probleme avec fenetre intempestive et des fichiers de system32
Forum Sécurité - Virus : probleme avec fenetre intempestive et des fichiers de system32
bonjour,
voila j'ai des problemes avec des fenetres intempestive et des fichiers present dans system32.
et j'avais des trojans que j'ai supprimer.
voici mon hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:34, on 24/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS.0\System32\igfxtray.exe
C:\WINDOWS.0\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS.0\system32\slserv.exe
C:\WINDOWS.0\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS.0\System32\ctfmon.exe
C:\WINDOWS.0\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS.0\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS.0\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM2f03fade] Rundll32.exe "C:\WINDOWS.0\System32\prxvvihi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS.0\SYSTEM32\slserv.exe
--
End of file - 5242 bytes
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
desolé de repondre seulement maintenant, mais j'avais eu un soucis avec mon ordi
la souris se bloquai apres un certain temps une fois arrivé dans windows.
et tous les favoris avaient disparu
ComboFix 08-06-10.5 - ludovic 2008-06-12 20:23:56.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.393 [GMT 2:00]
Endroit: C:\Documents and Settings\ludovic\Bureau\ComboFix.exe
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\kbd.sys
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))))))))
.
2008-06-12 19:38 . 2008-06-12 19:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-12 19:31 . 2008-06-12 19:31 268 --ah----- C:\sqmdata18.sqm
2008-06-12 19:31 . 2008-06-12 19:31 244 --ah----- C:\sqmnoopt18.sqm
2008-06-12 06:06 . 2008-06-12 06:06 244 --ah----- C:\sqmnoopt17.sqm
2008-06-12 06:06 . 2008-06-12 06:06 232 --ah----- C:\sqmdata17.sqm
2008-06-11 21:13 . 2008-06-11 21:13 244 --ah----- C:\sqmnoopt16.sqm
2008-06-11 21:13 . 2008-06-11 21:13 232 --ah----- C:\sqmdata16.sqm
2008-06-11 21:10 . 2008-06-11 21:10 268 --ah----- C:\sqmdata15.sqm
2008-06-11 21:10 . 2008-06-11 21:10 244 --ah----- C:\sqmnoopt15.sqm
2008-06-11 20:31 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:31 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 20:22 . 2008-06-11 20:22 268 --ah----- C:\sqmdata14.sqm
2008-06-11 20:22 . 2008-06-11 20:22 244 --ah----- C:\sqmnoopt14.sqm
2008-06-11 07:16 . 2008-06-11 07:16 268 --ah----- C:\sqmdata13.sqm
2008-06-11 07:16 . 2008-06-11 07:16 244 --ah----- C:\sqmnoopt13.sqm
2008-06-11 06:42 . 2008-06-11 06:42 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\Atari
2008-06-11 06:39 . 2008-06-11 06:39 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
2008-06-11 06:39 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-06-11 06:31 . 2008-06-11 06:31 <REP> d-------- C:\Program Files\Atari
2008-06-09 21:55 . 2008-06-09 21:55 <REP> d-------- C:\Program Files\Bonjour
2008-06-09 21:34 . 2008-06-09 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-06-09 20:20 . 2008-06-09 20:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-09 20:19 . 2008-06-09 20:19 244 --ah----- C:\sqmnoopt12.sqm
2008-06-09 20:19 . 2008-06-09 20:19 232 --ah----- C:\sqmdata12.sqm
2008-06-08 21:48 . 2008-06-09 22:10 1,152 --a------ C:\WINDOWS\Profil.Brain
2008-06-08 20:55 . 2008-06-08 20:55 244 --ah----- C:\sqmnoopt11.sqm
2008-06-08 20:55 . 2008-06-08 20:55 232 --ah----- C:\sqmdata11.sqm
2008-06-08 07:30 . 2008-06-08 07:30 268 --ah----- C:\sqmdata10.sqm
2008-06-08 07:30 . 2008-06-08 07:30 244 --ah----- C:\sqmnoopt10.sqm
2008-06-08 01:55 . 2008-06-08 01:55 268 --ah----- C:\sqmdata09.sqm
2008-06-08 01:55 . 2008-06-08 01:55 244 --ah----- C:\sqmnoopt09.sqm
2008-06-07 13:15 . 2008-06-07 13:15 268 --ah----- C:\sqmdata08.sqm
2008-06-07 13:15 . 2008-06-07 13:15 244 --ah----- C:\sqmnoopt08.sqm
2008-06-06 22:33 . 2008-06-09 21:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-06 06:05 . 2008-06-06 06:05 268 --ah----- C:\sqmdata07.sqm
2008-06-06 06:05 . 2008-06-06 06:05 244 --ah----- C:\sqmnoopt07.sqm
2008-06-05 23:35 . 2008-06-05 23:35 268 --ah----- C:\sqmdata06.sqm
2008-06-05 23:35 . 2008-06-05 23:35 244 --ah----- C:\sqmnoopt06.sqm
2008-06-04 18:47 . 2008-06-04 18:47 244 --ah----- C:\sqmnoopt05.sqm
2008-06-04 18:47 . 2008-06-04 18:47 232 --ah----- C:\sqmdata05.sqm
2008-06-03 07:13 . 2008-06-03 07:13 268 --ah----- C:\sqmdata04.sqm
2008-06-03 07:13 . 2008-06-03 07:13 244 --ah----- C:\sqmnoopt04.sqm
2008-06-02 20:57 . 2008-06-02 20:57 268 --ah----- C:\sqmdata03.sqm
2008-06-02 20:57 . 2008-06-02 20:57 244 --ah----- C:\sqmnoopt03.sqm
2008-06-02 20:53 . 2008-06-04 18:56 <REP> d-------- C:\Program Files\ATITool
2008-06-02 01:26 . 2008-05-16 11:39 414,185,080 --a------ C:\S2E10KYLE_XY__310520080935__K7.wmv
2008-06-02 01:25 . 2008-05-16 10:59 400,153,084 --a------ C:\S2E9KYLE_XY__310520080850__K7.wmv
2008-05-30 22:50 . 2008-06-04 06:57 <REP> d-------- C:\vcs5BGEffects
2008-05-30 22:49 . 2008-06-12 19:36 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2008-05-30 07:19 . 2008-05-30 07:19 268 --ah----- C:\sqmdata02.sqm
2008-05-30 07:19 . 2008-05-30 07:19 244 --ah----- C:\sqmnoopt02.sqm
2008-05-29 20:30 . 2008-05-29 20:30 <REP> d-------- C:\Program Files\IcoFX 1.6
2008-05-29 20:30 . 2008-05-29 20:36 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\IcoFX
2008-05-29 07:31 . 2008-05-29 07:31 268 --ah----- C:\sqmdata01.sqm
2008-05-29 07:31 . 2008-05-29 07:31 244 --ah----- C:\sqmnoopt01.sqm
2008-05-28 06:14 . 2008-06-12 03:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-05-27 19:34 . 2008-06-09 22:11 <REP> d-------- C:\Program Files\Micro Application
2008-05-27 07:23 . 2008-05-27 07:23 268 --ah----- C:\sqmdata00.sqm
2008-05-27 07:23 . 2008-05-27 07:23 244 --ah----- C:\sqmnoopt00.sqm
2008-05-27 00:38 . 2008-05-13 11:07 415,321,084 --a------ C:\S2E8KYLE_XY__240520080940__K7.wmv
2008-05-25 23:41 . 2008-05-13 11:02 415,865,092 --a------ C:\S2E7KYLE_XY__240520080850__K7.wmv
2008-05-25 19:48 . 2008-05-25 20:26 134,803,182 --a------ C:\jt13d23052008.asf
2008-05-25 19:01 . 2008-05-25 19:48 134,895,982 --a------ C:\jt13d22052008.asf
2008-05-25 18:38 . 2008-05-25 19:37 144,610,982 --a------ C:\jt13d21052008.asf
2008-05-25 18:34 . 2008-05-25 19:29 133,283,582 --a------ C:\jt13d20052008.asf
2008-05-25 18:13 . 2008-05-25 19:01 138,068,582 --a------ C:\jt13d19052008.asf
2008-05-25 17:52 . 2008-05-25 17:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-23 02:02 . 2008-05-23 02:07 <REP> d-------- C:\Documents and Settings\ludovic\dwhelper
2008-05-23 00:50 . 2008-05-12 10:49 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-23 00:42 . 2008-05-23 00:42 <REP> d-------- C:\ATI
2008-05-23 00:34 . 2008-06-07 20:09 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-22 00:13 . 2008-05-22 00:13 <REP> d-------- C:\Program Files\Veoh Networks
2008-05-17 18:12 . 2008-05-19 18:52 <REP> d-------- C:\Program Files\Warzone 2100
2008-05-17 18:12 . 2008-05-17 18:12 <REP> d-------- C:\Program Files\OpenAL
2008-05-17 18:12 . 2008-05-17 18:12 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-05-17 18:12 . 2008-05-17 18:12 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-05-17 18:00 . 2008-06-03 22:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 18:00 . 2008-05-17 18:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-17 18:00 . 2008-05-22 23:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-17 14:08 . 2008-05-17 14:08 0 --a------ C:\WINDOWS\SAFEEDIT.INI
2008-05-17 14:06 . 2008-05-17 14:06 0 --a------ C:\WINDOWS\UBEEDIT.INI
2008-05-17 14:06 . 2008-05-17 14:06 0 --a------ C:\WINDOWS\AIPEDIT.INI
2008-05-17 11:08 . 2008-05-17 11:08 <REP> d-------- C:\Program Files\Activision
2008-05-16 06:05 . 2008-05-16 06:05 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-15 22:49 . 2008-05-15 22:49 <REP> d-------- C:\Program Files\Download Manager
2008-05-15 22:45 . 2008-05-16 03:10 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\IGN_DLM
2008-05-15 06:36 . 2008-05-15 06:36 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\DonationCoder
2008-05-15 06:25 . 2008-05-15 06:36 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2008-05-15 06:23 . 2008-05-15 06:35 <REP> d-------- C:\Program Files\WinPcap
2008-05-15 06:23 . 2008-05-15 06:37 <REP> d-------- C:\Program Files\URLSnooper2
2008-05-15 06:23 . 2008-05-15 06:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DonationCoder
2008-05-14 20:03 . 2008-05-14 20:03 <REP> d--h----- C:\WINDOWS\PIF
2008-05-13 23:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-13 23:21 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-13 22:49 . 2008-05-13 22:49 <REP> d-------- C:\Program Files\Notebook Hardware Control
2008-05-13 21:40 . 2008-06-12 19:36 12,288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2008-05-13 19:34 . 2008-05-13 19:36 <REP> d-------- C:\Documents and Settings\ludovic\Contacts
2008-05-13 19:30 . 2008-05-13 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-13 19:18 . 2008-05-13 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-05-13 19:18 . 2008-05-13 19:21 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-05-13 19:18 . 2008-05-13 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-13 07:20 . 2008-06-02 19:33 <REP> d-------- C:\Program Files\DOSBox-0.72
2008-05-12 17:56 . 2008-05-12 17:56 397,312 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 17:45 . 2008-05-12 17:45 180,224 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 17:45 . 2008-05-12 17:45 139,264 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 17:43 . 2008-05-12 17:43 10,153,984 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-05-12 17:34 . 2008-05-12 17:34 6,221,824 --a------ C:\WINDOWS\system32\Atioglgl.dll
2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-05-12 17:22 . 2008-05-12 17:22 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-05-12 17:22 . 2008-05-12 17:22 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-05-12 17:09 . 2008-05-12 17:09 47,104 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 17:03 . 2008-05-12 17:03 19,968 --a------ C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 17:02 . 2008-05-12 17:02 241,664 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 08:55 . 2008-05-12 08:55 <REP> d-------- C:\Program Files\PixiePack Codec Pack
2008-05-12 08:53 . 2008-06-12 20:12 <REP> d-------- C:\Documents and Settings\ludovic\Application Data\Tunebite
2008-05-12 08:53 . 2007-12-11 09:52 26,784 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-05-12 08:52 . 2008-05-12 08:52 <REP> d-------- C:\Program Files\RapidSolution
2008-05-12 08:52 . 2008-05-12 08:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 17:37 --------- d-----w C:\Program Files\SpiralFrog
2008-06-12 17:32 598,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 17:32 51,900,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-12 01:10 --------- d-----w C:\Documents and Settings\ludovic\Application Data\uTorrent
2008-06-11 04:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 04:18 3,358,208 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-06-11 04:18 1,715,712 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-06-08 19:42 --------- d-----w C:\Program Files\ATI Technologies
2008-06-06 19:34 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-05 21:00 1,685,504 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-06-02 18:57 4,066,304 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-05-25 15:55 --------- d-----w C:\Documents and Settings\ludovic\Application Data\ATI
2008-05-21 22:39 120,935 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_21_20_58_21_small.dmp.zip
2008-05-17 09:18 2,747,392 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-12 16:30 3,007,488 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-05-12 15:54 305,152 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:44 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43 540,672 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:41 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-05-12 15:32 3,203,168 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-05-12 15:22 1,999,616 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:05 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-05-12 15:05 327,680 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-05-12 14:57 548,864 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 11:54 2,530,816 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-12 11:54 1,464,832 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-11 18:10 --------- d-----w C:\Program Files\DVD Shrink
2008-05-11 10:25 --------- d-----w C:\Documents and Settings\ludovic\Application Data\CyberLink
2008-05-11 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-11 10:15 --------- d-----w C:\Program Files\CyberLink
2008-05-10 20:06 --------- d-----w C:\Documents and Settings\ludovic\Application Data\dvdcss
2008-05-10 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spiralfrog
2008-05-10 06:04 --------- d-----w C:\Program Files\Microsoft Virtual PC
2008-05-10 00:23 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-10 00:13 --------- d-----w C:\Documents and Settings\ludovic\Application Data\AVGTOOLBAR
2008-05-09 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-05-09 21:31 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-09 21:31 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-09 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-09 21:30 --------- d-----w C:\Program Files\Zone Labs
2008-05-09 21:08 --------- d-----w C:\Documents and Settings\ludovic\Application Data\DivX
2008-05-09 14:30 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-09 14:30 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-09 14:30 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-09 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-09 12:43 --------- d-----w C:\Documents and Settings\ludovic\Application Data\Move Networks
2008-05-09 10:56 --------- d-----w C:\Program Files\Hotspot Shield
2008-05-09 10:55 --------- d-----w C:\Program Files\QuickTime
2008-05-09 10:54 --------- d-----w C:\Program Files\Apple Software Update
2008-05-09 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-09 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-09 09:48 --------- d-----w C:\Program Files\DivX
2008-05-08 17:04 --------- d-----w C:\Program Files\CCleaner
2008-05-08 16:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-08 16:12 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-08 16:10 --------- d-----w C:\Program Files\MSBuild
2008-05-08 16:07 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-08 15:19 --------- d-----w C:\Program Files\CONEXANT
2008-05-08 15:17 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 12:11 --------- d-----w C:\Program Files\Conduit
2008-05-08 11:02 --------- d-----w C:\Program Files\Windows Defender
2008-05-08 10:33 --------- d-----w C:\Program Files\Xi
2008-05-08 09:41 --------- d-----w C:\Documents and Settings\ludovic\Application Data\vlc
2008-05-08 09:40 --------- d-----w C:\Program Files\VideoLAN
2008-05-07 18:31 --------- d-----w C:\Documents and Settings\ludovic\Application Data\Talkback
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 22:52 --------- d-----w C:\Program Files\Replay Media Catcher
2008-05-06 22:36 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4296.exe
2008-05-06 22:36 --------- d-----w C:\Program Files\Alcohol Toolbar
2008-05-06 22:36 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-06 21:34 --------- d-----w C:\Documents and Settings\ludovic\Application Data\ClonySoft
2008-05-06 21:29 --------- d-----w C:\Program Files\uTorrent
2008-05-06 21:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-06 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-06 21:01 --------- d-----w C:\Program Files\Lavasoft
2008-05-06 21:00 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-06 20:55 --------- d-----w C:\Program Files\AVG
2008-05-06 04:41 --------- d-----w C:\Documents and Settings\ludovic\Application Data\Thunderbird
2008-05-06 02:34 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-06 02:33 --------- d-----w C:\Program Files\SAGEM
2008-05-06 02:23 --------- d-----w C:\Program Files\Java
2008-05-06 02:23 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-06 02:18 --------- d-----w C:\Program Files\MiTAC
2008-05-06 02:17 --------- d-----w C:\Program Files\Realtek
2008-05-06 02:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-06 02:13 --------- d-----w C:\Program Files\Intel
2008-05-06 02:03 --------- d-----w C:\Program Files\Synaptics
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-06 14:06 167368]
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [2007-12-12 13:19 4937008]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 23:57 1103480]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-16 18:02 3313664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 18:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 18:43 688218]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"WLAN"="C:\WINDOWS\system32\WLan.exe" [2005-11-25 08:52 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-09 16:30 1177368]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2008-03-12 13:05 163128]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"vcs6diamond"="C:\Program Files\AV Vcs 6.0 DIAMOND\Vcs6Core.exe" [2007-06-28 18:34 304128]
"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" [2006-09-01 19:40 2228224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
C:\Documents and Settings\ludovic\Menu D‚marrer\Programmes\D‚marrage\
Kitbar4$.lnk - C:\Documents and Settings\ludovic\Bureau\kitbar\Kitbar4$.exe [2008-06-04 07:11:52 1163264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-06 04:33:56 839680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\APPS\\Powercinema\\PowerCinema.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-09 16:30]
R1 kioport;kioport Library Driver;C:\WINDOWS\system32\drivers\kioport.sys [2005-04-29 14:02]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-09 16:30]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-09 16:30]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-09 16:30]
R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys [2005-09-30 11:37]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-14 21:40]
*Newly Created Service* - CATCHME
*Newly Created Service* - FLEXNET_LICENSING_SERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-04 17:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-12 17:36:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-13 21:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-20 21:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 20:27:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-12 20:30:06
ComboFix-quarantined-files.txt 2008-06-12 18:29:36
Pre-Run: 26,607,218,688 octets libres
Post-Run: 26,654,560,256 octets libres
334 --- E O F --- 2008-06-12 01:05:54
bonjour,
j'ai toujours le meme probleme et maintenant j'ai mon ordi qui rame et mon disque dur qui chauffe( il atteint 41-42°C) ainsi que firefox au demarrrage me met serveur non trouvé alors que ma connection fonctionne
Il y a 440 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
