Mes jeux se ferment tout seuls

seb--boss

31 Décembre 2007 11:08:51

Bonjour,
Voila mon problème est que quand je démarre un jeux il s'ouvre correctement et au bout de 5-10min il se ferme et je reviens sur le bureau.
A Quoi est-ce dût??

Autres pages sur : jeux ferment seuls

| Etre averti des réponses
| Alerter

Répondre à seb--boss

Angeldark

31 Décembre 2007 11:11:16

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

| Alerter

Répondre à Angeldark

seb--boss

31 Décembre 2007 11:36:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:37, on 31/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\xkacierx.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\yoxiagzm.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [50ead19c] rundll32.exe "C:\WINDOWS\System32\hloaudsb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00BDF8.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\xkacierx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 6545 bytes

| Alerter

Répondre à seb--boss

Angeldark

31 Décembre 2007 11:49:56

Re,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

| Alerter

Répondre à Angeldark

seb--boss

31 Décembre 2007 13:39:41

VundoFix V6.7.7

Checking Java version...

Scan started at 12:53:46 31/12/2007

Listing files found while scanning....

C:\windows\system32\__c00AAB76.dat
C:\windows\system32\__c00BA3EF.dat
C:\windows\system32\__c00BDF8.dat
C:\windows\system32\__c00C9404.dat
C:\windows\system32\avhvpatc.dll
C:\WINDOWS\system32\bcwctwlf.dll
C:\WINDOWS\system32\bqypriej.exe
C:\WINDOWS\system32\bsduaolh.ini
C:\WINDOWS\system32\eeiwyyve.dll
C:\WINDOWS\system32\egmtfgbd.dll
C:\WINDOWS\system32\ercgwvrt.exe
C:\WINDOWS\system32\fdjrnuwo.exe
C:\WINDOWS\system32\fonbcnxh.dll
C:\WINDOWS\system32\gwhhkpix.dll
C:\WINDOWS\system32\hgmdpbaa.exe
C:\WINDOWS\system32\hloaudsb.dll
C:\WINDOWS\system32\iifggda.dll
C:\WINDOWS\system32\iufocxfl.dll
C:\WINDOWS\system32\iujvvevk.exe
C:\WINDOWS\system32\jaouekky.dll
C:\WINDOWS\system32\jgtflwsl.dll
C:\WINDOWS\system32\jikqbhbe.exe
C:\WINDOWS\system32\klodxvpu.dll
C:\WINDOWS\system32\krosbyue.dll
C:\WINDOWS\system32\mttxsavo.exe
C:\WINDOWS\system32\ncjpfdfn.exe
C:\WINDOWS\system32\nlhibqdy.exe
C:\WINDOWS\system32\nmxtgnud.dll
C:\windows\system32\nnnmp.ini
C:\windows\system32\nnnmp.ini2
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\qadqcwfc.dll
C:\WINDOWS\system32\qgotpcvh.exe
C:\WINDOWS\system32\qgskmrbl.dll
C:\WINDOWS\system32\qhgiwuwx.exe
C:\WINDOWS\system32\qlasrisl.dll
C:\WINDOWS\system32\qwdujiwn.exe
C:\WINDOWS\system32\rhduifwf.exe
C:\WINDOWS\system32\rhmggoxu.dll
C:\WINDOWS\system32\riqtycoq.exe
C:\WINDOWS\system32\rmiakhxp.dll
C:\WINDOWS\system32\rrogsjjm.dll
C:\WINDOWS\system32\sdwquwfj.exe
C:\windows\system32\sjfnikgl.dll
C:\windows\system32\smnlldth.dll
C:\WINDOWS\system32\tfnlowja.exe
C:\WINDOWS\system32\ucghrcrd.exe
C:\WINDOWS\system32\ufbrhfpu.exe
C:\WINDOWS\system32\uxufsipp.dll
C:\WINDOWS\system32\vnudvgca.exe
C:\WINDOWS\system32\vqewslsk.exe
C:\WINDOWS\system32\vrdfiwhq.dll
C:\WINDOWS\system32\wsknowos.dll
C:\WINDOWS\system32\xbigurgp.dll
C:\WINDOWS\system32\xfdpmpci.dll
C:\WINDOWS\system32\xkacierx.exe
C:\WINDOWS\system32\xxyywtq.dll
C:\WINDOWS\System32\yoxiagzm.dll
C:\windows\system32\yoxiagzm.dllbox
C:\WINDOWS\system32\yqlkhgvl.dll
C:\windows\system32\yxsuakxd.dll

Beginning removal...

Attempting to delete C:\windows\system32\__c00AAB76.dat
C:\windows\system32\__c00AAB76.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00BA3EF.dat
C:\windows\system32\__c00BA3EF.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00BDF8.dat
C:\windows\system32\__c00BDF8.dat Has been deleted!

Attempting to delete C:\windows\system32\__c00C9404.dat
C:\windows\system32\__c00C9404.dat Has been deleted!

Attempting to delete C:\windows\system32\avhvpatc.dll
C:\windows\system32\avhvpatc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcwctwlf.dll
C:\WINDOWS\system32\bcwctwlf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bqypriej.exe
C:\WINDOWS\system32\bqypriej.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bsduaolh.ini
C:\WINDOWS\system32\bsduaolh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eeiwyyve.dll
C:\WINDOWS\system32\eeiwyyve.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\egmtfgbd.dll
C:\WINDOWS\system32\egmtfgbd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ercgwvrt.exe
C:\WINDOWS\system32\ercgwvrt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fdjrnuwo.exe
C:\WINDOWS\system32\fdjrnuwo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fonbcnxh.dll
C:\WINDOWS\system32\fonbcnxh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gwhhkpix.dll
C:\WINDOWS\system32\gwhhkpix.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgmdpbaa.exe
C:\WINDOWS\system32\hgmdpbaa.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hloaudsb.dll
C:\WINDOWS\system32\hloaudsb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifggda.dll
C:\WINDOWS\system32\iifggda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iufocxfl.dll
C:\WINDOWS\system32\iufocxfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iujvvevk.exe
C:\WINDOWS\system32\iujvvevk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jaouekky.dll
C:\WINDOWS\system32\jaouekky.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jgtflwsl.dll
C:\WINDOWS\system32\jgtflwsl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jikqbhbe.exe
C:\WINDOWS\system32\jikqbhbe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\klodxvpu.dll
C:\WINDOWS\system32\klodxvpu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\krosbyue.dll
C:\WINDOWS\system32\krosbyue.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mttxsavo.exe
C:\WINDOWS\system32\mttxsavo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ncjpfdfn.exe
C:\WINDOWS\system32\ncjpfdfn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nlhibqdy.exe
C:\WINDOWS\system32\nlhibqdy.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmxtgnud.dll
C:\WINDOWS\system32\nmxtgnud.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnmp.ini
C:\windows\system32\nnnmp.ini Has been deleted!

Attempting to delete C:\windows\system32\nnnmp.ini2
C:\windows\system32\nnnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qadqcwfc.dll
C:\WINDOWS\system32\qadqcwfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgotpcvh.exe
C:\WINDOWS\system32\qgotpcvh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgskmrbl.dll
C:\WINDOWS\system32\qgskmrbl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qhgiwuwx.exe
C:\WINDOWS\system32\qhgiwuwx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qlasrisl.dll
C:\WINDOWS\system32\qlasrisl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qwdujiwn.exe
C:\WINDOWS\system32\qwdujiwn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rhduifwf.exe
C:\WINDOWS\system32\rhduifwf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rhmggoxu.dll
C:\WINDOWS\system32\rhmggoxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\riqtycoq.exe
C:\WINDOWS\system32\riqtycoq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rmiakhxp.dll
C:\WINDOWS\system32\rmiakhxp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrogsjjm.dll
C:\WINDOWS\system32\rrogsjjm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdwquwfj.exe
C:\WINDOWS\system32\sdwquwfj.exe Has been deleted!

Attempting to delete C:\windows\system32\sjfnikgl.dll
C:\windows\system32\sjfnikgl.dll Has been deleted!

Attempting to delete C:\windows\system32\smnlldth.dll
C:\windows\system32\smnlldth.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tfnlowja.exe
C:\WINDOWS\system32\tfnlowja.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ucghrcrd.exe
C:\WINDOWS\system32\ucghrcrd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ufbrhfpu.exe
C:\WINDOWS\system32\ufbrhfpu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\uxufsipp.dll
C:\WINDOWS\system32\uxufsipp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vnudvgca.exe
C:\WINDOWS\system32\vnudvgca.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vqewslsk.exe
C:\WINDOWS\system32\vqewslsk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vrdfiwhq.dll
C:\WINDOWS\system32\vrdfiwhq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wsknowos.dll
C:\WINDOWS\system32\wsknowos.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbigurgp.dll
C:\WINDOWS\system32\xbigurgp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xfdpmpci.dll
C:\WINDOWS\system32\xfdpmpci.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xkacierx.exe
C:\WINDOWS\system32\xkacierx.exe Could not be deleted.

Attempting to delete C:\WINDOWS\system32\xxyywtq.dll
C:\WINDOWS\system32\xxyywtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\yoxiagzm.dll
C:\WINDOWS\System32\yoxiagzm.dll Has been deleted!

Attempting to delete C:\windows\system32\yoxiagzm.dllbox
C:\windows\system32\yoxiagzm.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\yqlkhgvl.dll
C:\WINDOWS\system32\yqlkhgvl.dll Has been deleted!

Attempting to delete C:\windows\system32\yxsuakxd.dll
C:\windows\system32\yxsuakxd.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xkacierx.exe
C:\WINDOWS\system32\xkacierx.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:27, on 31/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\xkacierx.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE76B889-8DB3-41F1-963D-2FF6933F6EAB} - C:\WINDOWS\System32\pmnnn.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [50ead19c] rundll32.exe "C:\WINDOWS\System32\hloaudsb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00BDF8.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\xkacierx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 7306 bytes

| Alerter

Répondre à seb--boss

Angeldark

31 Décembre 2007 13:41:12

Re,

On continue le travail.

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

| Alerter

Répondre à Angeldark

seb--boss

31 Décembre 2007 16:17:01

ComboFix 07-12-31.4 - Propriétaire 2007-12-31 17:10:10.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.184 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Mes documents\CFScript.txt
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Invité\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Invité\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Invité\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free
C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\Install_MessengerSkinner.zip
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\seb-6022@hotmail.fr\funnyfacy\007PT.gif
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\seb-6022@hotmail.fr\funnyfacy\007PU.gif
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\seb-6022@hotmail.fr\funnyfacy\007PV.gif
C:\Documents and Settings\Propriétaire\Application Data\MessengerSkinner\Userdata\seb-6022@hotmail.fr\funnyfacy\funnyfacy.html
C:\Documents and Settings\Propriétaire\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Propriétaire\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Propriétaire\Favoris\Online Security Guide.lnk
C:\Program Files\Fichiers communs\drivecleaner free
C:\Program Files\messengerskinner
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\webhancer
C:\Program Files\webhancer\whAgent_update.exe
C:\WINDOWS\b.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Help\access.cni
C:\WINDOWS\Help\access.hp
C:\WINDOWS\Help\mwrem.cin
C:\WINDOWS\Help\verifier.hp
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\nview.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\sys.log
C:\WINDOWS\system32\baeqydzp.dat
C:\WINDOWS\system32\baeqydzp.exe
C:\WINDOWS\system32\baeqydzp_nav.dat
C:\WINDOWS\system32\baeqydzp_navps.dat
C:\WINDOWS\system32\bkyitwer.ini
C:\WINDOWS\system32\bqlcbnxpa.dat
C:\WINDOWS\system32\bqlcbnxpa.exe
C:\WINDOWS\system32\bqlcbnxpa_nav.dat
C:\WINDOWS\system32\bqlcbnxpa_navps.dat
C:\WINDOWS\system32\ctsvswyi.ini
C:\WINDOWS\system32\drivers\atmapi.sys
C:\WINDOWS\system32\dtppyhbe.ini
C:\WINDOWS\system32\fbyqiquf.ini
C:\WINDOWS\system32\goptsvas.ini
C:\WINDOWS\system32\jiqkybxk.ini
C:\WINDOWS\system32\lwgljoyr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\moldqiyh.ini
C:\WINDOWS\system32\mstsdsc.exe
C:\WINDOWS\system32\myhqfosw.ini
C:\WINDOWS\system32\nsd8.dll
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\pgrugibx.ini
C:\WINDOWS\system32\pmltsxqx.ini
C:\WINDOWS\system32\pplwjfw.dat
C:\WINDOWS\system32\pplwjfw.exe
C:\WINDOWS\system32\pplwjfw_nav.dat
C:\WINDOWS\system32\pplwjfw_navps.dat
C:\WINDOWS\system32\qoppoxodz.dat
C:\WINDOWS\system32\qoppoxodz.exe
C:\WINDOWS\system32\qoppoxodz_nav.dat
C:\WINDOWS\system32\qoppoxodz_navps.dat
C:\WINDOWS\system32\rqntafos.ini
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\syvghkem.ini
C:\WINDOWS\system32\tiuiepko.ini
C:\WINDOWS\system32\tmwsock.dll
C:\WINDOWS\system32\udioohdg.ini
C:\WINDOWS\system32\wnxstlhy.ini
C:\WINDOWS\system32\xcoqxxns.ini
C:\WINDOWS\system32\xkacierx.exe
C:\WINDOWS\system32\xljphpsw.ini
C:\WINDOWS\system32\ykkeuoaj.ini
C:\WINDOWS\system32\yskingyq.ini
C:\WINDOWS\system32\yugsmhvb.dll
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
.

2007-12-31 17:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 12:53 . 2007-12-31 14:34 <REP> d-------- C:\VundoFix Backups
2007-12-31 12:35 . 2007-12-31 12:35 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 18:42 . 2007-12-30 18:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 18:42 . 2007-12-30 18:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 16:29 . 2007-12-30 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-30 16:29 . 2007-12-30 16:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-29 14:27 . 2007-12-29 14:27 <REP> d-------- C:\Program Files\Disney Interactive Studios
2007-12-29 14:27 . 2007-12-29 14:29 1,374 --a------ C:\WINDOWS\disney.ini
2007-12-28 21:06 . 2007-12-29 14:27 204 --a------ C:\WINDOWS\disneysy.ini
2007-12-27 11:45 . 2007-12-27 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-26 19:15 . 2007-12-29 14:30 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 19:11 . 2007-12-26 19:13 <REP> d-------- C:\Program Files\Microsoft Games
2007-12-26 19:11 . 1997-07-06 21:22 756,736 --------- C:\WINDOWS\system32\ir41_32.dll
2007-12-26 17:28 . 2007-12-26 17:28 <REP> d-------- C:\Program Files\iTunes
2007-12-26 17:28 . 2007-12-26 17:28 <REP> d-------- C:\Program Files\iPod
2007-12-26 17:27 . 2007-12-26 17:27 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-26 17:27 . 2007-12-26 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-26 17:27 . 2007-12-26 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-18 18:25 . 2007-12-18 18:27 <REP> d-------- C:\Program Files\Dofus
2007-12-16 15:34 . 2007-12-18 17:47 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-16 15:34 . 2007-12-26 18:05 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 12:20 . 2007-12-09 12:23 <REP> d-------- C:\Program Files\eMule
2007-12-08 17:18 . 2007-12-08 17:18 <REP> d-------- C:\Sierra
2007-12-07 20:02 . 2007-12-07 20:02 <REP> d-------- C:\WINDOWS\veille teck Uninstaller
2007-12-07 20:02 . 2007-07-21 14:52 903,168 --a------ C:\WINDOWS\veille teck.scr
2007-12-07 20:02 . 2007-07-21 14:53 495,104 --a------ C:\WINDOWS\veille teck.exe
2007-12-07 20:02 . 2006-11-04 22:42 161,078 --a------ C:\WINDOWS\veille teck.bmp
2007-12-07 20:02 . 2007-11-10 12:45 115,864 --a------ C:\WINDOWS\veille teck.swf
2007-12-07 20:02 . 2006-11-12 18:55 23,558 --a------ C:\WINDOWS\veille teck.ico
2007-12-07 20:02 . 2007-11-10 12:46 676 --a------ C:\WINDOWS\veille teck.c3
2007-12-07 20:02 . 2007-11-10 12:46 676 --a------ C:\WINDOWS\veille teck.c1
2007-12-07 20:02 . 2006-10-24 18:06 639 --a------ C:\WINDOWS\veille teck.c4
2007-12-07 20:02 . 2006-10-08 20:33 0 --a------ C:\WINDOWS\veille teck.ini
2007-12-07 15:40 . 2007-12-07 21:13 <REP> d-------- C:\Program Files\Java
2007-12-07 15:40 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-07 15:39 . 2007-12-07 15:39 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-11-21 18:10 . 2002-08-29 11:45 286,720 --a------ C:\WINDOWS\system32\msh263.drv
2007-11-21 18:10 . 2002-08-29 11:45 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-11-21 18:10 . 2002-08-29 11:45 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-11-21 18:10 . 2001-08-23 17:47 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-11-21 18:10 . 2001-08-23 17:47 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2007-11-21 18:10 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-11-21 18:10 . 2001-08-23 17:47 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2007-11-18 09:51 . 2007-11-18 09:51 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-18 09:49 . 2007-11-18 09:49 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-18 09:48 . 2007-11-18 09:48 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-11-16 17:51 . 2007-12-21 18:20 <REP> d-------- C:\Program Files\LimeWire
2007-11-07 15:53 . 2007-11-07 15:53 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-11-06 13:55 . 2007-11-06 13:55 132,608 --a------ C:\WINDOWS\mirra7.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 16:13 --------- d-----w C:\Program Files\Wanadoo
2007-12-30 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 15:29 --------- d-----w C:\Program Files\Lavasoft
2007-12-29 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 18:28 --------- d-----w C:\Program Files\Commandos II
2007-12-26 16:27 --------- d-----w C:\Program Files\QuickTime
2007-12-23 12:41 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-12-23 12:41 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-12-23 12:41 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-11-21 17:10 45,888 ----a-w C:\WINDOWS\system32\drivers\PhTVTune.sys
2007-11-21 17:10 345,024 ----a-w C:\WINDOWS\system32\drivers\Cap7134.sys
2007-11-21 17:10 135,168 ----a-w C:\WINDOWS\system32\34api.dll
2007-11-21 17:10 110,592 ----a-w C:\WINDOWS\system32\34com.dll
2007-11-18 16:46 278,540 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-18 16:41 25,214 ----a-w C:\Program Files\B.ico
2007-11-18 16:41 25,214 ----a-w C:\Program Files\A.ico
2007-11-07 14:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 12:55 561,152 ----a-w C:\WINDOWS\system32\user32.dll
2007-10-22 17:04 52,224 ----a-w C:\WINDOWS\cm.exe
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-03 16:36 275,456 ----a-w C:\WINDOWS\system32\mtampuv.exe
2007-09-29 06:26 335,360 ----a-w C:\WINDOWS\system32\qegzlnriz.exe
2007-09-28 16:19 140,288 ----a-w C:\WINDOWS\oyster.exe
2007-09-27 17:41 337,920 ----a-w C:\WINDOWS\system32\siybkwotbi.exe
2007-09-26 16:40 330,752 ----a-w C:\WINDOWS\system32\efcuben.exe
2007-09-19 14:18 266,240 ----a-w C:\WINDOWS\system32\oqskzs.exe
2007-09-16 15:08 335,360 ----a-w C:\WINDOWS\system32\bifyjraufe.exe
2007-09-15 11:36 328,704 ----a-w C:\WINDOWS\system32\ftlarviilc.exe
2007-09-15 07:52 334,848 ----a-w C:\WINDOWS\system32\bqocgtrdb.exe
2007-09-13 17:30 345,088 ----a-w C:\WINDOWS\system32\fwccinzt.exe
2007-09-07 19:01 273,920 ----a-w C:\WINDOWS\system32\jnhher.exe
2007-09-07 18:56 8,704 ----a-w C:\WINDOWS\system32\sporder.dll
2007-09-04 09:46 275,968 ----a-w C:\WINDOWS\system32\lgwknhn.exe
2007-09-03 08:15 336,896 ----a-w C:\WINDOWS\system32\lzcovfwwt.exe
2007-09-02 09:55 334,336 ----a-w C:\WINDOWS\system32\iqzeixxpby.exe
2007-05-01 08:31 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
Infected C:\WINDOWS\system32\user32.dll hex repaired

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-30 13:00 13312]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2002-08-20 15:08 1511453]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-17 15:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 21:10 344064]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"50ead19c"="C:\WINDOWS\System32\hloaudsb.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-30 13:00 13312]

R3 Cap7134;AVerMedia, AVerTV WDM Video Capture (Silicon);C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2007-11-21 18:10]
R3 PhTVTune;Cap7134 TVTuner;C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2007-11-21 18:10]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-30 13:00]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-05-12 16:20]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-26 16:27:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 17:13:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 17:15:16 - machine was rebooted [Propri‚taire]
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 16:15:14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:35, on 31/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [50ead19c] rundll32.exe "C:\WINDOWS\System32\hloaudsb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 6579 bytes

| Alerter

Répondre à seb--boss

Angeldark

1 Janvier 2008 13:10:28

Désolé pour l'erreur de post d'hier

Tu as utilisé cette version de Combofix ?
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix...
Si ce n'est pas le cas, fais un scan avec.

| Alerter

Répondre à Angeldark

Tom's guide dans le monde