INFECTER ?!!
Dernière réponse : dans Sécurité
Bonjour,
voila depuis quelques jours je ne peux plus faire de recherche sur google car le chargement de la page des résultats est trop long, pour accéder a un site je doit donc taper l'URL dans la barre d'adresse, sachant que ce n'est pas un problème de connection, que cela peut être ?
(ce problème m'est arrivé pendant environ 2 jours, puis c'est résolvé tout seul pendant une demi journée puis cela a recommencer..., il peut marriver ossi que la recherche marche 1 fois sur 10 mais bon...)
j'ai aussi besoin de votre aider car quand j'ouvre internet explorer plusieur page de pub s'ouvre au fur et a mesure et cela ne me le fesait pas avant !
Merci d'avance
voila depuis quelques jours je ne peux plus faire de recherche sur google car le chargement de la page des résultats est trop long, pour accéder a un site je doit donc taper l'URL dans la barre d'adresse, sachant que ce n'est pas un problème de connection, que cela peut être ?
(ce problème m'est arrivé pendant environ 2 jours, puis c'est résolvé tout seul pendant une demi journée puis cela a recommencer..., il peut marriver ossi que la recherche marche 1 fois sur 10 mais bon...)
j'ai aussi besoin de votre aider car quand j'ouvre internet explorer plusieur page de pub s'ouvre au fur et a mesure et cela ne me le fesait pas avant !
Merci d'avance
Autres pages sur : infecter
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe HijackThis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser HijackThis v2.0.2
Télécharge puis installe HijackThis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser HijackThis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:12, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [70576424] rundll32.exe "C:\WINDOWS\system32\xgihixeh.dll",b
O4 - HKLM\..\Run: [BM736457b8] Rundll32.exe "C:\WINDOWS\system32\tyfnahkx.dll",s
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [USRobotics USB Internet Mini Phone Control Panel] "C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USB Internet Mini Phone UI.exe"
O4 - HKLM\..\Run: [USRobotics USB Internet Mini Phone] "C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USRobotics USB Internet Mini Phone.exe"
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 10389 bytes
Scan saved at 15:41:12, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [70576424] rundll32.exe "C:\WINDOWS\system32\xgihixeh.dll",b
O4 - HKLM\..\Run: [BM736457b8] Rundll32.exe "C:\WINDOWS\system32\tyfnahkx.dll",s
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [USRobotics USB Internet Mini Phone Control Panel] "C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USB Internet Mini Phone UI.exe"
O4 - HKLM\..\Run: [USRobotics USB Internet Mini Phone] "C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USRobotics USB Internet Mini Phone.exe"
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 10389 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ComboFix 08-04-28.2 - Cédric 2008-04-29 16:24:29.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510 [GMT 2:00]
Endroit: C:\Documents and Settings\Cédric\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AntiSpywareMaster
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXPiJcD.dll
C:\WINDOWS\system32\ddcCRLFx.dll
C:\WINDOWS\system32\dvrouuax.ini
C:\WINDOWS\system32\e2
C:\WINDOWS\system32\fytjycql.ini
C:\WINDOWS\system32\gfrsqcmf.dll
C:\WINDOWS\system32\hexihigx.ini
C:\WINDOWS\system32\iflpohwr.dll
C:\WINDOWS\system32\ljJBqpoL.dll
C:\WINDOWS\system32\LopqBJjl.ini
C:\WINDOWS\system32\LopqBJjl.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nynenups.dll
C:\WINDOWS\system32\qawoifvg.ini
C:\WINDOWS\system32\registrei.txt
C:\WINDOWS\system32\tyfnahkx.dll
C:\WINDOWS\system32\vvvxyyxx.ini
C:\WINDOWS\system32\vvvxyyxx.ini2
C:\WINDOWS\system32\xauuorvd.dll
C:\WINDOWS\system32\xgihixeh.dll
C:\WINDOWS\system32\xvqohjeo.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))))))
.
2008-04-27 21:35 . 2008-04-29 16:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-27 21:35 . 2008-04-27 21:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 21:32 . 2008-04-27 21:33 <REP> d-------- C:\Program Files\iTunes
2008-04-27 21:32 . 2008-04-27 21:32 <REP> d-------- C:\Program Files\iPod
2008-04-27 21:29 . 2008-04-27 21:31 <REP> d-------- C:\Program Files\QuickTime
2008-04-27 13:29 . 2008-04-27 13:47 <REP> d-------- C:\Program Files\MalwareAlarm
2008-04-27 13:19 . 2008-04-27 13:19 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-27 00:59 . 2008-04-27 00:59 8 --a------ C:\WINDOWS\system32\705776aa
2008-04-26 22:41 . 2008-04-26 22:41 <REP> d-------- C:\Program Files\Bonjour
2008-04-26 22:35 . 2008-04-26 22:35 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-26 22:34 . 2008-04-26 22:34 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-26 22:34 . 2008-04-26 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-26 13:47 . 2008-04-26 13:47 168 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-04-25 22:50 . 2008-04-25 22:50 2,227 --a------ C:\WINDOWS\system32\mcmoxcai.dll
2008-04-25 22:47 . 2008-04-25 22:47 2,227 --a------ C:\WINDOWS\system32\cdbussii.dll
2008-04-25 00:27 . 2008-04-25 00:27 4,096 --a------ C:\WINDOWS\system32\crash
2008-04-24 22:44 . 2008-04-29 15:38 109,753 --a------ C:\WINDOWS\BM736457b8.xml
2008-04-24 22:38 . 2008-04-27 11:55 <REP> d-------- C:\WINDOWS\system32\pnVes01
2008-04-24 22:38 . 2008-04-24 23:29 <REP> d-------- C:\WINDOWS\system32\Bn
2008-04-24 22:38 . 2008-04-24 22:38 <REP> d-------- C:\Temp\zvebs14
2008-04-24 22:38 . 2008-04-24 22:38 <REP> d-------- C:\Temp\kvebs14
2008-04-24 22:38 . 2008-04-24 22:38 67,104 --a------ C:\Temp\oRUsa080.exe
2008-04-24 22:31 . 2008-04-25 02:04 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-04-24 22:01 . 2008-04-24 22:01 115 --a------ C:\WINDOWS\AIMPR.INI
2008-04-24 21:59 . 2008-04-25 00:01 <REP> d-------- C:\Program Files\ElcomSoft
2008-04-24 16:51 . 2008-04-24 16:51 <REP> d-------- C:\Program Files\Ubisoft
2008-04-22 21:24 . 2008-04-22 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-21 22:59 . 2008-04-23 20:13 <REP> d-------- C:\Program Files\Navilog1
2008-04-21 22:38 . 2008-04-21 22:38 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 22:32 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-21 22:32 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-21 22:32 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-21 22:32 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-21 22:32 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-21 22:32 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-21 22:32 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-21 22:32 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-21 22:32 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-21 22:31 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-04 19:54 . 2008-04-06 16:52 230,424 --a------ C:\DC6810xp-001.raw
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 14:55 --------- d-----w C:\Program Files\eMule
2008-04-29 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-27 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-27 11:18 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-27 11:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-27 11:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-26 11:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-26 11:53 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-24 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 13:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-22 21:23 --------- d-----w C:\Program Files\DivX
2008-04-21 20:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-11 16:56 --------- d-----w C:\Program Files\Java
2008-04-03 17:49 --------- d-----w C:\Program Files\iKoneStudio
2008-03-26 21:50 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-26 21:48 --------- d-----w C:\Program Files\Hercules
2008-03-26 19:48 --------- d-----w C:\Program Files\adslTV
2008-03-26 15:41 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-03-26 15:41 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-24 16:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-03-22 16:07 --------- d-----w C:\Program Files\Warcraft III
2008-03-22 16:04 --------- d-----w C:\Program Files\SopCast
2008-03-22 16:04 --------- d-----w C:\Program Files\Skype
2008-03-22 16:00 --------- d-----w C:\Program Files\Paltalk Messenger
2008-03-22 15:55 --------- d-----w C:\Program Files\EA GAMES
2008-03-22 15:43 --------- d-----w C:\Program Files\Windows Live
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-05 19:10 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-12-17 22:17 1,072,255 ----a-w C:\Program Files\WoW-2.0.0-frFR-Installer-downloader.exe
2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.tde
.
------- Sigcheck -------
2001-08-28 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-03-26 17:41 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-03-26 17:41 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31F97AFF-3F77-419F-90F2-8C5EA4A249F4}]
C:\WINDOWS\system32\xxyyxvvv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-08-03 18:49 188459]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 17:10 1667584]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 15:29 68856]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-03-07 21:00 98304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 21:29 994072]
"USRobotics USB Internet Mini Phone Control Panel"="C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USB Internet Mini Phone UI.exe" [2006-06-07 14:51 2115584]
"USRobotics USB Internet Mini Phone"="C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USRobotics USB Internet Mini Phone.exe" [2006-06-07 14:53 338432]
"tvjbmonitor"="C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-08-02 18:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-27 13:15 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 03:48 275800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 22:05 339968]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCRLFx]
ddcCRLFx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25079:TCP"= 25079:TCP![:p]( ":p")
ORT_25079
"6864:TCP"= 6864:TCP![:p]( ":p")
ORT_6864
"63291:TCP"= 63291:TCP![:p]( ":p")
ORT_63291
"12888:TCP"= 12888:TCP![:p]( ":p")
ORT_12888
"28124:TCP"= 28124:TCP![:p]( ":p")
ORT_28124
"14229:TCP"= 14229:TCP![:p]( ":p")
ORT_14229
"50023:TCP"= 50023:TCP![:p]( ":p")
ORT_50023
"30186:TCP"= 30186:TCP![:p]( ":p")
ORT_30186
"21680:TCP"= 21680:TCP![:p]( ":p")
ORT_21680
"18897:TCP"= 18897:TCP![:p]( ":p")
ORT_18897
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 16:28]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-02-22 11:39]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 00:13]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 17:10]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 21:29]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-07-27 12:02]
S3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
S3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;C:\WINDOWS\system32\DRIVERS\SDVPlus.sys [2001-05-15 08:20]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-26 20:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 15:41:47 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-06 13:43:39 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job"
- C:\Program Files\Microsoft LifeCam\LifeExp.exe
"2008-03-06 13:43:39 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
- E:\setup.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 16:55:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 34
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-29 17:00:56 - machine was rebooted [C‚dric]
ComboFix-quarantined-files.txt 2008-04-29 15:00:44
Pre-Run: 112,738,619,392 octets libres
Post-Run: 113,154,396,160 octets libres
257
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510 [GMT 2:00]
Endroit: C:\Documents and Settings\Cédric\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AntiSpywareMaster
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXPiJcD.dll
C:\WINDOWS\system32\ddcCRLFx.dll
C:\WINDOWS\system32\dvrouuax.ini
C:\WINDOWS\system32\e2
C:\WINDOWS\system32\fytjycql.ini
C:\WINDOWS\system32\gfrsqcmf.dll
C:\WINDOWS\system32\hexihigx.ini
C:\WINDOWS\system32\iflpohwr.dll
C:\WINDOWS\system32\ljJBqpoL.dll
C:\WINDOWS\system32\LopqBJjl.ini
C:\WINDOWS\system32\LopqBJjl.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nynenups.dll
C:\WINDOWS\system32\qawoifvg.ini
C:\WINDOWS\system32\registrei.txt
C:\WINDOWS\system32\tyfnahkx.dll
C:\WINDOWS\system32\vvvxyyxx.ini
C:\WINDOWS\system32\vvvxyyxx.ini2
C:\WINDOWS\system32\xauuorvd.dll
C:\WINDOWS\system32\xgihixeh.dll
C:\WINDOWS\system32\xvqohjeo.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))))))
.
2008-04-27 21:35 . 2008-04-29 16:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-27 21:35 . 2008-04-27 21:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 21:32 . 2008-04-27 21:33 <REP> d-------- C:\Program Files\iTunes
2008-04-27 21:32 . 2008-04-27 21:32 <REP> d-------- C:\Program Files\iPod
2008-04-27 21:29 . 2008-04-27 21:31 <REP> d-------- C:\Program Files\QuickTime
2008-04-27 13:29 . 2008-04-27 13:47 <REP> d-------- C:\Program Files\MalwareAlarm
2008-04-27 13:19 . 2008-04-27 13:19 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-27 00:59 . 2008-04-27 00:59 8 --a------ C:\WINDOWS\system32\705776aa
2008-04-26 22:41 . 2008-04-26 22:41 <REP> d-------- C:\Program Files\Bonjour
2008-04-26 22:35 . 2008-04-26 22:35 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-26 22:34 . 2008-04-26 22:34 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-26 22:34 . 2008-04-26 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-26 13:47 . 2008-04-26 13:47 168 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-04-25 22:50 . 2008-04-25 22:50 2,227 --a------ C:\WINDOWS\system32\mcmoxcai.dll
2008-04-25 22:47 . 2008-04-25 22:47 2,227 --a------ C:\WINDOWS\system32\cdbussii.dll
2008-04-25 00:27 . 2008-04-25 00:27 4,096 --a------ C:\WINDOWS\system32\crash
2008-04-24 22:44 . 2008-04-29 15:38 109,753 --a------ C:\WINDOWS\BM736457b8.xml
2008-04-24 22:38 . 2008-04-27 11:55 <REP> d-------- C:\WINDOWS\system32\pnVes01
2008-04-24 22:38 . 2008-04-24 23:29 <REP> d-------- C:\WINDOWS\system32\Bn
2008-04-24 22:38 . 2008-04-24 22:38 <REP> d-------- C:\Temp\zvebs14
2008-04-24 22:38 . 2008-04-24 22:38 <REP> d-------- C:\Temp\kvebs14
2008-04-24 22:38 . 2008-04-24 22:38 67,104 --a------ C:\Temp\oRUsa080.exe
2008-04-24 22:31 . 2008-04-25 02:04 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-04-24 22:01 . 2008-04-24 22:01 115 --a------ C:\WINDOWS\AIMPR.INI
2008-04-24 21:59 . 2008-04-25 00:01 <REP> d-------- C:\Program Files\ElcomSoft
2008-04-24 16:51 . 2008-04-24 16:51 <REP> d-------- C:\Program Files\Ubisoft
2008-04-22 21:24 . 2008-04-22 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-22 17:26 . 2008-04-22 17:26 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-21 22:59 . 2008-04-23 20:13 <REP> d-------- C:\Program Files\Navilog1
2008-04-21 22:38 . 2008-04-21 22:38 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 22:32 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-21 22:32 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-21 22:32 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-21 22:32 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-21 22:32 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-21 22:32 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-21 22:32 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-21 22:32 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-21 22:32 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-21 22:31 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-04 19:54 . 2008-04-06 16:52 230,424 --a------ C:\DC6810xp-001.raw
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 14:55 --------- d-----w C:\Program Files\eMule
2008-04-29 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-27 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-27 11:18 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-27 11:16 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-27 11:16 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-26 11:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-26 11:53 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-24 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 13:44 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-22 21:23 --------- d-----w C:\Program Files\DivX
2008-04-21 20:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-11 16:56 --------- d-----w C:\Program Files\Java
2008-04-03 17:49 --------- d-----w C:\Program Files\iKoneStudio
2008-03-26 21:50 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-26 21:48 --------- d-----w C:\Program Files\Hercules
2008-03-26 19:48 --------- d-----w C:\Program Files\adslTV
2008-03-26 15:41 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-03-26 15:41 359,040 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-24 16:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-03-22 16:07 --------- d-----w C:\Program Files\Warcraft III
2008-03-22 16:04 --------- d-----w C:\Program Files\SopCast
2008-03-22 16:04 --------- d-----w C:\Program Files\Skype
2008-03-22 16:00 --------- d-----w C:\Program Files\Paltalk Messenger
2008-03-22 15:55 --------- d-----w C:\Program Files\EA GAMES
2008-03-22 15:43 --------- d-----w C:\Program Files\Windows Live
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-05 19:10 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-12-17 22:17 1,072,255 ----a-w C:\Program Files\WoW-2.0.0-frFR-Installer-downloader.exe
2006-08-27 15:38 1,015,973 --sha-r C:\Program Files\serial.tde
.
------- Sigcheck -------
2001-08-28 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-03-26 17:41 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-03-26 17:41 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31F97AFF-3F77-419F-90F2-8C5EA4A249F4}]
C:\WINDOWS\system32\xxyyxvvv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-08-03 18:49 188459]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 17:10 1667584]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 15:29 68856]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-03-07 21:00 98304]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 21:29 994072]
"USRobotics USB Internet Mini Phone Control Panel"="C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USB Internet Mini Phone UI.exe" [2006-06-07 14:51 2115584]
"USRobotics USB Internet Mini Phone"="C:\Program Files\U.S. Robotics\USB Internet Mini Phone\USRobotics USB Internet Mini Phone.exe" [2006-06-07 14:53 338432]
"tvjbmonitor"="C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-08-02 18:32 53248]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-27 13:15 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 03:48 275800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-12 22:05 339968]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCRLFx]
ddcCRLFx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25079:TCP"= 25079:TCP
ORT_25079"6864:TCP"= 6864:TCP
ORT_6864"63291:TCP"= 63291:TCP
ORT_63291"12888:TCP"= 12888:TCP
ORT_12888"28124:TCP"= 28124:TCP
ORT_28124"14229:TCP"= 14229:TCP
ORT_14229"50023:TCP"= 50023:TCP
ORT_50023"30186:TCP"= 30186:TCP
ORT_30186"21680:TCP"= 21680:TCP
ORT_21680"18897:TCP"= 18897:TCP
ORT_18897R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 16:28]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-02-22 11:39]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-05 00:13]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 17:10]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 21:29]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-07-27 12:02]
S3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 23:31]
S3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;C:\WINDOWS\system32\DRIVERS\SDVPlus.sys [2001-05-15 08:20]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-26 20:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 15:41:47 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-06 13:43:39 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job"
- C:\Program Files\Microsoft LifeCam\LifeExp.exe
"2008-03-06 13:43:39 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
- E:\setup.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 16:55:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 34
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\CDRIC~1\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiStationLB.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-29 17:00:56 - machine was rebooted [C‚dric]
ComboFix-quarantined-files.txt 2008-04-29 15:00:44
Pre-Run: 112,738,619,392 octets libres
Post-Run: 113,154,396,160 octets libres
257
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumInfecter par le virus worms
- Foruminfecter par virus introuvable
- ForumPC INFECTER ! mais virus indetectable !
- ForumPC infecter,fenetre intempestive au démarrage de windows !(Résolu)
- Forumun virus a infecter mon anti-virus [résolut ]
- ForumInfecter par les virus, vrr8e, vrr3, vrr10.....
- Foruminfecter par virus comment sans debarrasser ??????
- ForumHelp Mega virus qui a infecter toute les photos et images !!!
- Forumodi infecter avec trojan ????
- Voir plus
