Que déduire de mon scan HijackThis ?
Dernière réponse : dans Sécurité
Salut !
Voila cela fait une semaine que j'ai divers soucis sur mon PC (Windows XP Fam.), donc voici les problèmes rencontrés :
-Sous IE 6.029 J'ai des apparitions de fenêtre publicitaire (Sous Fifrefox 2 j'ai aucune problème)
-Une fenêtre : "travail hors connexion" apparaît aléatoirement...
-La barre des taches en bas a droite n'affiche plus les icônes, et bloque l'accès à mes logiciel réduit telle qu'Avast...
-L'explorer.exe redémarre subitement...
-Il mes impossible de supprimer IE je le trouve nulle par.
-Il me faut fermmer la fenêtre de WLM pour pouvoir voire les autres.
-J'ai l'impression qu'Avast ne ce met plus a jour
-Avec spybot j'ai déjà supprimé 3 fois les même malware donc je me demande si spybot fait effet.
Les malware détecter par Spybot son :
-Blue Streak
-Cassava
-Mediaplea
-Doubleclick
-Statcounter
TagASaurus
-Tradedouble
-Virtumonde
-Webt...... (désoler je ne l'ai pas noter correctement...)
-Zedo
Ce matin j'ai fait un scan HijackThis dans l'espoir que quel qu'un puisse m'aider =)
Merci et bonnes fêtes et bonne lecture ! :
Scan saved at 09:49:36, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nwurpddp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Leturnier\Bureau\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [3cd38d0e] rundll32.exe "C:\WINDOWS\system32\cqdfnrtx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Rayman3\Register\schedule.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01E49EA-4835-46EF-9E33-41A935CB32B6}: NameServer = 80.10.246.134 80.10.246.7
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\nwurpddp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5134 bytes
Voila cela fait une semaine que j'ai divers soucis sur mon PC (Windows XP Fam.), donc voici les problèmes rencontrés :
-Sous IE 6.029 J'ai des apparitions de fenêtre publicitaire (Sous Fifrefox 2 j'ai aucune problème)
-Une fenêtre : "travail hors connexion" apparaît aléatoirement...
-La barre des taches en bas a droite n'affiche plus les icônes, et bloque l'accès à mes logiciel réduit telle qu'Avast...
-L'explorer.exe redémarre subitement...
-Il mes impossible de supprimer IE je le trouve nulle par.
-Il me faut fermmer la fenêtre de WLM pour pouvoir voire les autres.
-J'ai l'impression qu'Avast ne ce met plus a jour
-Avec spybot j'ai déjà supprimé 3 fois les même malware donc je me demande si spybot fait effet.
Les malware détecter par Spybot son :
-Blue Streak
-Cassava
-Mediaplea
-Doubleclick
-Statcounter
TagASaurus
-Tradedouble
-Virtumonde
-Webt...... (désoler je ne l'ai pas noter correctement...)
-Zedo
Ce matin j'ai fait un scan HijackThis dans l'espoir que quel qu'un puisse m'aider =)
Merci et bonnes fêtes et bonne lecture ! :
Citation :
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:49:36, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nwurpddp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Leturnier\Bureau\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [3cd38d0e] rundll32.exe "C:\WINDOWS\system32\cqdfnrtx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Rayman3\Register\schedule.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01E49EA-4835-46EF-9E33-41A935CB32B6}: NameServer = 80.10.246.134 80.10.246.7
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\nwurpddp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5134 bytes
Autres pages sur : deduire scan hijackthis
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Voici le rapport :
ComboFix 07-12-16.3 - Leturnier 2007-12-16 13:14:09.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 1:00]
Running from: C:\Documents and Settings\Leturnier\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Leturnier\ravmonlog
C:\WINDOWS\system32\bxsgvahk.dll
C:\WINDOWS\system32\cqdfnrtx.dll
C:\WINDOWS\system32\ehywptts.dll
C:\WINDOWS\system32\fwtjcrtk.dll
C:\WINDOWS\system32\gfhldsdc.exe
C:\WINDOWS\system32\gvfbfnyv.dll
C:\WINDOWS\system32\inxklkti.exe
C:\WINDOWS\system32\kdkehwst.exe
C:\WINDOWS\system32\ktrcjtwf.ini
C:\WINDOWS\system32\ldyxbpvi.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mpqalpka.exe
C:\WINDOWS\system32\nrtcgldw.dll
C:\WINDOWS\system32\nwurpddp.exe
C:\WINDOWS\system32\pvwrrqlm.exe
C:\WINDOWS\system32\pwkaxtfy.exe
C:\WINDOWS\system32\rcamyfui.exe
C:\WINDOWS\system32\ssqnmki.dll
C:\WINDOWS\system32\tjatlwjx.exe
C:\WINDOWS\system32\vynfbfvg.ini
C:\WINDOWS\system32\wffayafk.dll
C:\WINDOWS\system32\xtrnfdqc.ini
C:\WINDOWS\system32\yggkxmro.dll
C:\WINDOWS\system32\ymrchsbj.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
.
2007-12-15 09:41 . 2007-12-15 09:41 <REP> d-------- C:\Muffin
2007-12-15 09:41 . 2007-12-15 09:41 <REP> d-------- C:\Documents and Settings\Leturnier\Muffin
2007-12-15 08:12 . 2007-12-15 08:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-15 07:50 . 2007-01-20 10:26 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-15 07:50 . 2007-12-16 09:23 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-15 07:50 . 2007-01-20 11:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-14 16:07 . 2007-12-14 16:07 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-12 16:10 . 2007-12-13 18:28 930,789 ---hs---- C:\WINDOWS\system32\oyajpsps.ini
2007-12-12 14:05 . 2007-12-12 16:02 835,660 ---hs---- C:\WINDOWS\system32\ddxetxgq.ini
2007-12-11 13:59 . 2007-12-12 14:02 835,540 ---hs---- C:\WINDOWS\system32\ilkwvhxy.ini
2007-12-09 15:59 . 2007-12-11 13:56 835,120 ---hs---- C:\WINDOWS\system32\fjqomcpi.ini
2007-12-08 15:50 . 2007-12-09 15:50 774 ---hs---- C:\WINDOWS\system32\nvbvqynd.ini
2007-12-08 11:39 . 2007-12-08 11:39 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-08 09:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-08 09:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-08 09:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-06 18:24 . 2007-12-06 18:24 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-06 18:23 . 2007-12-07 16:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 11:34 . 2007-12-04 11:34 58 --a------ C:\WINDOWS\presntr.ini
2007-12-01 10:04 . 2007-12-10 18:10 <REP> d-------- C:\Program Files\Delirium
2007-12-01 09:48 . 2007-12-01 09:52 <REP> d-------- C:\Program Files\BaktiNet
2007-12-01 09:00 . 2007-12-01 09:00 <REP> d-------- C:\Program Files\Mr Stumps Dentures
2007-11-23 16:04 . 2007-11-23 16:04 <REP> d-------- C:\Program Files\HIP GAMES
2007-11-18 15:45 . 2007-11-18 15:45 <REP> d-------- C:\Program Files\Magic FPS
2007-11-16 18:14 . 2007-11-16 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 11:55 --------- d-----w C:\Program Files\Wanadoo
2007-12-11 18:08 --------- d-----w C:\Program Files\JS Star
2007-12-07 17:22 --------- d-----w C:\Program Files\MSN Messenger
2007-12-05 10:07 --------- d-----w C:\Program Files\Super Mario Bros Classic
2007-11-23 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 17:41 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:51 --------- d-----w C:\Program Files\DDS Converter 2
2007-11-04 19:10 --------- d-----w C:\Program Files\The Game Creators
2007-10-28 17:12 --------- d-----w C:\Program Files\Slayers Online
2007-10-21 07:58 --------- d-----w C:\Program Files\Creative
2007-10-21 07:45 --------- d-----w C:\Program Files\Eidos Interactive
2007-07-09 16:17 62,040 ----a-w C:\Documents and Settings\Leturnier\Application Data\GDIPFONTCACHEV1.DAT
2007-05-13 10:06 357 ----a-w C:\Documents and Settings\Leturnier\.cb_layout.bin
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop@@.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoToolbarsOnTaskbar"= 0 (0x0)
"NoTrayItemsDisplay"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 13:19:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 13:21:00 - machine was rebooted
.
2007-12-12 21:15:19 --- E O F ---
ComboFix 07-12-16.3 - Leturnier 2007-12-16 13:14:09.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.657 [GMT 1:00]
Running from: C:\Documents and Settings\Leturnier\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Leturnier\ravmonlog
C:\WINDOWS\system32\bxsgvahk.dll
C:\WINDOWS\system32\cqdfnrtx.dll
C:\WINDOWS\system32\ehywptts.dll
C:\WINDOWS\system32\fwtjcrtk.dll
C:\WINDOWS\system32\gfhldsdc.exe
C:\WINDOWS\system32\gvfbfnyv.dll
C:\WINDOWS\system32\inxklkti.exe
C:\WINDOWS\system32\kdkehwst.exe
C:\WINDOWS\system32\ktrcjtwf.ini
C:\WINDOWS\system32\ldyxbpvi.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mpqalpka.exe
C:\WINDOWS\system32\nrtcgldw.dll
C:\WINDOWS\system32\nwurpddp.exe
C:\WINDOWS\system32\pvwrrqlm.exe
C:\WINDOWS\system32\pwkaxtfy.exe
C:\WINDOWS\system32\rcamyfui.exe
C:\WINDOWS\system32\ssqnmki.dll
C:\WINDOWS\system32\tjatlwjx.exe
C:\WINDOWS\system32\vynfbfvg.ini
C:\WINDOWS\system32\wffayafk.dll
C:\WINDOWS\system32\xtrnfdqc.ini
C:\WINDOWS\system32\yggkxmro.dll
C:\WINDOWS\system32\ymrchsbj.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
.
2007-12-15 09:41 . 2007-12-15 09:41 <REP> d-------- C:\Muffin
2007-12-15 09:41 . 2007-12-15 09:41 <REP> d-------- C:\Documents and Settings\Leturnier\Muffin
2007-12-15 08:12 . 2007-12-15 08:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-15 07:50 . 2007-01-20 10:26 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-15 07:50 . 2007-12-16 09:23 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-15 07:50 . 2007-01-20 11:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-15 07:50 . 2007-01-20 11:22 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-14 16:07 . 2007-12-14 16:07 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-12 16:10 . 2007-12-13 18:28 930,789 ---hs---- C:\WINDOWS\system32\oyajpsps.ini
2007-12-12 14:05 . 2007-12-12 16:02 835,660 ---hs---- C:\WINDOWS\system32\ddxetxgq.ini
2007-12-11 13:59 . 2007-12-12 14:02 835,540 ---hs---- C:\WINDOWS\system32\ilkwvhxy.ini
2007-12-09 15:59 . 2007-12-11 13:56 835,120 ---hs---- C:\WINDOWS\system32\fjqomcpi.ini
2007-12-08 15:50 . 2007-12-09 15:50 774 ---hs---- C:\WINDOWS\system32\nvbvqynd.ini
2007-12-08 11:39 . 2007-12-08 11:39 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-08 09:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-08 09:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-08 09:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-06 18:24 . 2007-12-06 18:24 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-06 18:23 . 2007-12-07 16:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 11:34 . 2007-12-04 11:34 58 --a------ C:\WINDOWS\presntr.ini
2007-12-01 10:04 . 2007-12-10 18:10 <REP> d-------- C:\Program Files\Delirium
2007-12-01 09:48 . 2007-12-01 09:52 <REP> d-------- C:\Program Files\BaktiNet
2007-12-01 09:00 . 2007-12-01 09:00 <REP> d-------- C:\Program Files\Mr Stumps Dentures
2007-11-23 16:04 . 2007-11-23 16:04 <REP> d-------- C:\Program Files\HIP GAMES
2007-11-18 15:45 . 2007-11-18 15:45 <REP> d-------- C:\Program Files\Magic FPS
2007-11-16 18:14 . 2007-11-16 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 11:55 --------- d-----w C:\Program Files\Wanadoo
2007-12-11 18:08 --------- d-----w C:\Program Files\JS Star
2007-12-07 17:22 --------- d-----w C:\Program Files\MSN Messenger
2007-12-05 10:07 --------- d-----w C:\Program Files\Super Mario Bros Classic
2007-11-23 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 17:41 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:51 --------- d-----w C:\Program Files\DDS Converter 2
2007-11-04 19:10 --------- d-----w C:\Program Files\The Game Creators
2007-10-28 17:12 --------- d-----w C:\Program Files\Slayers Online
2007-10-21 07:58 --------- d-----w C:\Program Files\Creative
2007-10-21 07:45 --------- d-----w C:\Program Files\Eidos Interactive
2007-07-09 16:17 62,040 ----a-w C:\Documents and Settings\Leturnier\Application Data\GDIPFONTCACHEV1.DAT
2007-05-13 10:06 357 ----a-w C:\Documents and Settings\Leturnier\.cb_layout.bin
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop@@.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 C:\WINDOWS\system32\rundll32.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoToolbarsOnTaskbar"= 0 (0x0)
"NoTrayItemsDisplay"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\F:\NTGLM7X.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 13:19:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 13:21:00 - machine was rebooted
.
2007-12-12 21:15:19 --- E O F ---
Le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:59, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Leturnier\Bureau\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Rayman3\Register\schedule.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01E49EA-4835-46EF-9E33-41A935CB32B6}: NameServer = 80.10.246.134 80.10.246.7
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5153 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:59, on 17/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Leturnier\Bureau\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Rayman3\Register\schedule.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E01E49EA-4835-46EF-9E33-41A935CB32B6}: NameServer = 80.10.246.134 80.10.246.7
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5153 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Voila J'ai installé Antivir. Mon premier rapport :
AntiVir PersonalEdition Classic
Report file date: lundi 17 décembre 2007 22:35
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Leturnier
Computer name: LETURNIE-BC85D1
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 17 décembre 2007 22:35
The scan of running processes will be started
Scan process 'control.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\WINDOWS\system32'
End of the scan: lundi 17 décembre 2007 22:36
Used time: 01:22 min
The scan has been done completely.
180 Scanning directories
6274 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
6274 Files not concerned
4 Archives were scanned
0 Warnings
0 Notes
Mon problème de barre des tache perciste... Les autres ce sont apparament aranger. Merci.
AntiVir PersonalEdition Classic
Report file date: lundi 17 décembre 2007 22:35
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Leturnier
Computer name: LETURNIE-BC85D1
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 17 décembre 2007 22:35
The scan of running processes will be started
Scan process 'control.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\WINDOWS\system32'
End of the scan: lundi 17 décembre 2007 22:36
Used time: 01:22 min
The scan has been done completely.
180 Scanning directories
6274 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
6274 Files not concerned
4 Archives were scanned
0 Warnings
0 Notes
Mon problème de barre des tache perciste... Les autres ce sont apparament aranger. Merci.
On va faire une vérification :
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
Lassé par la pub ? Créez un compte
