trojan commdl.dll
Dernière réponse : dans Sécurité
bonjour depuis quelque jour avast me detecte un trojan ou il me met le fichier dans c:/windows/system32/commdl.dll mais il ne peut pas le renommer ni suprimer ni deplacer rien car il est utiliser avec un processus ou autre j'ai fait des analyse avec avg antispy, windows defender, ad-aware et webroot spy qui eux n'ont rien detecter j'aimerais le supirmer moi même mais il faudrait que je sache quel processus tuer j'ai utiliser wholockme mais il ne marche pas je clique droit fait wholockme et rien du tout lol aurait-il un logiciel bien qui ferait la même chosse c'est a dire quel processus utilise le fichier que l'on veut suprimer????
merci de votre aide
merci de votre aide
Autres pages sur : trojan commdl dll
Lassé par la pub ? Créez un compte
.
Bonjour
Télécharge HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/_download/HiJac...
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/d...
Fais un scan et poste l'analyse ici.
Télécharge HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/_download/HiJac...
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/d...
Fais un scan et poste l'analyse ici.
voilà:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:33, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sysocmgr.exe
C:\Documents and Settings\alex\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsz9.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7300 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:33, on 03/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sysocmgr.exe
C:\Documents and Settings\alex\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsz9.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 7300 bytes
Plusieurs infections différentes.
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
je m'en doute il est pas super j'en cherchai un mais le plus facile c'est de trouver des antispy gratuit en même temp si tu peut me conseiller des antivirus gratuit tien je tenvoi le rapport c'etait long sa vient de terminer j'avais plus connexion direct à infos du net internet explorer c'est remit par default enfin je vous envoi le raport
combofix:
ComboFix 08-01-04.1 - alex 2008-01-03 23:10:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.190 [GMT 1:00]
Running from: C:\Documents and Settings\alex\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsz9.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 01:37 . 2008-01-03 01:37 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2008-01-02 12:54 . 2008-01-02 12:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Program Files\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\alex\Application Data\Webroot
2008-01-02 12:53 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-02 12:53 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-02 12:53 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-02 12:53 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\alex\Application Data\Grisoft
2008-01-02 12:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 11:05 . 2007-12-31 11:05 <REP> d-------- C:\Program Files\EVEREST Home Edition
2007-12-29 14:31 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\CasinoOnNet
2007-12-28 10:41 . 2007-12-28 10:41 <REP> d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2007-12-27 13:51 . 2008-01-01 00:44 <REP> d-------- C:\Program Files\Everest Poker
2007-12-27 13:47 . 2007-12-27 13:47 <REP> d-------- C:\Documents and Settings\alex\Application Data\teamspeak2
2007-12-27 13:46 . 2007-12-27 13:47 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-27 13:46 . 2007-12-27 13:46 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-26 02:11 . 19,456 C:\WINDOWS\system32\drivers\hhnbwhlj.dat
2007-12-26 02:09 . 2004-08-05 13:00 84,992 --a------ C:\WINDOWS\system32\commdl.dll
2007-12-25 23:08 . 2007-12-29 12:57 <REP> d-------- C:\Documents and Settings\alex\Application Data\GigaTribe
2007-12-25 23:03 . 2007-12-25 23:03 <REP> d-------- C:\Program Files\GigaTribe
2007-12-24 11:16 . 2007-12-24 11:16 <REP> d-------- C:\Program Files\Guitar Pro 5
2007-12-21 23:36 . 2007-12-21 23:44 <REP> d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-18 15:54 . 2007-12-18 15:54 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-18 12:41 . 2007-12-24 12:00 <REP> d-------- C:\Program Files\Azureus
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 12:03 . 2008-01-03 14:00 <REP> d-------- C:\Documents and Settings\alex\Application Data\Azureus
2007-12-14 23:39 . 2007-12-14 23:40 <REP> d-------- C:\Program Files\QuickTime
2007-12-14 23:39 . 2007-12-14 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:38 . 2007-12-14 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-13 22:24 . 2007-12-13 22:24 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2007-12-12 21:15 . 2007-12-12 21:15 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-12 21:15 . 2007-12-18 11:31 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-12 21:15 . 2008-01-03 01:22 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-12 21:15 . 2007-12-12 21:15 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-11 21:32 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\Labcenter Electronics
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 21:16 . 2007-10-31 19:34 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 21:16 . 2007-10-31 20:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 21:13 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Labcenter Electronics
2007-12-11 21:03 . 2005-10-18 17:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-11 21:03 . 2005-10-18 17:36 54,784 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-09 21:00 . 2007-12-09 21:00 <REP> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 00:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 00:25 --------- d-----w C:\Program Files\EA GAMES
2008-01-01 12:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 12:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 19:25 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-18 15:47 --------- d-----w C:\Program Files\7-Zip
2007-12-11 19:48 --------- d-----w C:\Documents and Settings\alex\Application Data\FrostWire
2007-12-09 19:34 --------- d-----w C:\Program Files\CamStudio
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-25 12:56 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-24 23:16 --------- d-----w C:\Program Files\MSN Spy 2004
2007-11-22 18:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-22 17:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 11:57 --------- d-----w C:\Program Files\DivX
2007-11-21 11:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 10:17 --------- d-----w C:\Program Files\Windows Live
2007-11-20 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-20 09:16 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-19 20:50 --------- d-----w C:\Program Files\FrostWire
2007-11-18 01:02 --------- d-----w C:\Program Files\Ubisoft
2007-11-15 21:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-11 20:46 --------- d-----w C:\Documents and Settings\alex\Application Data\Microsoft Games
2007-11-11 20:38 --------- d-----w C:\Program Files\Microsoft Games
2007-11-11 19:46 --------- d-----w C:\Program Files\softnyx
2007-11-11 19:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-06 16:37 --------- d-----w C:\Program Files\Ontrack
2007-11-06 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-05 22:28 --------- d-----w C:\Documents and Settings\alex\Application Data\Radios Media Player
2007-11-03 21:41 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2007-11-03 21:41 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2007-11-03 21:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-11-01 21:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-18 15:54 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9}]
2004-08-05 13:00 84992 --a------ C:\WINDOWS\system32\commdl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-11-01 21:44 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-01 21:44 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 21:01 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:36 3909632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Menu Démarrer^Programmes^Démarrage^Deer Hunter 2005 Registration.lnk]
path=C:\Documents and Settings\alex\Menu Démarrer\Programmes\Démarrage\Deer Hunter 2005 Registration.lnk
backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-02-10 11:51 118784 --a------ C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-02-10 11:55 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R0 yabkhbja;yabkhbja;C:\WINDOWS\system32\drivers\hhnbwhlj.dat []
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:38]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-02 22:51]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ba3f4c-9925-11dc-b208-000874a7b3d7}]
\Shell\AutoRun\command - D:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-04 22:29:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-02 11:53:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 23:27:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-04 23:36:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 22:36:12
.
2007-12-28 09:20:33 --- E O F ---
ComboFix 08-01-04.1 - alex 2008-01-03 23:10:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.190 [GMT 1:00]
Running from: C:\Documents and Settings\alex\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\nsz9.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 01:37 . 2008-01-03 01:37 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2008-01-02 12:54 . 2008-01-02 12:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Program Files\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\alex\Application Data\Webroot
2008-01-02 12:53 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-02 12:53 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-02 12:53 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-02 12:53 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\alex\Application Data\Grisoft
2008-01-02 12:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 11:05 . 2007-12-31 11:05 <REP> d-------- C:\Program Files\EVEREST Home Edition
2007-12-29 14:31 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\CasinoOnNet
2007-12-28 10:41 . 2007-12-28 10:41 <REP> d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2007-12-27 13:51 . 2008-01-01 00:44 <REP> d-------- C:\Program Files\Everest Poker
2007-12-27 13:47 . 2007-12-27 13:47 <REP> d-------- C:\Documents and Settings\alex\Application Data\teamspeak2
2007-12-27 13:46 . 2007-12-27 13:47 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-27 13:46 . 2007-12-27 13:46 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-26 02:11 . 19,456 C:\WINDOWS\system32\drivers\hhnbwhlj.dat
2007-12-26 02:09 . 2004-08-05 13:00 84,992 --a------ C:\WINDOWS\system32\commdl.dll
2007-12-25 23:08 . 2007-12-29 12:57 <REP> d-------- C:\Documents and Settings\alex\Application Data\GigaTribe
2007-12-25 23:03 . 2007-12-25 23:03 <REP> d-------- C:\Program Files\GigaTribe
2007-12-24 11:16 . 2007-12-24 11:16 <REP> d-------- C:\Program Files\Guitar Pro 5
2007-12-21 23:36 . 2007-12-21 23:44 <REP> d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-18 15:54 . 2007-12-18 15:54 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-18 12:41 . 2007-12-24 12:00 <REP> d-------- C:\Program Files\Azureus
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 12:03 . 2008-01-03 14:00 <REP> d-------- C:\Documents and Settings\alex\Application Data\Azureus
2007-12-14 23:39 . 2007-12-14 23:40 <REP> d-------- C:\Program Files\QuickTime
2007-12-14 23:39 . 2007-12-14 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:38 . 2007-12-14 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-13 22:24 . 2007-12-13 22:24 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2007-12-12 21:15 . 2007-12-12 21:15 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-12 21:15 . 2007-12-18 11:31 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-12 21:15 . 2008-01-03 01:22 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-12 21:15 . 2007-12-12 21:15 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-11 21:32 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\Labcenter Electronics
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 21:16 . 2007-10-31 19:34 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 21:16 . 2007-10-31 20:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 21:13 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Labcenter Electronics
2007-12-11 21:03 . 2005-10-18 17:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-11 21:03 . 2005-10-18 17:36 54,784 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-09 21:00 . 2007-12-09 21:00 <REP> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 00:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 00:25 --------- d-----w C:\Program Files\EA GAMES
2008-01-01 12:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 12:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 19:25 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-18 15:47 --------- d-----w C:\Program Files\7-Zip
2007-12-11 19:48 --------- d-----w C:\Documents and Settings\alex\Application Data\FrostWire
2007-12-09 19:34 --------- d-----w C:\Program Files\CamStudio
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-25 12:56 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-24 23:16 --------- d-----w C:\Program Files\MSN Spy 2004
2007-11-22 18:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-22 17:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 11:57 --------- d-----w C:\Program Files\DivX
2007-11-21 11:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 10:17 --------- d-----w C:\Program Files\Windows Live
2007-11-20 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-20 09:16 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-19 20:50 --------- d-----w C:\Program Files\FrostWire
2007-11-18 01:02 --------- d-----w C:\Program Files\Ubisoft
2007-11-15 21:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-11 20:46 --------- d-----w C:\Documents and Settings\alex\Application Data\Microsoft Games
2007-11-11 20:38 --------- d-----w C:\Program Files\Microsoft Games
2007-11-11 19:46 --------- d-----w C:\Program Files\softnyx
2007-11-11 19:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-06 16:37 --------- d-----w C:\Program Files\Ontrack
2007-11-06 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-05 22:28 --------- d-----w C:\Documents and Settings\alex\Application Data\Radios Media Player
2007-11-03 21:41 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2007-11-03 21:41 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2007-11-03 21:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2007-11-01 21:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-18 15:54 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9}]
2004-08-05 13:00 84992 --a------ C:\WINDOWS\system32\commdl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-11-01 21:44 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-11-01 21:44 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 21:01 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:36 3909632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Menu Démarrer^Programmes^Démarrage^Deer Hunter 2005 Registration.lnk]
path=C:\Documents and Settings\alex\Menu Démarrer\Programmes\Démarrage\Deer Hunter 2005 Registration.lnk
backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-02-10 11:51 118784 --a------ C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-02-10 11:55 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R0 yabkhbja;yabkhbja;C:\WINDOWS\system32\drivers\hhnbwhlj.dat []
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:38]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-02 22:51]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ba3f4c-9925-11dc-b208-000874a7b3d7}]
\Shell\AutoRun\command - D:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-04 22:29:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-02 11:53:51 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 23:27:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-04 23:36:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 22:36:12
.
2007-12-28 09:20:33 --- E O F ---
hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:41, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alex\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6752 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:45:41, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\alex\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 6752 bytes
Bonjour
Copie (Ctrl+C) le texte ci-dessous :
Driver::
yabkhbja
File::
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
Folder::
C:\Program Files\Dcads Games Collection
C:\Program Files\AskSBar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt
![]()
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Copie (Ctrl+C) le texte ci-dessous :
Driver::
yabkhbja
File::
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
Folder::
C:\Program Files\Dcads Games Collection
C:\Program Files\AskSBar
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA3A4B4-DF54-47F2-979D-456C8A8BC5C9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ComboFix 08-01-04.1 - alex 2008-01-04 22:23:03.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.117 [GMT 1:00]
Running from: C:\Documents and Settings\alex\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\alex\Mes documents\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\superiorads-uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\009E637C
C:\Program Files\AskSBar\bar\Cache\009E6706
C:\Program Files\AskSBar\bar\Cache\009E6E49.bin
C:\Program Files\AskSBar\bar\Cache\009E71B4.bin
C:\Program Files\AskSBar\bar\Cache\009E757D.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Dcads Games Collection
C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Dcads Games Collection\BobAndBill.exe
C:\Program Files\Dcads Games Collection\CrazyBlocks.exe
C:\Program Files\Dcads Games Collection\Lines.exe
C:\Program Files\Dcads Games Collection\uninstall.exe
C:\Program Files\Dcads Games Collection\VideoPool.exe
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\superiorads-uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_YABKHBJA
-------\yabkhbja
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 12:24 . 2008-01-05 12:24 <REP> d-------- C:\Program Files\ToniArts
2008-01-03 23:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 01:37 . 2008-01-03 01:37 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2008-01-02 12:54 . 2008-01-02 12:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Program Files\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\alex\Application Data\Webroot
2008-01-02 12:53 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-02 12:53 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-02 12:53 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-02 12:53 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\alex\Application Data\Grisoft
2008-01-02 12:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 11:05 . 2007-12-31 11:05 <REP> d-------- C:\Program Files\EVEREST Home Edition
2007-12-29 14:31 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\CasinoOnNet
2007-12-28 10:41 . 2007-12-28 10:41 <REP> d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2007-12-27 13:51 . 2008-01-04 20:36 <REP> d-------- C:\Program Files\Everest Poker
2007-12-27 13:47 . 2007-12-27 13:47 <REP> d-------- C:\Documents and Settings\alex\Application Data\teamspeak2
2007-12-27 13:46 . 2007-12-27 13:47 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-27 13:46 . 2007-12-27 13:46 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-25 23:08 . 2007-12-29 12:57 <REP> d-------- C:\Documents and Settings\alex\Application Data\GigaTribe
2007-12-25 23:03 . 2007-12-25 23:03 <REP> d-------- C:\Program Files\GigaTribe
2007-12-24 11:16 . 2007-12-24 11:16 <REP> d-------- C:\Program Files\Guitar Pro 5
2007-12-21 23:36 . 2007-12-21 23:44 <REP> d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-18 12:41 . 2007-12-24 12:00 <REP> d-------- C:\Program Files\Azureus
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 12:03 . 2008-01-05 12:42 <REP> d-------- C:\Documents and Settings\alex\Application Data\Azureus
2007-12-14 23:39 . 2007-12-14 23:40 <REP> d-------- C:\Program Files\QuickTime
2007-12-14 23:39 . 2007-12-14 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:38 . 2007-12-14 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-13 22:24 . 2007-12-13 22:24 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2007-12-11 21:32 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\Labcenter Electronics
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 21:16 . 2007-10-31 19:34 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 21:16 . 2007-10-31 20:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 21:13 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Labcenter Electronics
2007-12-11 21:03 . 2005-10-18 17:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-11 21:03 . 2005-10-18 17:36 54,784 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-09 21:00 . 2007-12-09 21:00 <REP> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:42 --------- d-----w C:\Documents and Settings\alex\Application Data\FrostWire
2008-01-05 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 11:36 --------- d-----w C:\Program Files\EA GAMES
2008-01-01 12:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 12:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 19:25 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-18 15:47 --------- d-----w C:\Program Files\7-Zip
2007-12-09 19:34 --------- d-----w C:\Program Files\CamStudio
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-25 12:56 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-24 23:16 --------- d-----w C:\Program Files\MSN Spy 2004
2007-11-22 18:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-22 17:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 11:57 --------- d-----w C:\Program Files\DivX
2007-11-21 11:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 10:17 --------- d-----w C:\Program Files\Windows Live
2007-11-20 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-20 09:16 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-19 20:50 --------- d-----w C:\Program Files\FrostWire
2007-11-18 01:02 --------- d-----w C:\Program Files\Ubisoft
2007-11-15 21:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-11 20:46 --------- d-----w C:\Documents and Settings\alex\Application Data\Microsoft Games
2007-11-11 20:38 --------- d-----w C:\Program Files\Microsoft Games
2007-11-11 19:46 --------- d-----w C:\Program Files\softnyx
2007-11-11 19:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-06 16:37 --------- d-----w C:\Program Files\Ontrack
2007-11-06 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-05 22:28 --------- d-----w C:\Documents and Settings\alex\Application Data\Radios Media Player
2007-11-03 21:41 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2007-11-03 21:41 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2007-11-03 21:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:36 3909632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Menu Démarrer^Programmes^Démarrage^Deer Hunter 2005 Registration.lnk]
path=C:\Documents and Settings\alex\Menu Démarrer\Programmes\Démarrage\Deer Hunter 2005 Registration.lnk
backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-02-10 11:51 118784 --a------ C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-02-10 11:55 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:38]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-02 22:51]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-04 21:45:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-05 13:00:09 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- D:\,E:\,F:\,G:
- A:\
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 22:42:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-04 22:52:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 21:51:57
ComboFix2.txt 2008-01-04 22:36:49
.
2008-01-04 22:39:11 --- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.117 [GMT 1:00]
Running from: C:\Documents and Settings\alex\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\alex\Mes documents\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\superiorads-uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\009E637C
C:\Program Files\AskSBar\bar\Cache\009E6706
C:\Program Files\AskSBar\bar\Cache\009E6E49.bin
C:\Program Files\AskSBar\bar\Cache\009E71B4.bin
C:\Program Files\AskSBar\bar\Cache\009E757D.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Dcads Games Collection
C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Dcads Games Collection\BobAndBill.exe
C:\Program Files\Dcads Games Collection\CrazyBlocks.exe
C:\Program Files\Dcads Games Collection\Lines.exe
C:\Program Files\Dcads Games Collection\uninstall.exe
C:\Program Files\Dcads Games Collection\VideoPool.exe
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\drivers\hhnbwhlj.dat
C:\WINDOWS\system32\superiorads-uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_YABKHBJA
-------\yabkhbja
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 12:24 . 2008-01-05 12:24 <REP> d-------- C:\Program Files\ToniArts
2008-01-03 23:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 01:37 . 2008-01-03 01:37 3,888 --a------ C:\WINDOWS\system32\drivers\NTHANDLE.SYS
2008-01-02 12:54 . 2008-01-02 12:54 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Program Files\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 12:53 . 2008-01-02 12:53 <REP> d-------- C:\Documents and Settings\alex\Application Data\Webroot
2008-01-02 12:53 . 2006-08-03 19:33 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-02 12:53 . 2006-08-03 19:33 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-02 12:53 . 2006-08-03 19:33 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-02 12:53 . 2006-08-03 19:33 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 12:46 . 2008-01-02 12:46 <REP> d-------- C:\Documents and Settings\alex\Application Data\Grisoft
2008-01-02 12:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 11:05 . 2007-12-31 11:05 <REP> d-------- C:\Program Files\EVEREST Home Edition
2007-12-29 14:31 . 2007-12-29 14:52 <REP> d-------- C:\Program Files\CasinoOnNet
2007-12-28 10:41 . 2007-12-28 10:41 <REP> d-------- C:\Documents and Settings\alex\Application Data\Apple Computer
2007-12-27 13:51 . 2008-01-04 20:36 <REP> d-------- C:\Program Files\Everest Poker
2007-12-27 13:47 . 2007-12-27 13:47 <REP> d-------- C:\Documents and Settings\alex\Application Data\teamspeak2
2007-12-27 13:46 . 2007-12-27 13:47 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-27 13:46 . 2007-12-27 13:46 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-25 23:08 . 2007-12-29 12:57 <REP> d-------- C:\Documents and Settings\alex\Application Data\GigaTribe
2007-12-25 23:03 . 2007-12-25 23:03 <REP> d-------- C:\Program Files\GigaTribe
2007-12-24 11:16 . 2007-12-24 11:16 <REP> d-------- C:\Program Files\Guitar Pro 5
2007-12-21 23:36 . 2007-12-21 23:44 <REP> d-------- C:\Documents and Settings\alex\Application Data\gtk-2.0
2007-12-18 12:41 . 2007-12-24 12:00 <REP> d-------- C:\Program Files\Azureus
2007-12-18 12:03 . 2007-12-18 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-18 12:03 . 2008-01-05 12:42 <REP> d-------- C:\Documents and Settings\alex\Application Data\Azureus
2007-12-14 23:39 . 2007-12-14 23:40 <REP> d-------- C:\Program Files\QuickTime
2007-12-14 23:39 . 2007-12-14 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 23:38 . 2007-12-14 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-13 22:24 . 2007-12-13 22:24 <REP> dr------- C:\Documents and Settings\NetworkService\Mes documents
2007-12-11 21:32 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Fichiers communs\Labcenter Electronics
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 21:16 . 2007-10-31 19:34 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 21:16 . 2007-10-31 20:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-11 21:16 . 2007-12-11 21:17 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 21:16 . 2007-10-31 20:28 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 21:13 . 2007-12-11 21:32 <REP> d-------- C:\Program Files\Labcenter Electronics
2007-12-11 21:03 . 2005-10-18 17:36 1,048,576 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2007-12-11 21:03 . 2005-10-18 17:36 54,784 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-12-09 21:01 . 2007-12-09 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Real
2007-12-09 21:00 . 2007-12-09 21:00 <REP> d-------- C:\Program Files\Real
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:42 --------- d-----w C:\Documents and Settings\alex\Application Data\FrostWire
2008-01-05 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 11:36 --------- d-----w C:\Program Files\EA GAMES
2008-01-01 12:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 12:17 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 19:25 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-12-18 15:47 --------- d-----w C:\Program Files\7-Zip
2007-12-09 19:34 --------- d-----w C:\Program Files\CamStudio
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-25 12:56 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-24 23:16 --------- d-----w C:\Program Files\MSN Spy 2004
2007-11-22 18:11 --------- d-----w C:\Program Files\Alcohol Soft
2007-11-22 17:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 11:57 --------- d-----w C:\Program Files\DivX
2007-11-21 11:10 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-20 10:17 --------- d-----w C:\Program Files\Windows Live
2007-11-20 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-20 09:16 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-19 20:50 --------- d-----w C:\Program Files\FrostWire
2007-11-18 01:02 --------- d-----w C:\Program Files\Ubisoft
2007-11-15 21:12 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 22:12 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-11 20:46 --------- d-----w C:\Documents and Settings\alex\Application Data\Microsoft Games
2007-11-11 20:38 --------- d-----w C:\Program Files\Microsoft Games
2007-11-11 19:46 --------- d-----w C:\Program Files\softnyx
2007-11-11 19:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-06 16:37 --------- d-----w C:\Program Files\Ontrack
2007-11-06 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-05 22:28 --------- d-----w C:\Documents and Settings\alex\Application Data\Radios Media Player
2007-11-03 21:41 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
2007-11-03 21:41 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
2007-11-03 21:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:36 3909632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^alex^Menu Démarrer^Programmes^Démarrage^Deer Hunter 2005 Registration.lnk]
path=C:\Documents and Settings\alex\Menu Démarrer\Programmes\Démarrage\Deer Hunter 2005 Registration.lnk
backup=C:\WINDOWS\pss\Deer Hunter 2005 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-05 13:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-02-10 11:51 118784 --a------ C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-02-10 11:55 155648 --a------ C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus.exe /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 01:38]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-11-02 22:51]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-04 21:45:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-05 13:00:09 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- D:\,E:\,F:\,G:
- A:\
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 22:42:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-04 22:52:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 21:51:57
ComboFix2.txt 2008-01-04 22:36:49
.
2008-01-04 22:39:11 --- E O F ---
hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:33, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\alex\Mes documents\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5799 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:33, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\alex\Mes documents\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CFA8526-6F2C-438E-B324-13B4E3D0F3D1}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 5799 bytes
Bien
Relance un scan HijackThis et coche les lignes ci-dessous :
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Comme antivirus, le plus performant actuellement est Antivir
http://www.free-av.com
et son tutorial d'installation
http://speedweb1.free.fr/frames2.php?page=tuto5
Relance un scan HijackThis et coche les lignes ci-dessous :
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Comme antivirus, le plus performant actuellement est Antivir
http://www.free-av.com
et son tutorial d'installation
http://speedweb1.free.fr/frames2.php?page=tuto5
Lassé par la pub ? Créez un compte
