Gros gros problème.... .exe - registre - internet
Dernière réponse : dans Sécurité
Bonjour à tous , j'ai chopé un virus qui m'empeche d'être connecté à internet , jai cherché puis j'ai su que je devais changer une commande dans le registre ... Mais après avoir redemarré mon pc , aucun fichier .exe est possible à ouvrir : n'est pas une application win32 valide ... Donc maintenant je n'ai plus internet , je ne peux plus ouvri le registre :s:s Que dois-je faire ?? Merci d'avance ...
Autres pages sur : gros gros probleme exe registre internet
Lassé par la pub ? Créez un compte
Bonjour,
Probablement Bagle.
Télécharge Elibagla au bas de cette page.
Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Clique sur le Descargar Elibagla afin de télécharger le fichier, enregistre-le sur ton Bureau.
Lance le en double cliquant dessus.
Vérifie que dans le menu déroulant Unidad, il y ait bien la racine de la racine de la partition où est installé Windows, généralement -> C:\
L'option Eliminar Ficheros Automaticamente doit également être cochée.
Clique sur Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
Probablement Bagle.
Télécharge Elibagla au bas de cette page.
Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Merci de votre réponse , mais j'ai déjà essayé mais je ne peux plus rien ouvrir , plus aucun .exe .. ni même ELIBAGLA : elibagla n'est pas une application win32 valide ,
Je n'ai plus non plus internet ( je suis sur 1 portable ) mais je peux transférer des données avec une clé usb ...
Que dois-je faire SVP :s:s:s
Je n'ai plus non plus internet ( je suis sur 1 portable ) mais je peux transférer des données avec une clé usb ...
Que dois-je faire SVP :s:s:s
XmichouX a dit :
Bonjour,Probablement Bagle.
Télécharge Elibagla au bas de cette page.
Il est préférable pour certains antivirus de les désactiver avant d’entâmer cette procédure !
Michou helper o_o
Ya quand même du changement par la
Heu désolé du retard x) :
Sat May 31 22:11:18 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Sat May 31 22:11:29 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sat May 31 22:11:50 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sat May 31 22:12:10 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sat May 31 22:12:13 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sat May 31 22:13:16 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sat May 31 22:13:18 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sun Jun 01 12:23:34 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sun Jun 01 12:27:53 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Sun Jun 01 12:28:25 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8238
Nº Total de Ficheros: 79299
Nº de Ficheros Analizados: 11254
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sun Jun 01 12:34:54 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8238
Nº Total de Ficheros: 79297
Nº de Ficheros Analizados: 11254
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sun Jun 01 12:37:39 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Sun Jun 01 12:37:39 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\FLEC006.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Sun Jun 01 12:37:46 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sun Jun 01 12:39:57 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\FLEC006.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Sun Jun 01 12:40:43 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8238
Nº Total de Ficheros: 78849
Nº de Ficheros Analizados: 11255
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sat May 31 22:11:18 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Sat May 31 22:11:29 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sat May 31 22:11:50 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sat May 31 22:12:10 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sat May 31 22:12:13 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sat May 31 22:13:16 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sat May 31 22:13:18 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sun Jun 01 12:23:34 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Sun Jun 01 12:27:53 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Sun Jun 01 12:28:25 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8238
Nº Total de Ficheros: 79299
Nº de Ficheros Analizados: 11254
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sun Jun 01 12:34:54 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8238
Nº Total de Ficheros: 79297
Nº de Ficheros Analizados: 11254
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Sun Jun 01 12:37:39 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Sun Jun 01 12:37:39 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\FLEC006.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Sun Jun 01 12:37:46 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Sun Jun 01 12:39:57 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\FLEC006.EXE.Muestra EliBagle v11.44
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\ALEXANDRE\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.
Sun Jun 01 12:40:43 2008
EliBagle v11.44 (c)2008 S.G.H. / Satinfo S.L. (Modificado el 29 de Mayo del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 8238
Nº Total de Ficheros: 78849
Nº de Ficheros Analizados: 11255
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Ok, c'est bien Bagle.
Tu n'as pas répondu à ma question.
Fais un clic droit sur ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.
Choisis le Bureau, insère un trait d'union entre Combo et Fix de telle manière à obtenir Combo-Fix.exe, puis choisis Enregistrer.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Tu n'as pas répondu à ma question.
Fais un clic droit sur ComboFix (de sUBs) et choisis Enregistrer la cible (du lien) sous.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Ok merci , pour ta question désolé. Donc je devais aller dans le registre et changer la donnée dans Ndisuio/start et mettre 2 au lieu de 4 , et pour que les .exe remarchent j'ai crée un fichier .reg avec pour commande :
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
Voilà, je vais faire ce que tu m'as dis de faire . Merci![;)]( ";)")
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
Voilà, je vais faire ce que tu m'as dis de faire . Merci
Voici le rapport :
ComboFix 08-05-29.1 - Alexandre 2008-06-01 15:19:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1429 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\Documents and Settings\Alexandre\Local Settings\Application Data\vdnefmgjmx.dat
c:\documents and settings\alexandre\local settings\application data\vdnefmgjmx.exe
c:\Documents and Settings\Alexandre\Local Settings\Application Data\vdnefmgjmx_nav.dat
c:\Documents and Settings\Alexandre\Local Settings\Application Data\vdnefmgjmx_navps.dat
C:\Documents and Settings\NetworkService\Application Data\WinTouch
C:\Documents and Settings\NetworkService\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\NetworkService\Application Data\WinTouch\WTUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\seekmo
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spcron.dll
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\Twain\Twain.exe
C:\WINDOWS\BMf7d8c447.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaiiyvqo.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\102515.exe
C:\WINDOWS\system32\drivers\downld\106765.exe
C:\WINDOWS\system32\drivers\downld\109140.exe
C:\WINDOWS\system32\drivers\downld\123109.exe
C:\WINDOWS\system32\drivers\downld\137890.exe
C:\WINDOWS\system32\drivers\downld\139625.exe
C:\WINDOWS\system32\drivers\downld\147406.exe
C:\WINDOWS\system32\drivers\downld\152453.exe
C:\WINDOWS\system32\drivers\downld\155703.exe
C:\WINDOWS\system32\drivers\downld\164062.exe
C:\WINDOWS\system32\drivers\downld\164093.exe
C:\WINDOWS\system32\drivers\downld\172000.exe
C:\WINDOWS\system32\drivers\downld\20538562.exe
C:\WINDOWS\system32\drivers\downld\20571703.exe
C:\WINDOWS\system32\drivers\downld\20633187.exe
C:\WINDOWS\system32\drivers\downld\20655937.exe
C:\WINDOWS\system32\drivers\downld\20867281.exe
C:\WINDOWS\system32\drivers\downld\20921359.exe
C:\WINDOWS\system32\drivers\downld\20964078.exe
C:\WINDOWS\system32\drivers\downld\299375.exe
C:\WINDOWS\system32\drivers\downld\322140.exe
C:\WINDOWS\system32\drivers\downld\323687.exe
C:\WINDOWS\system32\drivers\downld\330437.exe
C:\WINDOWS\system32\drivers\downld\341828.exe
C:\WINDOWS\system32\drivers\downld\352515.exe
C:\WINDOWS\system32\drivers\downld\35421578.exe
C:\WINDOWS\system32\drivers\downld\35581984.exe
C:\WINDOWS\system32\drivers\downld\36010640.exe
C:\WINDOWS\system32\drivers\downld\36082390.exe
C:\WINDOWS\system32\drivers\downld\36110406.exe
C:\WINDOWS\system32\drivers\downld\366546.exe
C:\WINDOWS\system32\drivers\downld\385468.exe
C:\WINDOWS\system32\drivers\downld\386921.exe
C:\WINDOWS\system32\drivers\downld\501453.exe
C:\WINDOWS\system32\drivers\downld\521921.exe
C:\WINDOWS\system32\drivers\downld\553046.exe
C:\WINDOWS\system32\drivers\downld\584984.exe
C:\WINDOWS\system32\drivers\downld\597296.exe
C:\WINDOWS\system32\drivers\downld\632093.exe
C:\WINDOWS\system32\drivers\downld\80875.exe
C:\WINDOWS\system32\drivers\downld\817125.exe
C:\WINDOWS\system32\drivers\downld\827921.exe
C:\WINDOWS\system32\drivers\downld\869937.exe
C:\WINDOWS\system32\drivers\downld\882218.exe
C:\WINDOWS\system32\drivers\downld\94703.exe
C:\WINDOWS\system32\drivers\downld\95187.exe
C:\WINDOWS\system32\drivers\downld\99375.exe
C:\WINDOWS\system32\drivers\downld\99734.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\erunwgbe.ini
C:\WINDOWS\system32\fmjdmonr.dll
C:\WINDOWS\system32\fmqoorsr.ini
C:\WINDOWS\system32\gdckjdgd.dll
C:\WINDOWS\system32\gqyudmtb.dll
C:\WINDOWS\system32\hckqufxs.ini
C:\WINDOWS\system32\jqggngvg.dll
C:\WINDOWS\system32\lgvsixys.ini
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lsaiiqxv.ini
C:\WINDOWS\system32\luiuitxn.ini
C:\WINDOWS\system32\lujvcydo.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\neunuhea.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\oeatloxu.ini
C:\WINDOWS\system32\oejkxovk.dll
C:\WINDOWS\system32\ofgalsfq.dll
C:\WINDOWS\system32\ojrbvcwj.dll
C:\WINDOWS\system32\ophtjveg.dll
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\svcreifu.dll
C:\WINDOWS\system32\svlbphop.dll
C:\WINDOWS\system32\thfirlii.ini
C:\WINDOWS\system32\thpcinxl.ini
C:\WINDOWS\system32\urisevwf.dll
C:\WINDOWS\system32\vdyrosvm.dll
C:\WINDOWS\system32\wolfnvcv.ini
C:\WINDOWS\system32\xodtpysc.dll
C:\WINDOWS\system32\yhisqtiv.dll
C:\WINDOWS\system32\ypjseqqq.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-31 22:11 . 2008-06-01 12:37 <REP> d-------- C:\Muestras
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
2008-05-02 20:37 . 2008-05-02 20:39 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-05-01 17:40 . 2008-05-01 14:40 68,608 --a------ C:\WINDOWS\b155.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 10:19 --------- d-----w C:\Program Files\Twain
2008-06-01 10:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 10:10 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 17:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-24 18:44 73,728 ----a-w C:\WINDOWS\b156.exe
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-14 15:08 46,592 ----a-w C:\WINDOWS\b157.exe
2008-04-11 15:35 --------- d-----w C:\Program Files\Inet_Get_2
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.zip
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.dat
2008-04-11 11:48 11,264 ----a-w C:\WINDOWS\b138.exe
2008-04-11 11:23 1,577 ----a-w C:\drsmartload.exe
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:57 --------- d-----w C:\Program Files\Fake Webcam
2008-04-01 08:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-03-04 19:32 105,984 ----a-w C:\WINDOWS\b152.exe
2008-03-02 14:26 73,728 ----a-w C:\WINDOWS\b153.exe
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-10-07 16:44 424,136 ------w C:\Program Files\wunauclt.exe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
2006-08-27 11:00 285,184 ----a-w C:\Program Files\shell32.exe
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"Tweak-XP Pro"="C:\Program Files\Tweak-XP Pro 4\autostart.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ]
"WinTouch"="C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
awtuttt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 22:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 22:35]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 07:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-01 10:23:29 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 15:23:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
folder error: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 15:27:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 10:27:11
Pre-Run: 3,017,830,400 octets libres
Post-Run: 2,894,135,296 octets libres
376 --- E O F --- 2008-05-23 17:13:34
ComboFix 08-05-29.1 - Alexandre 2008-06-01 15:19:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1429 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\Combo-Fix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Alexandre\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\Documents and Settings\Alexandre\Local Settings\Application Data\vdnefmgjmx.dat
c:\documents and settings\alexandre\local settings\application data\vdnefmgjmx.exe
c:\Documents and Settings\Alexandre\Local Settings\Application Data\vdnefmgjmx_nav.dat
c:\Documents and Settings\Alexandre\Local Settings\Application Data\vdnefmgjmx_navps.dat
C:\Documents and Settings\NetworkService\Application Data\WinTouch
C:\Documents and Settings\NetworkService\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\NetworkService\Application Data\WinTouch\WTUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\seekmo
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spcron.dll
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\Twain\Twain.exe
C:\WINDOWS\BMf7d8c447.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaiiyvqo.dll
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\102515.exe
C:\WINDOWS\system32\drivers\downld\106765.exe
C:\WINDOWS\system32\drivers\downld\109140.exe
C:\WINDOWS\system32\drivers\downld\123109.exe
C:\WINDOWS\system32\drivers\downld\137890.exe
C:\WINDOWS\system32\drivers\downld\139625.exe
C:\WINDOWS\system32\drivers\downld\147406.exe
C:\WINDOWS\system32\drivers\downld\152453.exe
C:\WINDOWS\system32\drivers\downld\155703.exe
C:\WINDOWS\system32\drivers\downld\164062.exe
C:\WINDOWS\system32\drivers\downld\164093.exe
C:\WINDOWS\system32\drivers\downld\172000.exe
C:\WINDOWS\system32\drivers\downld\20538562.exe
C:\WINDOWS\system32\drivers\downld\20571703.exe
C:\WINDOWS\system32\drivers\downld\20633187.exe
C:\WINDOWS\system32\drivers\downld\20655937.exe
C:\WINDOWS\system32\drivers\downld\20867281.exe
C:\WINDOWS\system32\drivers\downld\20921359.exe
C:\WINDOWS\system32\drivers\downld\20964078.exe
C:\WINDOWS\system32\drivers\downld\299375.exe
C:\WINDOWS\system32\drivers\downld\322140.exe
C:\WINDOWS\system32\drivers\downld\323687.exe
C:\WINDOWS\system32\drivers\downld\330437.exe
C:\WINDOWS\system32\drivers\downld\341828.exe
C:\WINDOWS\system32\drivers\downld\352515.exe
C:\WINDOWS\system32\drivers\downld\35421578.exe
C:\WINDOWS\system32\drivers\downld\35581984.exe
C:\WINDOWS\system32\drivers\downld\36010640.exe
C:\WINDOWS\system32\drivers\downld\36082390.exe
C:\WINDOWS\system32\drivers\downld\36110406.exe
C:\WINDOWS\system32\drivers\downld\366546.exe
C:\WINDOWS\system32\drivers\downld\385468.exe
C:\WINDOWS\system32\drivers\downld\386921.exe
C:\WINDOWS\system32\drivers\downld\501453.exe
C:\WINDOWS\system32\drivers\downld\521921.exe
C:\WINDOWS\system32\drivers\downld\553046.exe
C:\WINDOWS\system32\drivers\downld\584984.exe
C:\WINDOWS\system32\drivers\downld\597296.exe
C:\WINDOWS\system32\drivers\downld\632093.exe
C:\WINDOWS\system32\drivers\downld\80875.exe
C:\WINDOWS\system32\drivers\downld\817125.exe
C:\WINDOWS\system32\drivers\downld\827921.exe
C:\WINDOWS\system32\drivers\downld\869937.exe
C:\WINDOWS\system32\drivers\downld\882218.exe
C:\WINDOWS\system32\drivers\downld\94703.exe
C:\WINDOWS\system32\drivers\downld\95187.exe
C:\WINDOWS\system32\drivers\downld\99375.exe
C:\WINDOWS\system32\drivers\downld\99734.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\erunwgbe.ini
C:\WINDOWS\system32\fmjdmonr.dll
C:\WINDOWS\system32\fmqoorsr.ini
C:\WINDOWS\system32\gdckjdgd.dll
C:\WINDOWS\system32\gqyudmtb.dll
C:\WINDOWS\system32\hckqufxs.ini
C:\WINDOWS\system32\jqggngvg.dll
C:\WINDOWS\system32\lgvsixys.ini
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lsaiiqxv.ini
C:\WINDOWS\system32\luiuitxn.ini
C:\WINDOWS\system32\lujvcydo.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\neunuhea.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\oeatloxu.ini
C:\WINDOWS\system32\oejkxovk.dll
C:\WINDOWS\system32\ofgalsfq.dll
C:\WINDOWS\system32\ojrbvcwj.dll
C:\WINDOWS\system32\ophtjveg.dll
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\svcreifu.dll
C:\WINDOWS\system32\svlbphop.dll
C:\WINDOWS\system32\thfirlii.ini
C:\WINDOWS\system32\thpcinxl.ini
C:\WINDOWS\system32\urisevwf.dll
C:\WINDOWS\system32\vdyrosvm.dll
C:\WINDOWS\system32\wolfnvcv.ini
C:\WINDOWS\system32\xodtpysc.dll
C:\WINDOWS\system32\yhisqtiv.dll
C:\WINDOWS\system32\ypjseqqq.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-05-31 22:11 . 2008-06-01 12:37 <REP> d-------- C:\Muestras
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
2008-05-02 20:37 . 2008-05-02 20:39 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-05-01 17:40 . 2008-05-01 14:40 68,608 --a------ C:\WINDOWS\b155.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 10:19 --------- d-----w C:\Program Files\Twain
2008-06-01 10:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 10:10 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 17:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-24 18:44 73,728 ----a-w C:\WINDOWS\b156.exe
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-14 15:08 46,592 ----a-w C:\WINDOWS\b157.exe
2008-04-11 15:35 --------- d-----w C:\Program Files\Inet_Get_2
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.zip
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.dat
2008-04-11 11:48 11,264 ----a-w C:\WINDOWS\b138.exe
2008-04-11 11:23 1,577 ----a-w C:\drsmartload.exe
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:57 --------- d-----w C:\Program Files\Fake Webcam
2008-04-01 08:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-03-04 19:32 105,984 ----a-w C:\WINDOWS\b152.exe
2008-03-02 14:26 73,728 ----a-w C:\WINDOWS\b153.exe
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-10-07 16:44 424,136 ------w C:\Program Files\wunauclt.exe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
2006-08-27 11:00 285,184 ----a-w C:\Program Files\shell32.exe
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"Tweak-XP Pro"="C:\Program Files\Tweak-XP Pro 4\autostart.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ]
"WinTouch"="C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
awtuttt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 22:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 22:35]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 07:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-01 10:23:29 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 15:23:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
folder error: C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 15:27:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 10:27:11
Pre-Run: 3,017,830,400 octets libres
Post-Run: 2,894,135,296 octets libres
376 --- E O F --- 2008-05-23 17:13:34
Sacré bordel ^^
Sélectionne l'intégralité du cadre ci-dessous :
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
*********
Télécharge Navilog (de Il-Mafioso)
Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
Poste le rapport généré.
Le rapport se trouve ici : C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Sélectionne l'intégralité du cadre ci-dessous :
Collect::
C:\Program Files\serial.zip
C:\Program Files\serial.dat
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\b155.exe
Driver::
oreans32
Folder::
C:\Muestras
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"=-
"Internet Download Accelerator"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"updateMgr"=-
"Tweak-XP Pro"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-
"RTHDCPL"=-
"NeroFilterCheck"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"nvcoi"=-
"WinTouch"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
C:\Program Files\serial.zip
C:\Program Files\serial.dat
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\b155.exe
Driver::
oreans32
Folder::
C:\Muestras
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"=-
"Internet Download Accelerator"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"updateMgr"=-
"Tweak-XP Pro"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-
"RTHDCPL"=-
"NeroFilterCheck"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"nvcoi"=-
"WinTouch"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
*********
Télécharge Navilog (de Il-Mafioso)
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
! N'utilise pas l'option 2,3 et 4 sans notre accord !
"*** Analyse Termine le ..... ***"
Le rapport se trouve ici : C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
Nouveau rapport de combot fix :
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1449 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\Combo-Fix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexandre\Local Settings\Application Data\dqbalczde_navfx.dat
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Alexandre\real.txt
C:\drsmartload.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 22:11 . 2008-06-01 12:37 <REP> d-------- C:\Muestras
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
2008-05-02 20:37 . 2008-05-02 20:39 51,355 --a------ C:\WINDOWS\system32\muzika.xm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:54 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 11:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 17:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.zip
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.dat
2008-04-11 07:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-11 07:40 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-11 07:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:57 --------- d-----w C:\Program Files\Fake Webcam
2008-04-01 15:32 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2008-04-01 15:32 119,568 ------w C:\WINDOWS\system32\vb6fr.dll
2008-04-01 08:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-26 15:13 180,224 ----a-w C:\WINDOWS\system32\ijl11.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 21:54 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-03-20 10:53 1,706,800 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 19:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-10-07 16:44 424,136 ------w C:\Program Files\wunauclt.exe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
2006-08-27 11:00 285,184 ----a-w C:\Program Files\shell32.exe
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 13:53:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"Tweak-XP Pro"="C:\Program Files\Tweak-XP Pro 4\autostart.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ]
"WinTouch"="C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe" [ ]
C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
awtuttt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-01 14:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 19:04:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 19:05:30
ComboFix-quarantined-files.txt 2008-06-01 14:05:10
ComboFix2.txt 2008-06-01 10:27:15
Pre-Run: 2,861,568,000 octets libres
Post-Run: 2,853,347,328 octets libres
258 --- E O F --- 2008-05-23 17:13:34
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1449 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\Combo-Fix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexandre\Local Settings\Application Data\dqbalczde_navfx.dat
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Alexandre\real.txt
C:\drsmartload.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 22:11 . 2008-06-01 12:37 <REP> d-------- C:\Muestras
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
2008-05-02 20:37 . 2008-05-02 20:39 51,355 --a------ C:\WINDOWS\system32\muzika.xm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:54 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 11:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 17:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.zip
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.dat
2008-04-11 07:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-11 07:40 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-11 07:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:57 --------- d-----w C:\Program Files\Fake Webcam
2008-04-01 15:32 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2008-04-01 15:32 119,568 ------w C:\WINDOWS\system32\vb6fr.dll
2008-04-01 08:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-26 15:13 180,224 ----a-w C:\WINDOWS\system32\ijl11.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 21:54 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-03-20 10:53 1,706,800 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 19:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-10-07 16:44 424,136 ------w C:\Program Files\wunauclt.exe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
2006-08-27 11:00 285,184 ----a-w C:\Program Files\shell32.exe
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 13:53:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"Tweak-XP Pro"="C:\Program Files\Tweak-XP Pro 4\autostart.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ]
"WinTouch"="C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe" [ ]
C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
awtuttt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-01 14:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 19:04:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 19:05:30
ComboFix-quarantined-files.txt 2008-06-01 14:05:10
ComboFix2.txt 2008-06-01 10:27:15
Pre-Run: 2,861,568,000 octets libres
Post-Run: 2,853,347,328 octets libres
258 --- E O F --- 2008-05-23 17:13:34
Rapport NAVILOG : Search Navipromo version 3.5.7 commencé le 01/06/2008 à 19:08:24,42
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Alexandre"
Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 01/06/2008 à 19:10:31,70 ***
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Alexandre"
Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Alexandre\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 01/06/2008 à 19:10:31,70 ***
Re,
Inutile de faire 36 UP.
Tu n'as pas fait le script demandé avec ComboFix.
Double clique sur le raccourci de Navilog1.
Choisis l'option 2 puis valide. (Entrée)
Laisse toi guider.
Ton ordinateur va redémarrer, sinon fais le manuellement.
Ton bureau va disparaître.
Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"
Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
Montorgueil ; VIP
Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.
Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau
Si c'est fait, supprime enfin le certificat présent sur ton bureau.
Les programmes suivants installent cette infection :
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.
Inutile de faire 36 UP.
Tu n'as pas fait le script demandé avec ComboFix.
"*** Nettoyage Termine le ..... ***"
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
Montorgueil ; VIP
Si tu les trouves, fais ceci :
* Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
* Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.
Ensuite pour chacun des certificats présents sur ton bureau :
* Va sur le site Web :
http://www.bleepingcomputer.com/submit-malware.php?chan...
* Copie/colle ceci dans la case 'Link to Topic' :
le nom du certificat (Montorgueil ,......)
* Copie/colle ceci dans la case 'Browse to the File' :
Le certificat correspondant que tu avais exportés vers ton bureau
Si c'est fait, supprime enfin le certificat présent sur ton bureau.
Les programmes suivants installent cette infection :
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
Rapport combo-fix :
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1449 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\Combo-Fix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexandre\Local Settings\Application Data\dqbalczde_navfx.dat
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Alexandre\real.txt
C:\drsmartload.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 22:11 . 2008-06-01 12:37 <REP> d-------- C:\Muestras
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
2008-05-02 20:37 . 2008-05-02 20:39 51,355 --a------ C:\WINDOWS\system32\muzika.xm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:54 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 11:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 17:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.zip
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.dat
2008-04-11 07:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-11 07:40 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-11 07:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:57 --------- d-----w C:\Program Files\Fake Webcam
2008-04-01 15:32 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2008-04-01 15:32 119,568 ------w C:\WINDOWS\system32\vb6fr.dll
2008-04-01 08:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-26 15:13 180,224 ----a-w C:\WINDOWS\system32\ijl11.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 21:54 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-03-20 10:53 1,706,800 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 19:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-10-07 16:44 424,136 ------w C:\Program Files\wunauclt.exe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
2006-08-27 11:00 285,184 ----a-w C:\Program Files\shell32.exe
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 13:53:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"Tweak-XP Pro"="C:\Program Files\Tweak-XP Pro 4\autostart.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ]
"WinTouch"="C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe" [ ]
C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
awtuttt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-01 14:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 19:04:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 19:05:30
ComboFix-quarantined-files.txt 2008-06-01 14:05:10
ComboFix2.txt 2008-06-01 10:27:15
Pre-Run: 2,861,568,000 octets libres
Post-Run: 2,853,347,328 octets libres
258 --- E O F --- 2008-05-23 17:13:34
Rapport Navilog1 :
Session actuelle : "Alexandre"
Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Alexandre\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 02/06/2008 à 11:46:45,85 ***
Et je n'ai pas Montorgueil ; VIP je vous envoie le rapport Hijackthis dès que possible.
Citation :
Nouveau rapport de combot fix :Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1449 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\Combo-Fix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexandre\Local Settings\Application Data\dqbalczde_navfx.dat
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Alexandre\real.txt
C:\drsmartload.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 22:11 . 2008-06-01 12:37 <REP> d-------- C:\Muestras
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
2008-05-02 20:37 . 2008-05-02 20:39 51,355 --a------ C:\WINDOWS\system32\muzika.xm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:54 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 11:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 17:01 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.zip
2008-04-11 15:00 53,731 ----a-w C:\Program Files\serial.dat
2008-04-11 07:57 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-11 07:40 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-04-11 07:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:57 --------- d-----w C:\Program Files\Fake Webcam
2008-04-01 15:32 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2008-04-01 15:32 119,568 ------w C:\WINDOWS\system32\vb6fr.dll
2008-04-01 08:23 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-26 15:13 180,224 ----a-w C:\WINDOWS\system32\ijl11.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 21:54 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-03-20 10:53 1,706,800 ----a-w C:\WINDOWS\system32\gdiplus.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 19:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-10-07 16:44 424,136 ------w C:\Program Files\wunauclt.exe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2006-08-27 13:19 56,239 ----a-w C:\Program Files\svchosts.tbe
2006-08-27 11:00 285,184 ----a-w C:\Program Files\shell32.exe
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 13:53:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteamKeyFr"="C:\Program Files\SteamKeyFr\SteamKeyFr.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"Tweak-XP Pro"="C:\Program Files\Tweak-XP Pro 4\autostart.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16:47 16859648 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ]
"WinTouch"="C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe" [ ]
C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttt]
awtuttt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-01 14:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 19:04:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 19:05:30
ComboFix-quarantined-files.txt 2008-06-01 14:05:10
ComboFix2.txt 2008-06-01 10:27:15
Pre-Run: 2,861,568,000 octets libres
Post-Run: 2,853,347,328 octets libres
258 --- E O F --- 2008-05-23 17:13:34
Rapport Navilog1 :
Citation :
Outil exécuté depuis C:\Program Files\navilog1Session actuelle : "Alexandre"
Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Alexandre\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Alexandre\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Alexandre\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 02/06/2008 à 11:46:45,85 ***
Et je n'ai pas Montorgueil ; VIP je vous envoie le rapport Hijackthis dès que possible.
Rapport Hijackthis :
Scan saved at 12:10, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Logi\Dap\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Alex\Logi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: onlinepixel24 Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - (no file)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Program Files\Tweak-XP Pro 4\autostart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: SM.lnk = C:\Program Files\SM\skymessnet.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - D:\Logi\Dap\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Logi\Dap\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - D:\Logi\Dap\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: onlinepixel24 Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - (no file)
O9 - Extra 'Tools' menuitem: onlinepixel24 Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - (no file)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Alex\Logi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Alex\Logi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: awtuttt - awtuttt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Logi\vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Logi\vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 12101 bytes
Citation :
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:10, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Logi\Dap\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Alex\Logi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: onlinepixel24 Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - (no file)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Program Files\Tweak-XP Pro 4\autostart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinTouch] C:\Documents and Settings\NetworkService\Application Data\WinTouch\WinTouch.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: SM.lnk = C:\Program Files\SM\skymessnet.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - D:\Logi\Dap\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Logi\Dap\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - D:\Logi\Dap\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: onlinepixel24 Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - (no file)
O9 - Extra 'Tools' menuitem: onlinepixel24 Toolbar - {81CFC095-AC7A-4B6C-9EBF-9B353A7A7EE2} - (no file)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Alex\Logi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Alex\Logi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: awtuttt - awtuttt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Logi\vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Logi\vegas\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
--
End of file - 12101 bytes
Voilà j'ai refais avec le script et voici le rapport
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1277 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexandre\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Muestras
C:\Program Files\serial.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 12:09 . 2008-06-02 12:09 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 11:50 . 2008-06-02 11:51 <REP> d-------- C:\Combo-Fix
2008-06-01 20:21 . 2008-06-01 20:41 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 20:21 . 2008-06-01 20:41 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 20:20 . 2008-06-02 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 20:20 . 2008-06-03 13:13 8,685,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 20:20 . 2008-06-03 13:12 119,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 20:20 . 2008-06-03 13:14 21,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 20:20 . 2008-06-03 13:12 4,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:07 . 2008-06-02 11:46 <REP> d-------- C:\Program Files\Navilog1
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 08:11 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-03 08:11 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-06-02 11:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 06:39 56,239 ----a-w C:\Program Files\svchosts.tbe
2008-06-01 15:42 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 08:13:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-12-28 14:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 08:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 13:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-02-08 13:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 7.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 07:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-03 08:13:32 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 13:14:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-03 13:19:33 - machine was rebooted [Alexandre]
ComboFix-quarantined-files.txt 2008-06-03 08:19:27
ComboFix2.txt 2008-06-01 14:05:30
ComboFix3.txt 2008-06-01 10:27:15
Pre-Run: 5,801,713,664 octets libres
Post-Run: 5,961,240,576 octets libres
261 --- E O F --- 2008-05-23 17:13:34
Citation :
ComboFix 08-05-29.1 - Alexandre 2008-06-03 13:01:22.4 - NTFSx86Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1277 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexandre\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Muestras
C:\Program Files\serial.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 12:09 . 2008-06-02 12:09 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 11:50 . 2008-06-02 11:51 <REP> d-------- C:\Combo-Fix
2008-06-01 20:21 . 2008-06-01 20:41 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 20:21 . 2008-06-01 20:41 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 20:20 . 2008-06-02 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 20:20 . 2008-06-03 13:13 8,685,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 20:20 . 2008-06-03 13:12 119,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 20:20 . 2008-06-03 13:14 21,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 20:20 . 2008-06-03 13:12 4,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:07 . 2008-06-02 11:46 <REP> d-------- C:\Program Files\Navilog1
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 08:11 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-03 08:11 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-06-02 11:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 06:39 56,239 ----a-w C:\Program Files\svchosts.tbe
2008-06-01 15:42 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 08:13:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-12-28 14:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 08:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 13:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-02-08 13:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 7.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 07:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-03 08:13:32 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 13:14:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-03 13:19:33 - machine was rebooted [Alexandre]
ComboFix-quarantined-files.txt 2008-06-03 08:19:27
ComboFix2.txt 2008-06-01 14:05:30
ComboFix3.txt 2008-06-01 10:27:15
Pre-Run: 5,801,713,664 octets libres
Post-Run: 5,961,240,576 octets libres
261 --- E O F --- 2008-05-23 17:13:34
Re,
Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de on.reg
Double-clique dessus, accepte l’inscription des données.
*********
Sélectionne l’intégralité du cadre ci-dessous :
Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
Sélectionne l’intégralité du cadre ci-dessous (espaces compris) :
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de on.reg
Double-clique dessus, accepte l’inscription des données.
*********
Sélectionne l’intégralité du cadre ci-dessous :
@echo off & cls
CD \
dir /s /a "C:\pnp" >> ff.txt
if not exist "%programfiles%\svchosts.tbe" echo Le fichier n'existe pas >> ff.txt
if exist "%programfiles%\svchosts.tbe" (
del /f /q "%programfiles%\svchosts.tbe"
if not exist "%programfiles%\svchosts.tbe" echo Le fichier a bien été supprimé >> ff.txt
if exist "%programfiles%\svchosts.tbe" echo Erreur de suppression ! >> ff.txt
)
start on.reg
ff.txt & del ff.txt
exit
CD \
dir /s /a "C:\pnp" >> ff.txt
if not exist "%programfiles%\svchosts.tbe" echo Le fichier n'existe pas >> ff.txt
if exist "%programfiles%\svchosts.tbe" (
del /f /q "%programfiles%\svchosts.tbe"
if not exist "%programfiles%\svchosts.tbe" echo Le fichier a bien été supprimé >> ff.txt
if exist "%programfiles%\svchosts.tbe" echo Erreur de suppression ! >> ff.txt
)
start on.reg
ff.txt & del ff.txt
exit
Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
J'ai bien supprimé svchosts.tbe , j'ai mis DisableMonitoring a 0
Nouveau rapport comboFix :
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1273 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.
2008-06-03 13:34 . 2008-06-03 13:34 <REP> d-------- C:\WINDOWS\LastGood
2008-06-03 13:33 . 2008-06-03 13:33 <REP> d-------- C:\Program Files\THQ
2008-06-02 12:09 . 2008-06-02 12:09 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 11:50 . 2008-06-02 11:51 <REP> d-------- C:\Combo-Fix
2008-06-01 20:21 . 2008-06-01 20:41 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 20:21 . 2008-06-01 20:41 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 20:20 . 2008-06-02 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 20:20 . 2008-06-03 17:56 8,877,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 20:20 . 2008-06-03 13:12 119,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 20:20 . 2008-06-03 17:55 28,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 20:20 . 2008-06-03 13:12 4,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:07 . 2008-06-02 11:46 <REP> d-------- C:\Program Files\Navilog1
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 12:56 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-06-03 12:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 08:16 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 15:42 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 08:13:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 08:39:07 7,358 ----a-r C:\WINDOWS\Installer\{51D718D1-DA81-4FAD-919F-5C1CE3C33379}\ARPPRODUCTICON.exe
+ 2006-03-31 08:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
+ 2006-02-03 04:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2006-03-31 08:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
+ 2006-03-31 08:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
+ 2007-12-28 14:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 08:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 13:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-02-08 13:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 7.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-03 12:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:55:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-03 17:58:01
ComboFix-quarantined-files.txt 2008-06-03 12:57:57
ComboFix2.txt 2008-06-03 08:19:34
ComboFix3.txt 2008-06-01 14:05:30
ComboFix4.txt 2008-06-01 10:27:15
Pre-Run: 1,997,877,248 octets libres
Post-Run: 1,985,277,952 octets libres
240 --- E O F --- 2008-05-23 17:13:34
Nouveau rapport comboFix :
Citation :
ComboFix 08-06-01.6 - Alexandre 2008-06-03 17:46:54.5 - NTFSx86Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1273 [GMT 5:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.
2008-06-03 13:34 . 2008-06-03 13:34 <REP> d-------- C:\WINDOWS\LastGood
2008-06-03 13:33 . 2008-06-03 13:33 <REP> d-------- C:\Program Files\THQ
2008-06-02 12:09 . 2008-06-02 12:09 <REP> d-------- C:\Program Files\Trend Micro
2008-06-02 11:50 . 2008-06-02 11:51 <REP> d-------- C:\Combo-Fix
2008-06-01 20:21 . 2008-06-01 20:41 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 20:21 . 2008-06-01 20:41 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 20:20 . 2008-06-02 12:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 20:20 . 2008-06-03 17:56 8,877,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 20:20 . 2008-06-03 13:12 119,444 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 20:20 . 2008-06-03 17:55 28,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 20:20 . 2008-06-03 13:12 4,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 19:07 . 2008-06-02 11:46 <REP> d-------- C:\Program Files\Navilog1
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-06-01 16:33 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
2008-06-01 16:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 16:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 20:40 . 2008-05-31 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-31 16:07 . 2008-05-31 16:07 268 --ah----- C:\sqmdata19.sqm
2008-05-31 16:07 . 2008-05-31 16:07 244 --ah----- C:\sqmnoopt19.sqm
2008-05-31 15:59 . 2008-05-31 15:59 <REP> d-------- C:\pnp
2008-05-31 15:59 . 2008-05-31 15:59 268 --ah----- C:\sqmdata18.sqm
2008-05-31 15:59 . 2008-05-31 15:59 244 --ah----- C:\sqmnoopt18.sqm
2008-05-31 15:42 . 2008-05-31 15:42 268 --ah----- C:\sqmdata17.sqm
2008-05-31 15:42 . 2008-05-31 15:42 244 --ah----- C:\sqmnoopt17.sqm
2008-05-31 15:11 . 2008-05-31 15:11 <REP> d-------- C:\Program Files\Microsoft Games
2008-05-31 14:53 . 2008-05-31 14:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-31 13:43 . 2008-05-31 13:43 244 --ah----- C:\sqmnoopt16.sqm
2008-05-31 13:43 . 2008-05-31 13:43 232 --ah----- C:\sqmdata16.sqm
2008-05-31 13:19 . 2008-05-31 13:19 268 --ah----- C:\sqmdata15.sqm
2008-05-31 13:19 . 2008-05-31 13:19 244 --ah----- C:\sqmnoopt15.sqm
2008-05-31 13:01 . 2008-05-31 13:01 268 --ah----- C:\sqmdata14.sqm
2008-05-31 13:01 . 2008-05-31 13:01 244 --ah----- C:\sqmnoopt14.sqm
2008-05-31 12:29 . 2008-05-31 12:29 244 --ah----- C:\sqmnoopt13.sqm
2008-05-31 12:29 . 2008-05-31 12:29 232 --ah----- C:\sqmdata13.sqm
2008-05-30 23:07 . 2008-05-30 23:07 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
2008-05-30 17:59 . 2008-05-30 17:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Icon Constructor 3
2008-05-30 17:58 . 2008-05-31 16:55 <REP> d-------- C:\Program Files\Icon Constructor 3
2008-05-30 17:42 . 2008-04-01 13:23 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-30 17:42 . 2008-04-01 13:23 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-30 17:42 . 2008-04-01 13:23 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:42 . 2008-04-01 13:23 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-23 22:13 . 2008-05-23 22:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 14:32 . 2008-05-23 17:32 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\U3
2008-05-13 06:51 . 2008-05-13 06:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-13 06:51 . 2008-05-13 06:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-08 19:50 . 2003-02-20 20:06 282,624 --a------ C:\WINDOWS\system32\fusion.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 12:56 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Azureus
2008-06-03 12:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 08:16 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2008-06-01 15:42 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-01 08:19 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-31 11:51 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-31 11:50 --------- d-----w C:\Program Files\R-Undelete
2008-05-31 11:48 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-05-31 11:39 --------- d-----w C:\Program Files\MSN Messenger
2008-05-31 11:38 --------- d-----w C:\Program Files\ElcomSoft
2008-05-31 10:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 18:07 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-30 13:04 --------- d-----w C:\Program Files\eMule
2008-05-30 12:32 --------- d-----w C:\Program Files\LimeWire
2008-05-29 13:32 --------- d-----w C:\Program Files\DivX
2008-05-24 11:08 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AdobeUM
2008-05-21 16:27 --------- d-----w C:\Program Files\Safari
2008-05-09 15:04 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\teamspeak2
2008-05-07 15:11 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-01 08:04 --------- d-----w C:\Program Files\EuroKiddies
2008-04-29 10:35 --------- d-----w C:\Program Files\Electronic Arts
2008-04-27 10:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-26 20:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Ubisoft
2008-04-26 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-26 19:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\InstallShield
2008-04-25 12:55 --------- d-----w C:\Program Files\Valve
2008-04-23 08:12 --------- d-----w C:\Program Files\AxBx
2008-04-11 07:57 --------- d--h--r C:\Documents and Settings\Alexandre\Application Data\SecuROM
2008-04-11 07:52 --------- d-----w C:\Program Files\GameSpy
2008-04-11 07:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-11 07:41 22,328 ----a-w C:\Documents and Settings\Alexandre\Application Data\PnkBstrK.sys
2008-04-10 15:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-09 09:25 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\TuneUp Software
2008-04-09 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-09 09:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-09 08:54 --------- d-----w C:\Program Files\Raxco
2008-04-09 08:54 --------- d-----w C:\Program Files\Fichiers communs\Raxco
2008-04-09 08:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-09 08:50 --------- d-----w C:\Program Files\Ace Translator
2008-04-06 13:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 08:44 --------- d-----w C:\Program Files\Eurobarre
2008-04-04 07:38 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Apple Computer
2008-04-03 15:15 --------- d-----w C:\Program Files\iTunes
2008-04-03 15:15 --------- d-----w C:\Program Files\iPod
2008-04-03 15:14 --------- d-----w C:\Program Files\QuickTime
2008-03-17 09:31 10 ----a-w C:\Program Files\.autoreg
2008-03-05 13:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 18:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-08-27 13:38 1,015,973 --sha-r C:\Program Files\serial.tde
2005-09-28 07:56 185,856 ----a-w C:\Program Files\7za.exe
2007-06-11 15:07 88 --sha-r C:\WINDOWS\system32\4A89EC38DC.sys
2007-06-11 15:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-01_15.27.03.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 10:23:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 08:13:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-03 08:39:07 7,358 ----a-r C:\WINDOWS\Installer\{51D718D1-DA81-4FAD-919F-5C1CE3C33379}\ARPPRODUCTICON.exe
+ 2006-03-31 08:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
+ 2006-02-03 04:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2006-03-31 08:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
+ 2006-03-31 08:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
+ 2007-12-28 14:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 08:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 13:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-02-08 13:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-01 12:31 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-01 12:31 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:39 486856]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-29 14:55 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 13:21 61440]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 12:02 81920]
"nwiz"="nwiz.exe" [2008-03-04 12:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 12:02 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 17:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
C:\Documents and Settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 01:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 7.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike source\\hl2.exe"=
"D:\\Logi\\Dap\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\alexadre1\\counter-strike\\hl.exe"=
"\\\\JULIEN\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\jojo70\\counter-strike source\\hl2.exe"=
"D:\\Alex\\Logi\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Ace Translator\\AceTrans.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-06-03 12:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:55:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-03 17:58:01
ComboFix-quarantined-files.txt 2008-06-03 12:57:57
ComboFix2.txt 2008-06-03 08:19:34
ComboFix3.txt 2008-06-01 14:05:30
ComboFix4.txt 2008-06-01 10:27:15
Pre-Run: 1,997,877,248 octets libres
Post-Run: 1,985,277,952 octets libres
240 --- E O F --- 2008-05-23 17:13:34
Bien,
C'est mieux ?
Télécharge Clean (de Malekal) sur ton Bureau.
Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport qui se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
Puis poste un nouveau rapport HijackThis.
C'est mieux ?
Télécharge Clean (de Malekal) sur ton Bureau.
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
Puis poste un nouveau rapport HijackThis.
J'allais oublier..
Télécharge et exécute SafebootKeyRepair --> http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...
Ne me poste pas le rapport généré.
Télécharge et exécute SafebootKeyRepair --> http://download.bleepingcomputer.com/sUBs/SafeBootKeyRe...
Ne me poste pas le rapport généré.
Voilà le rapport
03/06/2008 a 18:17:09,68
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\patcher.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\?racle FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\onlinepixel24 Toolbar\" FOUND
je vais uploader now.
03/06/2008 a 18:17:09,68
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\patcher.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\?racle FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\onlinepixel24 Toolbar\" FOUND
je vais uploader now.
Re,
Nos posts se sont croisés.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
[#FF0000]Aide : Comment utiliser MBAM.
**********
Toujours en mode sans échec :
Relance Clean
Fais l’option 2 cette fois-ci et poste le rapport.
Le rapport se trouve ici : C:\rapport_clean.txt
Aide : Comment utiliser Clean.
Nos posts se sont croisés.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
[#FF0000]Aide : Comment utiliser MBAM.
**********
Toujours en mode sans échec :
Aide : Comment utiliser Clean.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumInternet gros caracteres
- ForumPage internet en gros caractère
- ForumGros caractere sur internet
- ForumEnvoyer un gros dossier par internet
- solutionsEnvoie de gros dossier par internet
- ForumTransferer gros fichier par internet
- ForumGros probleme pour installer la club internet
- ForumTransfert gros fichier par internet
- ForumGros probleme sur archos 5 internet tablet
- ForumGros caractère internet
- Voir plus
