.bat
et fé le scan stp
http://sd-1.archive-host.com/membres/up/116615172019703188/Scan.bat
et fé le scan stp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:00:22, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DynDNS Updater\DynUpPs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\S@D\LOCALS~1\Temp\winvcky.exe
C:\DOCUME~1\S@D\LOCALS~1\Temp\windiva.exe
C:\DOCUME~1\S@D\LOCALS~1\Temp\djkff.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{191CF18C-676F-4546-B6E8-CEBE660A4A92}: NameServer = 196.217.246.210 212.217.0.13
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: beacbadacfcdb - C:\WINDOWS\system32\beacbadacfcdb.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Scan saved at 04:00:22, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DynDNS Updater\DynUpPs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\S@D\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\S@D\LOCALS~1\Temp\winvcky.exe
C:\DOCUME~1\S@D\LOCALS~1\Temp\windiva.exe
C:\DOCUME~1\S@D\LOCALS~1\Temp\djkff.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{191CF18C-676F-4546-B6E8-CEBE660A4A92}: NameServer = 196.217.246.210 212.217.0.13
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: beacbadacfcdb - C:\WINDOWS\system32\beacbadacfcdb.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[27/08/2008 13:29][--a------] C:\AUTOEXEC.BAT
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[27/08/2008 13:22][---hs----] C:\boot.ini
[16/12/2008 03:04][--a------] C:\UsbFix.txt
[16/12/2008 03:04][--a------] C:\Vaccin.txt
[16/12/2008 03:04][--a------] C:\List.txt
[16/12/2008 03:04][--a------] C:\ComboFix.txt
[27/08/2008 13:29][--a------] C:\CONFIG.SYS
[27/08/2008 13:29][--a------] C:\IO.SYS
[27/08/2008 13:29][--a------] C:\MSDOS.SYS
[27/08/2008 13:29][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[08/12/2008 16:22][-r-hs----] D:\h3.bat
[08/12/2008 16:22][-r-hs----] D:\m9ma.exe
C: - Lecteur fixe
+- Listing des fichiers présents :
[27/08/2008 13:29][--a------] C:\AUTOEXEC.BAT
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM
[27/08/2008 13:22][---hs----] C:\boot.ini
[16/12/2008 03:04][--a------] C:\UsbFix.txt
[16/12/2008 03:04][--a------] C:\Vaccin.txt
[16/12/2008 03:04][--a------] C:\List.txt
[16/12/2008 03:04][--a------] C:\ComboFix.txt
[27/08/2008 13:29][--a------] C:\CONFIG.SYS
[27/08/2008 13:29][--a------] C:\IO.SYS
[27/08/2008 13:29][--a------] C:\MSDOS.SYS
[27/08/2008 13:29][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[08/12/2008 16:22][-r-hs----] D:\h3.bat
[08/12/2008 16:22][-r-hs----] D:\m9ma.exe
ComboFix 08-08-02.01 - S@D 2008-12-16 4:26:17.6 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.100 [GMT 0:00]
Endroit: C:\Documents and Settings\S@D\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés 2008-11-16 to 2008-12-16 ))))))))))))))))))))))))))))))))))))
.
2008-12-16 04:14 . 2008-12-13 04:34 <REP> d-------- C:\32788R22FWJFW
2008-12-16 04:14 . 2008-12-16 04:14 400,896 --a------ C:\WINDOWS\system32\cmd.execf
2008-12-16 03:58 . 2008-12-16 03:58 <REP> d-------- C:\Program Files\Trend Micro
2008-12-16 03:31 . 2008-12-16 03:31 <REP> d-------- C:\_OTMoveIt
2008-12-16 03:21 . 2008-12-16 03:21 <REP> d-------- C:\Program Files\DynDNS Updater
2008-12-16 03:21 . 2008-12-16 03:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DynDNS
2008-12-16 02:32 . 2008-12-16 02:32 <REP> d-------- C:\Program Files\UsbFix
2008-12-16 00:19 . 2008-12-16 00:19 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-12-15 11:18 . 93,420 C:\WINDOWS\system32\drivers\d00a2fde.sys
2008-12-15 02:33 . 93,420 C:\WINDOWS\system32\drivers\b16bc237.sys
2008-12-15 02:28 . 2008-12-15 02:28 <REP> d--h----- C:\$AVG8.VAULT$
2008-12-15 02:26 . 2008-12-15 02:26 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-12-15 02:26 . 2008-12-15 02:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-12-15 02:26 . 2008-12-15 02:27 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Program Files\AVG
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-15 02:16 . 2008-12-15 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-12-15 02:16 . 2008-12-15 02:16 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-12-14 23:52 . 2008-12-14 23:52 <REP> d-------- C:\Documents and Settings\S@D\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-14 23:51 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-14 21:09 . 2008-12-14 21:09 <REP> d-------- C:\DCC
2008-12-14 19:44 . 2001-08-17 19:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2008-12-14 16:51 . 2008-12-14 16:51 <REP> d--hs---- C:\FOUND.002
2008-12-14 15:14 . 2004-08-19 12:09 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-12-14 15:14 . 2004-08-19 12:09 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-12-14 15:14 . 2004-08-19 11:53 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-12-14 15:14 . 2004-08-19 12:09 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-12-14 15:14 . 2004-08-19 12:09 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-12-14 15:14 . 2004-08-19 12:09 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-12-14 15:10 . 2004-08-03 18:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-12-06 22:54 . 2008-12-06 22:55 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\My Videos
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\aHisoft
2008-12-03 16:57 . 2008-12-03 16:57 <REP> d-------- C:\Program Files\aHisoft
2008-11-30 02:29 . 2008-11-30 02:29 <REP> d-------- C:\Program Files\eMule
2008-11-25 05:34 . 2008-11-25 05:34 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 22:54 5,632 --sha-w C:\Program Files\Thumbs.db
2008-11-04 23:05 --------- d-----w C:\Program Files\SuperCopier2
2008-11-03 23:57 --------- d-----w C:\Program Files\BitComet
2008-09-27 05:50 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2008-08-28 17:46 98,304 ----a-w C:\Program Files\rpshellextension.dll
.
((((((((((((((((((((((((((((( snapshot_2008-12-15_ 2.30.54.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-04-02 12:15:26 312,847 ------w C:\WINDOWS\system32\beacbadacfcdb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\beacbadacfcdb]
2006-04-02 12:15 312847 C:\WINDOWS\system32\beacbadacfcdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\S@D\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\WINDOWS\\Explorer.EXE"= C:\\WINDOWS\\explorer.exe
"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ctfmon.exe"=
"C:\\Program Files\\DAP\\DAP.EXE"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"=
"C:\\WINDOWS\\system32\\netsh.exe"=
"C:\\Documents and Settings\\S@D\\Bureau\\AVG_Anti-Virus_Pro_Plus_Firewall_8.0.138\\avg_afwt_stf_en_8_138a1332.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\WINDOWS\\system32\\cmd.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgscanx.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"C:\\Program Files\\CCleaner\\CCleaner.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"D:\\down\\ComboFix.exe"=
"C:\\Documents and Settings\\S@D\\Bureau\\OTMoveIt3.exe"=
"C:\\DOCUME~1\\S@D\\LOCALS~1\\Temp\\winvcky.exe"=
"C:\\DOCUME~1\\S@D\\LOCALS~1\\Temp\\windiva.exe"=
"C:\\DOCUME~1\\S@D\\LOCALS~1\\Temp\\djkff.exe"=
"C:\\Program Files\\DynDNS Updater\\DynUpPs.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-12-15 02:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-12-15 02:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 02:25]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-15 02:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-12-15 02:27]
R3 abp470n5;abp470n5;C:\WINDOWS\system32\drivers\ofngpk.sys []
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:20]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-15 02:25]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:55]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
S3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 19:50]
*Newly Created Service* - ABP470N5
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-12-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\S@D\Application Data\Mozilla\Firefox\Profiles\x5hohrge.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 04:27:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchinjdrv]
"ImagePath"="\??\C:\DOCUME~1\S@D\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\beacbadacfcdb.dll
.
Temps d'accomplissement: 2008-12-16 4:29:56
ComboFix-quarantined-files.txt 2008-12-16 04:29:36
ComboFix4.txt 2008-12-15 10:40:16
ComboFix3.txt 2008-12-15 12:11:04
ComboFix5.txt 2008-12-16 04:22:48
ComboFix2.txt 2008-12-15 23:45:28
Pre-Run: 2,108,178,432 octets libres
Post-Run: 2,098,118,656 octets libres
187 --- E O F --- 2008-10-21 15:47:34
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.100 [GMT 0:00]
Endroit: C:\Documents and Settings\S@D\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés 2008-11-16 to 2008-12-16 ))))))))))))))))))))))))))))))))))))
.
2008-12-16 04:14 . 2008-12-13 04:34 <REP> d-------- C:\32788R22FWJFW
2008-12-16 04:14 . 2008-12-16 04:14 400,896 --a------ C:\WINDOWS\system32\cmd.execf
2008-12-16 03:58 . 2008-12-16 03:58 <REP> d-------- C:\Program Files\Trend Micro
2008-12-16 03:31 . 2008-12-16 03:31 <REP> d-------- C:\_OTMoveIt
2008-12-16 03:21 . 2008-12-16 03:21 <REP> d-------- C:\Program Files\DynDNS Updater
2008-12-16 03:21 . 2008-12-16 03:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DynDNS
2008-12-16 02:32 . 2008-12-16 02:32 <REP> d-------- C:\Program Files\UsbFix
2008-12-16 00:19 . 2008-12-16 00:19 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-12-15 11:18 . 93,420 C:\WINDOWS\system32\drivers\d00a2fde.sys
2008-12-15 02:33 . 93,420 C:\WINDOWS\system32\drivers\b16bc237.sys
2008-12-15 02:28 . 2008-12-15 02:28 <REP> d--h----- C:\$AVG8.VAULT$
2008-12-15 02:26 . 2008-12-15 02:26 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-12-15 02:26 . 2008-12-15 02:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-12-15 02:26 . 2008-12-15 02:27 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-12-15 02:26 . 2008-12-15 02:27 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Program Files\AVG
2008-12-15 02:25 . 2008-12-15 02:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-15 02:16 . 2008-12-15 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-12-15 02:16 . 2008-12-15 02:16 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-12-14 23:52 . 2008-12-14 23:52 <REP> d-------- C:\Documents and Settings\S@D\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 23:51 . 2008-12-14 23:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 23:51 . 2008-12-03 19:52 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-12-14 23:51 . 2008-12-03 19:52 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-12-14 21:09 . 2008-12-14 21:09 <REP> d-------- C:\DCC
2008-12-14 19:44 . 2001-08-17 19:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2008-12-14 16:51 . 2008-12-14 16:51 <REP> d--hs---- C:\FOUND.002
2008-12-14 15:14 . 2004-08-19 12:09 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-12-14 15:14 . 2004-08-19 12:09 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-12-14 15:14 . 2004-08-19 11:53 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-12-14 15:14 . 2004-08-19 12:09 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-12-14 15:14 . 2004-08-19 12:09 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-12-14 15:14 . 2004-08-19 12:09 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-12-14 15:10 . 2004-08-03 18:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-12-06 22:54 . 2008-12-06 22:55 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\My Videos
2008-12-03 16:58 . 2008-12-03 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\aHisoft
2008-12-03 16:57 . 2008-12-03 16:57 <REP> d-------- C:\Program Files\aHisoft
2008-11-30 02:29 . 2008-11-30 02:29 <REP> d-------- C:\Program Files\eMule
2008-11-25 05:34 . 2008-11-25 05:34 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 22:54 5,632 --sha-w C:\Program Files\Thumbs.db
2008-11-04 23:05 --------- d-----w C:\Program Files\SuperCopier2
2008-11-03 23:57 --------- d-----w C:\Program Files\BitComet
2008-09-27 05:50 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2008-08-28 17:46 98,304 ----a-w C:\Program Files\rpshellextension.dll
.
((((((((((((((((((((((((((((( snapshot_2008-12-15_ 2.30.54.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-04-02 12:15:26 312,847 ------w C:\WINDOWS\system32\beacbadacfcdb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\beacbadacfcdb]
2006-04-02 12:15 312847 C:\WINDOWS\system32\beacbadacfcdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\S@D\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\WINDOWS\\Explorer.EXE"= C:\\WINDOWS\\explorer.exe
"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ctfmon.exe"=
"C:\\Program Files\\DAP\\DAP.EXE"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"=
"C:\\WINDOWS\\system32\\netsh.exe"=
"C:\\Documents and Settings\\S@D\\Bureau\\AVG_Anti-Virus_Pro_Plus_Firewall_8.0.138\\avg_afwt_stf_en_8_138a1332.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\WINDOWS\\system32\\cmd.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\PROGRA~1\\AVG\\AVG8\\avgscanx.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"C:\\Program Files\\CCleaner\\CCleaner.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"D:\\down\\ComboFix.exe"=
"C:\\Documents and Settings\\S@D\\Bureau\\OTMoveIt3.exe"=
"C:\\DOCUME~1\\S@D\\LOCALS~1\\Temp\\winvcky.exe"=
"C:\\DOCUME~1\\S@D\\LOCALS~1\\Temp\\windiva.exe"=
"C:\\DOCUME~1\\S@D\\LOCALS~1\\Temp\\djkff.exe"=
"C:\\Program Files\\DynDNS Updater\\DynUpPs.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-12-15 02:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-12-15 02:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 02:25]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-12-15 02:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-12-15 02:27]
R3 abp470n5;abp470n5;C:\WINDOWS\system32\drivers\ofngpk.sys []
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:20]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-15 02:25]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:55]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-12-15 02:16]
S3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 19:50]
*Newly Created Service* - ABP470N5
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-12-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\S@D\Application Data\Mozilla\Firefox\Profiles\x5hohrge.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 04:27:11
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchinjdrv]
"ImagePath"="\??\C:\DOCUME~1\S@D\LOCALS~1\Temp\mc21.tmp"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\beacbadacfcdb.dll
.
Temps d'accomplissement: 2008-12-16 4:29:56
ComboFix-quarantined-files.txt 2008-12-16 04:29:36
ComboFix4.txt 2008-12-15 10:40:16
ComboFix3.txt 2008-12-15 12:11:04
ComboFix5.txt 2008-12-16 04:22:48
ComboFix2.txt 2008-12-15 23:45:28
Pre-Run: 2,108,178,432 octets libres
Post-Run: 2,098,118,656 octets libres
187 --- E O F --- 2008-10-21 15:47:34
