virus qui ne veut pas partir
Dernière réponse : dans Sécurité
Bonsoir, j'ai un problème quand je fais ctrl alt suppr, windows m'annonce que le gestionnaire des tâches est désactivée par mon administrateur. J'ai ce message d'erreur depuis que j'ai attrapé un virus que je n'arrive pas à supprimer car il me dit que la ressource est utilisé par un autre programme et j'ai essayé de le supprimé en mode sans échec et ça m'a mis la même erreur ![:fou:]( ":fou:")
Je précise que j'ai un antivirus, Avast.
Je précise que j'ai un antivirus, Avast.
Autres pages sur : virus veut partir
Lassé par la pub ? Créez un compte
Bonjour,
Tu as essayé le logiciel Zeb-Restore ?
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Tu as essayé le logiciel Zeb-Restore ?
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Bonjour, voici le rapport de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:55, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\ATKKBService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
c:\wamp\apache2\bin\Apache.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\Apache.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\ASUS\GamerOSD\GamerOSD.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\wamp\wampserver.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Documents and Settings\Alex\Bureau\Reaper-X-Easy-MaNGOS\realmd.exe
E:\Documents and Settings\Alex\Bureau\Reaper-X-Easy-MaNGOS\mangosd.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Fourni par DELL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\fservice.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: {81e5786d-3603-e6ca-a204-378a3533a4b3} - {3b4a3353-a873-402a-ac6e-3063d6875e18} - E:\WINDOWS\system32\oxgpaoep.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F682E389-CED7-44E3-8A88-25BF70E18F59} - E:\WINDOWS\system32\ljJYQJCv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] E:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FTP Server] E:\DOCUME~1\Alex\LOCALS~1\Temp\Rar$EX06.172\ftpserv.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [0caa1c63] rundll32.exe "E:\WINDOWS\system32\ynhltwul.dll",b
O4 - HKLM\..\Run: [BM6f3e5cd3] Rundll32.exe "E:\WINDOWS\system32\uqqvqkuw.dll",s
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BM6f3e5cd3] Rundll32.exe "E:\WINDOWS\system32\uqqvqkuw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] E:\WINDOWS\system32\fservice.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = E:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - E:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - E:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 13796 bytes
PS: Avast m'annonce que c'est : E:\WINDOWS\system32\ljJYQJCv.dll
Mais impossible de le mettre en quarantaine ou de le supprimer.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:55, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\ATKKBService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\Program Files\CDBurnerXP\NMSAccessU.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
c:\wamp\apache2\bin\Apache.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\Apache.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\ASUS\GamerOSD\GamerOSD.exe
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\wamp\wampserver.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Documents and Settings\Alex\Bureau\Reaper-X-Easy-MaNGOS\realmd.exe
E:\Documents and Settings\Alex\Bureau\Reaper-X-Easy-MaNGOS\mangosd.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Fourni par DELL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\fservice.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: {81e5786d-3603-e6ca-a204-378a3533a4b3} - {3b4a3353-a873-402a-ac6e-3063d6875e18} - E:\WINDOWS\system32\oxgpaoep.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {F682E389-CED7-44E3-8A88-25BF70E18F59} - E:\WINDOWS\system32\ljJYQJCv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ASUSGamerOSD] E:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] E:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FTP Server] E:\DOCUME~1\Alex\LOCALS~1\Temp\Rar$EX06.172\ftpserv.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [0caa1c63] rundll32.exe "E:\WINDOWS\system32\ynhltwul.dll",b
O4 - HKLM\..\Run: [BM6f3e5cd3] Rundll32.exe "E:\WINDOWS\system32\uqqvqkuw.dll",s
O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BM6f3e5cd3] Rundll32.exe "E:\WINDOWS\system32\uqqvqkuw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] E:\WINDOWS\system32\fservice.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = E:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - E:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - E:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - E:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - E:\WINDOWS\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 13796 bytes
PS: Avast m'annonce que c'est : E:\WINDOWS\system32\ljJYQJCv.dll
Mais impossible de le mettre en quarantaine ou de le supprimer.
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe afin de le lancer.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
Voilà le rapport :
ComboFix 08-04-22.5 - Alex 2008-04-24 21:53:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1170 [GMT 2:00]
Endroit: E:\Documents and Settings\Alex\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\WINDOWS\assys.dll
E:\WINDOWS\cookies.ini
E:\WINDOWS\ffnsys.dll
E:\WINDOWS\gstcore.dll
E:\WINDOWS\ktd32.atm
E:\WINDOWS\mfnsys.dll
E:\WINDOWS\pskt.ini
E:\WINDOWS\rsczsys.dll
E:\WINDOWS\snsys.dll
E:\WINDOWS\system32\dtbjktbv.ini
E:\WINDOWS\system32\gwtdfgon.dll
E:\WINDOWS\system32\hmdtqaqp.ini
E:\WINDOWS\system32\imrifudh.dll
E:\WINDOWS\system32\ljJYQJCv.dll
E:\WINDOWS\system32\luwtlhny.ini
E:\WINDOWS\system32\lvjghlqc.dll
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\oxgpaoep.dll
E:\WINDOWS\system32\pqaqtdmh.dll
E:\WINDOWS\system32\uqqvqkuw.dll
E:\WINDOWS\system32\vCJQYJjl.ini
E:\WINDOWS\system32\vCJQYJjl.ini2
E:\WINDOWS\system32\vqcwgiet.ini
E:\WINDOWS\system32\wapjopju.dll
E:\WINDOWS\system32\wiyhqpfp.dll
E:\WINDOWS\system32\yhnjakxm.dll
E:\WINDOWS\system32\ynhltwul.dll
E:\WINDOWS\uawin.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 17:59 . 2008-04-24 17:59 <REP> d-------- E:\Program Files\Trend Micro
2008-04-22 19:22 . 2003-06-19 01:31 17,920 --a------ E:\WINDOWS\system32\mdimon.dll
2008-04-22 19:22 . 2008-04-22 19:22 385 --a------ E:\WINDOWS\ODBC.INI
2008-04-22 19:08 . 2008-04-22 19:10 <REP> d-------- E:\WINDOWS\SHELLNEW
2008-04-22 19:08 . 2008-04-22 19:08 <REP> d-------- E:\Program Files\Microsoft.NET
2008-04-21 19:47 . 2008-04-21 19:47 <REP> dr-h----- E:\MSOCache
2008-04-20 18:44 . 2008-04-22 18:23 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-20 14:56 . 2008-04-20 14:56 <REP> d-------- E:\Program Files\Ubisoft
2008-04-20 14:40 . 2008-04-20 14:40 <REP> d-------- E:\Program Files\DAEMON Tools
2008-04-16 03:11 . 2008-04-16 03:11 1,602,593 ---hs---- E:\WINDOWS\system32\wthuohky.ini
2008-04-16 03:11 . 2008-04-24 20:57 109,154 --a------ E:\WINDOWS\BM6f3e5cd3.xml
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Voisinage r‚seau
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Voisinage d'impression
2008-04-12 19:54 . 2008-01-06 00:49 <REP> d--h----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\ModŠles
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Mes documents
2008-04-12 19:54 . 2008-01-06 01:46 <REP> dr------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Menu D‚marrer
2008-04-12 19:54 . 2008-01-06 00:53 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Favoris
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Bureau
2008-04-12 19:54 . 2008-04-12 19:54 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD
2008-04-12 19:54 . 2008-04-24 21:53 1,024 --ah----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\NtUser.dat.LOG
2008-04-07 22:55 . 2008-04-07 22:55 14,584 --a------ E:\WINDOWS\system32\lncom_.jpg
2008-04-04 20:13 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-04 20:13 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-04 20:13 . 2008-01-06 00:49 <REP> d--h----- E:\Documents and Settings\Administrateur\ModŠles
2008-04-04 20:13 . 2008-01-06 01:46 <REP> d-------- E:\Documents and Settings\Administrateur\Mes documents
2008-04-04 20:13 . 2008-01-06 01:46 <REP> dr------- E:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-04 20:13 . 2008-01-06 00:53 <REP> d-------- E:\Documents and Settings\Administrateur\Favoris
2008-04-04 20:13 . 2008-04-04 20:18 <REP> d-------- E:\Documents and Settings\Administrateur\Bureau
2008-04-04 20:13 . 2008-04-04 20:13 <REP> d-------- E:\Documents and Settings\Administrateur
2008-04-04 20:13 . 2008-04-24 21:53 1,024 --ah----- E:\Documents and Settings\Administrateur\NtUser.dat.LOG
2008-04-04 20:08 . 2008-04-04 20:08 <REP> d-------- E:\Program Files\Alwil Software
2008-03-31 20:37 . 2008-03-31 20:37 <REP> d-------- E:\Program Files\MSECache
2008-03-30 16:33 . 2008-03-30 16:33 <REP> dr-h----- E:\Documents and Settings\Alex\Application Data\SecuROM
2008-03-29 19:53 . 2008-03-29 19:53 0 --a------ E:\WINDOWS\Pplugin9.dat
2008-03-29 19:37 . 2008-04-05 21:12 98,363 --a------ E:\WINDOWS\p_ekran.jpg
2008-03-29 19:36 . 2008-04-04 19:17 206 --a------ E:\WINDOWS\Pplugin4.dat
2008-03-24 14:14 . 2008-03-24 14:14 <REP> d-------- E:\WINDOWS\system32\windows media
2008-03-24 14:14 . 2008-03-24 14:14 <REP> d-------- E:\Program Files\Windows Media Components
2008-03-24 14:13 . 2008-03-24 14:13 <REP> d-------- E:\Program Files\NRJ
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 20:03 --------- d-----w E:\Documents and Settings\Alex\Application Data\Skype
2008-04-24 20:02 --------- d-----w E:\Program Files\Steam
2008-04-24 18:43 196,608 ----a-w E:\WINDOWS\system32\drivers\nStandard.bin
2008-04-24 16:16 --------- d-----w E:\Documents and Settings\Alex\Application Data\skypePM
2008-04-22 16:25 --------- d-----w E:\Documents and Settings\Alex\Application Data\SQLyog
2008-04-21 18:51 --------- d-----w E:\Program Files\MessengerDiscovery
2008-04-20 12:56 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-04-20 11:02 --------- d-----w E:\Documents and Settings\Alex\Application Data\LimeWire
2008-04-17 16:11 --------- d-----w E:\Documents and Settings\Alex\Application Data\Bioshock
2008-04-15 00:40 --------- d-----w E:\Program Files\LimeWire
2008-04-13 19:19 --------- d-----w E:\Documents and Settings\Alex\Application Data\FileZilla
2008-04-11 17:13 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 16:14 --------- d-----w E:\Program Files\DAEMON Tools SearchBar
2008-04-02 16:03 --------- d-----w E:\Program Files\Windows Live Safety Center
2008-03-30 20:25 --------- d-----w E:\Program Files\Messenger Plus! Live
2008-03-25 19:29 --------- d-----w E:\Program Files\Java
2008-03-23 16:51 --------- d-----w E:\Program Files\Fichiers communs\Steinberg
2008-03-23 16:51 --------- d-----w E:\Documents and Settings\Alex\Application Data\Steinberg
2008-03-23 14:24 --------- d-----w E:\Program Files\AGEIA Technologies
2008-03-23 14:23 --------- d-----w E:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-19 12:29 --------- d-----w E:\Program Files\Skorbord 1.1
2008-03-19 12:25 --------- d-----w E:\Program Files\VideoCap
2008-03-16 19:34 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-14 22:28 --------- d-----w E:\Program Files\MTA San Andreas
2008-02-28 16:04 --------- d-----w E:\Program Files\PowerISO
2008-02-27 15:01 --------- d-----w E:\Program Files\Replay Converter
2008-02-26 20:26 --------- d-----w E:\Documents and Settings\Alex\Application Data\Apple Computer
2008-02-26 14:51 --------- d-----w E:\Program Files\2K Games
2008-02-26 14:50 --------- d-----w E:\Documents and Settings\Alex\Application Data\InstallShield
2008-02-25 21:24 --------- d-----w E:\Program Files\Activision
2008-02-14 23:02 411,248 ----a-w E:\Program Files\FLV PlayerRCSetup.exe
2008-01-14 06:28 32 ----a-w E:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-08 22:10 134,656 ----a-w E:\Documents and Settings\Alex\Keygen.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files\steam\steam.exe" [2008-04-03 18:27 1271032]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 18:34 68856]
"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="E:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"AlcoholAutomount"="E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 16264192 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 E:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 E:\WINDOWS\system32\nwiz.exe]
"ASUSGamerOSD"="E:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-06-01 10:37 380928]
"Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"Adobe_ID0EYTHM"="E:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"TkBellExe"="E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-17 20:47 185896]
"PWRISOVM.EXE"="E:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"DirectX For Microsoft® Windows"= E:\WINDOWS\system32\fservice.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"E:\\Program Files\\Steam\\SteamApps\\lord_poupou\\counter-strike source\\hl2.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"E:\\WINDOWS\\system32\\ftp.exe"=
"E:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Alex\\Bureau\\PC_SOLDIER OF FORTUNE 2 DOUBLE HELIX -RiP- (ToeD)\\PC_SOLDIER OF FORTUNE 2 DOUBLE HELIX -RiP+Blood-(ToeD)\\SOF2\\SOF2\\SoF2MP.exe"=
"E:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\wamp\\Apache2\\bin\\Apache.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\Reaper-X-Easy-MaNGOS\\realmd.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\Reaper-X-Easy-MaNGOS\\mangosd.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\MANGOS\\realmd.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\Pack Mangos v5.0(2)\\MANGOS\\realmd.exe"=
"E:\\Documents and Settings\\Alex\\Mes documents\\LimeWire\\Saved\\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\\GR2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"E:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"E:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"10977:TCP"= 10977:TCP:BitComet 10977 TCP
"10977:UDP"= 10977:UDP:BitComet 10977 UDP
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 NMSAccessU;NMSAccessU;E:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 wampapache;wampapache;"c:\wamp\apache2\bin\Apache.exe" -k runservice []
R2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-04-27 15:03]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;E:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29]
R3 SjyPkt;SjyPkt;E:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 10:57]
R3 Video3D;ASUS Video3D Service;E:\WINDOWS\system32\Drivers\Video3D32.sys [2007-05-31 15:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f550e9-0d6b-11dd-b01c-0014d13bec74}]
\Shell\AutoRun\command - F:\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A5656F7-2047-E7E4-018D-FD278FC908BD}]
E:\WINDOWS\system32:Explore.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 22:02:07
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 112
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\ATKKBService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\wamp\wampserver.exe
E:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 22:12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 20:11:34
Pre-Run: 20,891,844,608 octets libres
Post-Run: 28,057,124,864 octets libres
226 --- E O F --- 2008-04-23 18:01:50
Je croix bien que le virus est parti car mon gestionnaire des tâches marche de nouveau![:)]( ":)")
ComboFix 08-04-22.5 - Alex 2008-04-24 21:53:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1170 [GMT 2:00]
Endroit: E:\Documents and Settings\Alex\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\WINDOWS\assys.dll
E:\WINDOWS\cookies.ini
E:\WINDOWS\ffnsys.dll
E:\WINDOWS\gstcore.dll
E:\WINDOWS\ktd32.atm
E:\WINDOWS\mfnsys.dll
E:\WINDOWS\pskt.ini
E:\WINDOWS\rsczsys.dll
E:\WINDOWS\snsys.dll
E:\WINDOWS\system32\dtbjktbv.ini
E:\WINDOWS\system32\gwtdfgon.dll
E:\WINDOWS\system32\hmdtqaqp.ini
E:\WINDOWS\system32\imrifudh.dll
E:\WINDOWS\system32\ljJYQJCv.dll
E:\WINDOWS\system32\luwtlhny.ini
E:\WINDOWS\system32\lvjghlqc.dll
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\oxgpaoep.dll
E:\WINDOWS\system32\pqaqtdmh.dll
E:\WINDOWS\system32\uqqvqkuw.dll
E:\WINDOWS\system32\vCJQYJjl.ini
E:\WINDOWS\system32\vCJQYJjl.ini2
E:\WINDOWS\system32\vqcwgiet.ini
E:\WINDOWS\system32\wapjopju.dll
E:\WINDOWS\system32\wiyhqpfp.dll
E:\WINDOWS\system32\yhnjakxm.dll
E:\WINDOWS\system32\ynhltwul.dll
E:\WINDOWS\uawin.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-24 17:59 . 2008-04-24 17:59 <REP> d-------- E:\Program Files\Trend Micro
2008-04-22 19:22 . 2003-06-19 01:31 17,920 --a------ E:\WINDOWS\system32\mdimon.dll
2008-04-22 19:22 . 2008-04-22 19:22 385 --a------ E:\WINDOWS\ODBC.INI
2008-04-22 19:08 . 2008-04-22 19:10 <REP> d-------- E:\WINDOWS\SHELLNEW
2008-04-22 19:08 . 2008-04-22 19:08 <REP> d-------- E:\Program Files\Microsoft.NET
2008-04-21 19:47 . 2008-04-21 19:47 <REP> dr-h----- E:\MSOCache
2008-04-20 18:44 . 2008-04-22 18:23 <REP> d-------- E:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-20 14:56 . 2008-04-20 14:56 <REP> d-------- E:\Program Files\Ubisoft
2008-04-20 14:40 . 2008-04-20 14:40 <REP> d-------- E:\Program Files\DAEMON Tools
2008-04-16 03:11 . 2008-04-16 03:11 1,602,593 ---hs---- E:\WINDOWS\system32\wthuohky.ini
2008-04-16 03:11 . 2008-04-24 20:57 109,154 --a------ E:\WINDOWS\BM6f3e5cd3.xml
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Voisinage r‚seau
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Voisinage d'impression
2008-04-12 19:54 . 2008-01-06 00:49 <REP> d--h----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\ModŠles
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Mes documents
2008-04-12 19:54 . 2008-01-06 01:46 <REP> dr------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Menu D‚marrer
2008-04-12 19:54 . 2008-01-06 00:53 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Favoris
2008-04-12 19:54 . 2008-01-06 01:46 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\Bureau
2008-04-12 19:54 . 2008-04-12 19:54 <REP> d-------- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD
2008-04-12 19:54 . 2008-04-24 21:53 1,024 --ah----- E:\Documents and Settings\Administrateur.UNICORNI-9FC9DD\NtUser.dat.LOG
2008-04-07 22:55 . 2008-04-07 22:55 14,584 --a------ E:\WINDOWS\system32\lncom_.jpg
2008-04-04 20:13 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-04 20:13 . 2008-01-06 01:46 <REP> d--h----- E:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-04 20:13 . 2008-01-06 00:49 <REP> d--h----- E:\Documents and Settings\Administrateur\ModŠles
2008-04-04 20:13 . 2008-01-06 01:46 <REP> d-------- E:\Documents and Settings\Administrateur\Mes documents
2008-04-04 20:13 . 2008-01-06 01:46 <REP> dr------- E:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-04 20:13 . 2008-01-06 00:53 <REP> d-------- E:\Documents and Settings\Administrateur\Favoris
2008-04-04 20:13 . 2008-04-04 20:18 <REP> d-------- E:\Documents and Settings\Administrateur\Bureau
2008-04-04 20:13 . 2008-04-04 20:13 <REP> d-------- E:\Documents and Settings\Administrateur
2008-04-04 20:13 . 2008-04-24 21:53 1,024 --ah----- E:\Documents and Settings\Administrateur\NtUser.dat.LOG
2008-04-04 20:08 . 2008-04-04 20:08 <REP> d-------- E:\Program Files\Alwil Software
2008-03-31 20:37 . 2008-03-31 20:37 <REP> d-------- E:\Program Files\MSECache
2008-03-30 16:33 . 2008-03-30 16:33 <REP> dr-h----- E:\Documents and Settings\Alex\Application Data\SecuROM
2008-03-29 19:53 . 2008-03-29 19:53 0 --a------ E:\WINDOWS\Pplugin9.dat
2008-03-29 19:37 . 2008-04-05 21:12 98,363 --a------ E:\WINDOWS\p_ekran.jpg
2008-03-29 19:36 . 2008-04-04 19:17 206 --a------ E:\WINDOWS\Pplugin4.dat
2008-03-24 14:14 . 2008-03-24 14:14 <REP> d-------- E:\WINDOWS\system32\windows media
2008-03-24 14:14 . 2008-03-24 14:14 <REP> d-------- E:\Program Files\Windows Media Components
2008-03-24 14:13 . 2008-03-24 14:13 <REP> d-------- E:\Program Files\NRJ
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 20:03 --------- d-----w E:\Documents and Settings\Alex\Application Data\Skype
2008-04-24 20:02 --------- d-----w E:\Program Files\Steam
2008-04-24 18:43 196,608 ----a-w E:\WINDOWS\system32\drivers\nStandard.bin
2008-04-24 16:16 --------- d-----w E:\Documents and Settings\Alex\Application Data\skypePM
2008-04-22 16:25 --------- d-----w E:\Documents and Settings\Alex\Application Data\SQLyog
2008-04-21 18:51 --------- d-----w E:\Program Files\MessengerDiscovery
2008-04-20 12:56 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-04-20 11:02 --------- d-----w E:\Documents and Settings\Alex\Application Data\LimeWire
2008-04-17 16:11 --------- d-----w E:\Documents and Settings\Alex\Application Data\Bioshock
2008-04-15 00:40 --------- d-----w E:\Program Files\LimeWire
2008-04-13 19:19 --------- d-----w E:\Documents and Settings\Alex\Application Data\FileZilla
2008-04-11 17:13 --------- d---a-w E:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 16:14 --------- d-----w E:\Program Files\DAEMON Tools SearchBar
2008-04-02 16:03 --------- d-----w E:\Program Files\Windows Live Safety Center
2008-03-30 20:25 --------- d-----w E:\Program Files\Messenger Plus! Live
2008-03-25 19:29 --------- d-----w E:\Program Files\Java
2008-03-23 16:51 --------- d-----w E:\Program Files\Fichiers communs\Steinberg
2008-03-23 16:51 --------- d-----w E:\Documents and Settings\Alex\Application Data\Steinberg
2008-03-23 14:24 --------- d-----w E:\Program Files\AGEIA Technologies
2008-03-23 14:23 --------- d-----w E:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-19 12:29 --------- d-----w E:\Program Files\Skorbord 1.1
2008-03-19 12:25 --------- d-----w E:\Program Files\VideoCap
2008-03-16 19:34 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-14 22:28 --------- d-----w E:\Program Files\MTA San Andreas
2008-02-28 16:04 --------- d-----w E:\Program Files\PowerISO
2008-02-27 15:01 --------- d-----w E:\Program Files\Replay Converter
2008-02-26 20:26 --------- d-----w E:\Documents and Settings\Alex\Application Data\Apple Computer
2008-02-26 14:51 --------- d-----w E:\Program Files\2K Games
2008-02-26 14:50 --------- d-----w E:\Documents and Settings\Alex\Application Data\InstallShield
2008-02-25 21:24 --------- d-----w E:\Program Files\Activision
2008-02-14 23:02 411,248 ----a-w E:\Program Files\FLV PlayerRCSetup.exe
2008-01-14 06:28 32 ----a-w E:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-08 22:10 134,656 ----a-w E:\Documents and Settings\Alex\Keygen.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files\steam\steam.exe" [2008-04-03 18:27 1271032]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 18:34 68856]
"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="E:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"AlcoholAutomount"="E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 10:58 16264192 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 E:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 E:\WINDOWS\system32\nwiz.exe]
"ASUSGamerOSD"="E:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-06-01 10:37 380928]
"Acrobat Assistant 8.0"="E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"Adobe_ID0EYTHM"="E:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NeroFilterCheck"="E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"TkBellExe"="E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-17 20:47 185896]
"PWRISOVM.EXE"="E:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"DAEMON Tools"="E:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"DirectX For Microsoft® Windows"= E:\WINDOWS\system32\fservice.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"E:\\Program Files\\Steam\\SteamApps\\lord_poupou\\counter-strike source\\hl2.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"E:\\WINDOWS\\system32\\ftp.exe"=
"E:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Alex\\Bureau\\PC_SOLDIER OF FORTUNE 2 DOUBLE HELIX -RiP- (ToeD)\\PC_SOLDIER OF FORTUNE 2 DOUBLE HELIX -RiP+Blood-(ToeD)\\SOF2\\SOF2\\SoF2MP.exe"=
"E:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\wamp\\Apache2\\bin\\Apache.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\Reaper-X-Easy-MaNGOS\\realmd.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\Reaper-X-Easy-MaNGOS\\mangosd.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\MANGOS\\realmd.exe"=
"E:\\Documents and Settings\\Alex\\Bureau\\Pack Mangos v5.0(2)\\MANGOS\\realmd.exe"=
"E:\\Documents and Settings\\Alex\\Mes documents\\LimeWire\\Saved\\[PC] Ghost Recon Advanced Warfighter 2 [RIP] [dopeman]\\GR2\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"E:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"E:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"10977:TCP"= 10977:TCP:BitComet 10977 TCP
"10977:UDP"= 10977:UDP:BitComet 10977 UDP
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 NMSAccessU;NMSAccessU;E:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
R2 wampapache;wampapache;"c:\wamp\apache2\bin\Apache.exe" -k runservice []
R2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-04-27 15:03]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;E:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29]
R3 SjyPkt;SjyPkt;E:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 10:57]
R3 Video3D;ASUS Video3D Service;E:\WINDOWS\system32\Drivers\Video3D32.sys [2007-05-31 15:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f550e9-0d6b-11dd-b01c-0014d13bec74}]
\Shell\AutoRun\command - F:\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A5656F7-2047-E7E4-018D-FD278FC908BD}]
E:\WINDOWS\system32:Explore.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 22:02:07
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 112
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\ATKKBService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\wamp\wampserver.exe
E:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 22:12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 20:11:34
Pre-Run: 20,891,844,608 octets libres
Post-Run: 28,057,124,864 octets libres
226 --- E O F --- 2008-04-23 18:01:50
Je croix bien que le virus est parti car mon gestionnaire des tâches marche de nouveau
Il y a des restes.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
