Bonjour a tous , depuis hier je suis victime d'un ou plusieurs virus qui d'une part m'empechent totalement de naviguer sur le net et d'autre part désactivent les mises à jour automatiques de windows.
J'ai éssayé un scan total avec antivir + spybot en mode sans échec... il a trouvé des virus mais le probleme n'est pas résolu.
Je me tourne donc vers vous ne sachant plus quoi faire.
Je vous poste un rapport HijackThis réalisé il y a qu'elques minutes :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:43, on 06/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Marvell\Mrv8000x.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BMaf209ef5] Rundll32.exe "C:\WINDOWS\system32\bdthhtab.dll",s
O4 - HKLM\..\Run: [ac13ad69] rundll32.exe "C:\WINDOWS\system32\oqaosvxt.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_0_29.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A628EC-9AF8-4240-AE0E-038F41F6E6A1}: NameServer = 80.10.246.2,80.10.242.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: maconfservice - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8477 bytes
Merci d'avance pour celui ou ceux qui se pencheront sur mon probleme.
Bonjour,
Télécharge SDFix (d’Andy Manchesta)
- Enregistre le sur ton le bureau.
- Lance le.
- Fais install afin qu’il puisse s’extraire.
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
- Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
- Appuie sur Y pour le lancer.
- Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
- Il est probable que le redémarrage soit un peu plus long que d’habitude.
- Une fois l’apparition de ton Bureau, il affichera Finished
- Appuie sur une touche.
- Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
Répondre à XmichouX
Merci pour ta réponse voici le rapport :
SDFix: Version 1.188
Run by Michael on 06/06/2008 at 18:46
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\efcAPFxY.dll - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 19:03:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:51,2d,d7,5c,b4,ed,3f,ef,34,75,d0,ac,24,98,20,2b,c9,46,3b,75,d6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,db,f6,f9,69,51,31,9a,e7,9f,16,d8,f9,bd,30,be,66,cd,..
"khjeh"=hex:ee,89,98,29,a9,cc,50,42,26,80,55,3e,ca,2c,be,65,2e,85,bf,30,16,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2e,fb,4b,39,94,62,f0,0e,9b,82,80,65,38,63,ef,63,e8,2a,ab,46,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:51,2d,d7,5c,b4,ed,3f,ef,34,75,d0,ac,24,98,20,2b,c9,46,3b,75,d6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,db,f6,f9,69,51,31,9a,e7,9f,16,d8,f9,bd,30,be,66,cd,..
"khjeh"=hex:ee,89,98,29,a9,cc,50,42,26,80,55,3e,ca,2c,be,65,2e,85,bf,30,16,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2e,fb,4b,39,94,62,f0,0e,9b,82,80,65,38,63,ef,63,e8,2a,ab,46,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:51,2d,d7,5c,b4,ed,3f,ef,34,75,d0,ac,24,98,20,2b,c9,46,3b,75,d6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,db,f6,f9,69,51,31,9a,e7,9f,16,d8,f9,bd,30,be,66,cd,..
"khjeh"=hex:ee,89,98,29,a9,cc,50,42,26,80,55,3e,ca,2c,be,65,2e,85,bf,30,16,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2e,fb,4b,39,94,62,f0,0e,9b,82,80,65,38,63,ef,63,e8,2a,ab,46,21,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled
nkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:EnablednkBstrB"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Team Fortress 2\\hl2.exe"="C:\\Program Files\\Team Fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled
rb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:EnabledrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabledrb Stream Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT7.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITA.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITE.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT6.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITB.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT8.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITD.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT9.tmp"
Mon 19 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITC.tmp"
Finished!
PS : Apres redémarage Antivir a détecté un grand nombre de virus dans Windows/System32
Re,
Télécharge ComboFix (de sUBs) sur ton Bureau.
- Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
- Double clique sur ComboFix.exe.
- Accepte la licence en cliquant sur Oui.
- Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
Répondre à XmichouX
RE, alors apres combofix la navigation semble remarcher correctement, cependant au démarrage de windows, spybot continue de me dire que des entrés de clef du registre ont été modifiées et me demande si j'accepte ou non la modification. Je ne sais pas quoi choisir.
Je te poste donc le rapport Combofix :
ComboFix 08-06-06.4 - Michael 2008-06-07 1:11:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1417 [GMT 2:00]
Endroit: C:\Documents and Settings\Michael\Bureau\AIDE VIR\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMaf209ef5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bdthhtab.dll
C:\WINDOWS\system32\bnkfxcqd.dll
C:\WINDOWS\system32\ehfasoka.ini
C:\WINDOWS\system32\gcvjjsba.dll
C:\WINDOWS\system32\lfhwtapm.dll
C:\WINDOWS\system32\ljJAtuVO.dll
C:\WINDOWS\system32\oqaosvxt.dll
C:\WINDOWS\system32\OVutAJjl.ini
C:\WINDOWS\system32\OVutAJjl.ini2
C:\WINDOWS\system32\qfwfdmas.ini
C:\WINDOWS\system32\tuvTkklL.dll
C:\WINDOWS\system32\txvsoaqo.ini
C:\WINDOWS\system32\WFOVuBeg.ini
C:\WINDOWS\system32\WFOVuBeg.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 ))))))))))))))))))))))))))))))))))))
.
2008-06-06 18:43 . 2008-06-06 18:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-06 18:40 . 2008-06-06 19:08 <REP> d-------- C:\SDFix
2008-06-06 16:39 . 2008-06-06 16:39 <REP> d-------- C:\Program Files\Trend Micro
2008-06-05 22:41 . 2008-06-06 11:19 211 --a------ C:\WINDOWS\wininit.ini
2008-06-05 22:16 . 2008-06-05 22:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-05 22:16 . 2008-06-05 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 18:27 . 2008-06-05 21:45 <REP> d-------- C:\Program Files\EasyPHP 2.0b1
2008-06-05 09:08 . 2008-06-05 09:08 <REP> d-------- C:\Program Files\Google
2008-06-04 13:25 . 2000-11-07 17:36 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-06-04 13:25 . 1999-05-06 20:00 262,152 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
2008-06-04 13:25 . 1999-01-13 17:22 61,440 --a------ C:\WINDOWS\system32\RHGBTN32.DLL
2008-06-04 13:25 . 1998-07-13 06:08 31,232 --a------ C:\WINDOWS\system32\DATGDFR.DLL
2008-06-04 13:25 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-04 13:25 . 1998-07-12 20:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-06-04 13:25 . 1995-08-24 05:50 5,532 --a------ C:\WINDOWS\system32\STDOLE.TLB
2008-06-04 13:25 . 2001-09-12 13:17 402 --a------ C:\WINDOWS\system32\msxml3.inf
2008-06-04 13:24 . 2008-06-04 13:24 <REP> d-------- C:\Program Files\win'design
2008-06-04 13:04 . 2003-05-15 06:48 <REP> d-------- C:\Program Files\Win'design 5.2.2
2008-06-01 23:07 . 2008-06-01 23:07 56 --a------ C:\WINDOWS\WdEdit.INI
2008-06-01 22:10 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Program Files\Notepad++
2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Notepad++
2008-05-31 03:04 . 2008-06-02 19:29 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-29 18:45 . 2008-05-29 18:45 173 --a------ C:\WINDOWS\ODBC.INI
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\js
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\images
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\html
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\css
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Business Objects
2008-05-29 18:39 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-29 18:31 . 2008-05-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-05-29 18:27 . 2008-05-29 18:27 <REP> d-------- C:\WINDOWS\symbols
2008-05-29 18:26 . 2008-05-29 18:42 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-29 18:26 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-05-29 18:26 . 2008-05-29 18:28 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-05-29 18:26 . 2008-05-29 18:31 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\CE Remote Tools
2008-05-29 17:56 . 2008-05-29 17:56 <REP> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-29 17:54 . 2008-05-29 18:21 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-29 17:54 . 2008-05-29 17:54 <REP> d-------- C:\Program Files\Reference Assemblies
2008-05-29 17:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-29 17:52 . 2008-05-29 17:52 <REP> d-------- C:\Program Files\MSXML 6.0
2008-05-27 18:18 . 2008-05-27 18:18 <REP> d-------- C:\Program Files\DVD Decrypter
2008-05-27 02:13 . 2008-05-27 02:13 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-26 17:14 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-26 17:14 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-26 17:14 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-26 17:14 . 2004-06-26 01:54 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-05-26 17:14 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-26 17:14 . 2007-08-09 09:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-26 17:14 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-26 17:14 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\HP
2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-26 17:13 . 2004-05-10 15:54 212,992 -ra------ C:\WINDOWS\system32\hptcpmui.dll
2008-05-26 17:13 . 2004-05-10 15:54 110,592 -ra------ C:\WINDOWS\system32\hptcpmon.dll
2008-05-26 17:13 . 2004-05-10 15:54 98,304 -ra------ C:\WINDOWS\system32\hpzjsn01.dll
2008-05-26 17:13 . 2004-05-10 15:54 73,728 -ra------ C:\WINDOWS\system32\hptcpmib.dll
2008-05-26 17:13 . 2004-05-10 15:54 28,672 -ra------ C:\WINDOWS\system32\hpzjfw01.dll
2008-05-26 17:13 . 2004-05-10 15:54 10,092 -ra------ C:\WINDOWS\system32\hptcpmui.hlp
2008-05-26 17:13 . 2004-05-10 15:54 10,062 -ra------ C:\WINDOWS\system32\hpipxmui.hlp
2008-05-26 17:13 . 2004-05-10 15:54 3,279 -ra------ C:\WINDOWS\system32\hptcpmon.ini
2008-05-26 17:13 . 2008-05-26 17:13 138 --a------ C:\WINDOWS\system32\AddPort.ini
2008-05-26 17:11 . 2008-05-26 17:14 102,846 --a------ C:\WINDOWS\hpdj6800.his
2008-05-26 17:11 . 2008-05-26 17:16 23,083 --a------ C:\WINDOWS\hpf6800m.his
2008-05-26 17:11 . 2008-05-26 17:14 13,829 --a------ C:\WINDOWS\hpdj6800.ini
2008-05-26 17:11 . 2008-05-26 17:16 5,412 --a------ C:\WINDOWS\hpf6800m.ini
2008-05-25 20:30 . 2008-06-06 14:44 0 --a------ C:\23990098.$$$
2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Downloads
2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Bases
2008-05-25 18:04 . 2008-05-25 18:04 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-05-25 17:31 . 2008-05-25 17:31 <REP> d-------- C:\Program Files\Lavalys
2008-05-25 01:31 . 2008-05-25 01:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CCP
2008-05-25 01:28 . 2008-05-25 01:28 <REP> d-------- C:\Program Files\CCP
2008-05-24 14:46 . <REP> C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu T II
2008-05-24 13:34 . 2008-05-24 13:34 <REP> d-------- C:\Program Files\Electronic Arts
2008-05-22 21:32 . 2008-05-22 21:32 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Command & Conquer 3 Kane's Wrath
2008-05-22 21:22 . 2008-05-25 00:00 <REP> d-------- C:\Documents and Settings\Michael\Application Data\skypePM
2008-05-22 21:22 . 2008-05-22 21:22 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-22 21:19 . 2008-05-23 10:58 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Hamachi
2008-05-22 21:18 . 2008-05-22 21:18 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Skype
2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-05-22 21:17 . 2008-05-25 03:17 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Skype
2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-22 13:36 . 2008-06-05 21:48 <REP> d-------- C:\Program Files\Winamp Remote
2008-05-22 13:36 . 2008-05-22 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-22 11:17 . 2008-05-22 11:17 <REP> d-------- C:\Program Files\GIGABYTE
2008-05-21 21:37 . 2008-05-21 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-21 12:22 . 2008-05-21 12:22 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-21 12:14 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
2008-05-21 12:14 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
2008-05-21 01:59 . 2008-05-21 01:59 <REP> d-------- C:\Program Files\X'nStop 2.5
2008-05-21 00:50 . 2008-05-21 00:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-20 19:59 . 2008-05-20 20:57 <REP> d-------- C:\Program Files\uTorrent
2008-05-20 19:59 . 2008-06-07 01:13 <REP> d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-19 22:53 . 2008-05-19 22:53 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-19 22:53 . 2008-05-19 22:53 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-19 22:53 . 2008-05-19 22:53 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\Documents and Settings\Michael\Application Data\PnkBstrK.sys
2008-05-19 22:44 . 2008-05-21 12:09 <REP> d-------- C:\Program Files\Ubisoft
2008-05-19 21:50 . 2008-05-19 21:50 <REP> d-------- C:\Program Files\FileZilla
2008-05-19 12:35 . 2008-05-25 21:35 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-19 01:03 . 2008-05-19 01:03 <REP> d-------- C:\Program Files\UselessCreations
2008-05-19 00:34 . 2008-05-20 22:45 <REP> d--h----- C:\WINDOWS\Icons
2008-05-19 00:19 . 2008-05-19 00:19 <REP> d-------- C:\Documents and Settings\Michael\Application Data\TuneUp Software
2008-05-19 00:19 . 2008-05-19 00:19 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-19 00:19 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-19 00:18 . 2008-05-19 00:19 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-18 21:59 . 2008-05-18 21:59 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
2008-05-18 21:53 . 2008-05-18 21:53 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
2008-05-18 21:53 . 2008-05-18 21:53 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp Toolbar
2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-05-18 21:38 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 16:28 --------- d-----w C:\Program Files\Command & Conquer 3 Kane's Wrath
2008-05-25 12:51 --------- d-----w C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu ™ II
2008-05-22 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 23:47 --------- d-----w C:\Program Files\Team Fortress 2
2008-05-18 09:31 --------- d-----w C:\Program Files\Warcraft III
2008-05-17 14:54 --------- d-----w C:\Program Files\Realtek AC97
2008-05-17 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-17 14:32 --------- d-----w C:\Program Files\ma-config.com
2008-05-17 14:12 155,995 ----a-w C:\WINDOWS\java\Packages\0LBX3P3N.ZIP
2008-05-17 14:05 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-17 12:45 --------- d-----w C:\Program Files\Marvell
2008-05-17 12:29 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-17 12:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-17 12:29 --------- d-----w C:\Program Files\AvRack
2008-05-17 12:29 --------- d-----w C:\Program Files\AMD
2008-05-17 12:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-17 12:18 --------- d-----w C:\Program Files\Services en ligne
2008-05-03 03:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.
------- Sigcheck -------
2001-08-24 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2002-08-29 11:45 561152 0abf2f5280940d32d1d52bd3500b0c37 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2001-08-24 14:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
2002-08-29 11:45 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2002-08-29 02:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 11:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2001-08-24 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2002-08-29 11:45 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2002-08-29 11:45 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0964C6CC-A7C4-465C-864F-E778887E5D25}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f93b879-54c3-4e32-9149-0529fbc1d033}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 02:32 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
"ac13ad69"="C:\WINDOWS\system32\oqaosvxt.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Team Fortress 2\\hl2.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S3 maconfservice;maconfservice;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-14 16:40]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-19 00:19]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-06 23:15:28 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 01:15:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Michael\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-07 1:22:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 23:22:36
Pre-Run: 89,958,629,376 octets libres
Post-Run: 90,173,652,992 octets libres
340 --- E O F --- 2008-05-30 01:01:49
Merci encore , et a demain
Re,
Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)
********
Sélectionne l'intégralité du cadre ci-dessous :
Collect::
|
Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
*******
- Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation/Appliquer - - > OK
Tu recoches ces options après !
Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<
- Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\23990098.$$$
- Clique maintenant sur Envoyer le fichier.
- Poste le rapport (De Fichier *** reçu le *** jusqu’à SHA1 : ***)
Répondre à XmichouX
Re , alors jai refait le combofix comme tu mas dit voici le rapport :
ComboFix 08-06-06.4 - Michael 2008-06-07 17:22:07.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1247 [GMT 2:00]
Endroit: C:\Documents and Settings\Michael\Bureau\AIDE VIR\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Bureau\AIDE VIR\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_msvsmon90
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))))))))
.
2008-06-06 18:43 . 2008-06-06 18:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-06 18:40 . 2008-06-06 19:08 <REP> d-------- C:\SDFix
2008-06-06 16:39 . 2008-06-06 16:39 <REP> d-------- C:\Program Files\Trend Micro
2008-06-05 22:41 . 2008-06-06 11:19 211 --a------ C:\WINDOWS\wininit.ini
2008-06-05 22:16 . 2008-06-05 22:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-05 22:16 . 2008-06-05 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-05 18:27 . 2008-06-05 21:45 <REP> d-------- C:\Program Files\EasyPHP 2.0b1
2008-06-05 09:08 . 2008-06-05 09:08 <REP> d-------- C:\Program Files\Google
2008-06-04 13:25 . 2000-11-07 17:36 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-06-04 13:25 . 1999-05-06 20:00 262,152 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
2008-06-04 13:25 . 1999-01-13 17:22 61,440 --a------ C:\WINDOWS\system32\RHGBTN32.DLL
2008-06-04 13:25 . 1998-07-13 06:08 31,232 --a------ C:\WINDOWS\system32\DATGDFR.DLL
2008-06-04 13:25 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-04 13:25 . 1998-07-12 20:00 6,656 --a------ C:\WINDOWS\system32\STDFTFR.DLL
2008-06-04 13:25 . 1995-08-24 05:50 5,532 --a------ C:\WINDOWS\system32\STDOLE.TLB
2008-06-04 13:25 . 2001-09-12 13:17 402 --a------ C:\WINDOWS\system32\msxml3.inf
2008-06-04 13:24 . 2008-06-04 13:24 <REP> d-------- C:\Program Files\win'design
2008-06-04 13:04 . 2003-05-15 06:48 <REP> d-------- C:\Program Files\Win'design 5.2.2
2008-06-01 23:07 . 2008-06-01 23:07 56 --a------ C:\WINDOWS\WdEdit.INI
2008-06-01 22:10 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Program Files\Notepad++
2008-05-31 18:04 . 2008-05-31 18:04 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Notepad++
2008-05-31 03:04 . 2008-06-02 19:29 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-29 18:45 . 2008-05-29 18:45 173 --a------ C:\WINDOWS\ODBC.INI
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\js
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\images
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\html
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\WINDOWS\system32\css
2008-05-29 18:44 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Business Objects
2008-05-29 18:39 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-29 18:38 . 2008-05-29 18:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-29 18:37 . 2008-05-29 18:37 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-29 18:31 . 2008-05-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-05-29 18:27 . 2008-05-29 18:27 <REP> d-------- C:\WINDOWS\symbols
2008-05-29 18:26 . 2008-05-29 18:42 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-29 18:26 . 2008-05-29 18:44 <REP> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\Microsoft SDKs
2008-05-29 18:26 . 2008-05-29 18:28 <REP> d-------- C:\Program Files\HTML Help Workshop
2008-05-29 18:26 . 2008-05-29 18:31 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2008-05-29 18:26 . 2008-05-29 18:26 <REP> d-------- C:\Program Files\CE Remote Tools
2008-05-29 17:56 . 2008-05-29 17:56 <REP> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-29 17:54 . 2008-05-29 18:21 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-29 17:54 . 2008-05-29 17:54 <REP> d-------- C:\Program Files\Reference Assemblies
2008-05-29 17:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-29 17:52 . 2008-05-29 17:52 <REP> d-------- C:\Program Files\MSXML 6.0
2008-05-27 18:18 . 2008-05-27 18:18 <REP> d-------- C:\Program Files\DVD Decrypter
2008-05-27 02:13 . 2008-05-27 02:13 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-26 17:14 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-26 17:14 . 2004-03-18 16:53 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-26 17:14 . 2004-03-18 16:56 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-26 17:14 . 2004-06-26 01:54 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-05-26 17:14 . 2004-03-18 16:39 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-26 17:14 . 2007-08-09 09:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-26 17:14 . 2004-03-18 16:38 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-26 17:14 . 2004-03-18 16:39 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\HP
2008-05-26 17:13 . 2008-05-26 17:14 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-05-26 17:13 . 2004-05-10 15:54 212,992 -ra------ C:\WINDOWS\system32\hptcpmui.dll
2008-05-26 17:13 . 2004-05-10 15:54 110,592 -ra------ C:\WINDOWS\system32\hptcpmon.dll
2008-05-26 17:13 . 2004-05-10 15:54 98,304 -ra------ C:\WINDOWS\system32\hpzjsn01.dll
2008-05-26 17:13 . 2004-05-10 15:54 73,728 -ra------ C:\WINDOWS\system32\hptcpmib.dll
2008-05-26 17:13 . 2004-05-10 15:54 28,672 -ra------ C:\WINDOWS\system32\hpzjfw01.dll
2008-05-26 17:13 . 2004-05-10 15:54 10,092 -ra------ C:\WINDOWS\system32\hptcpmui.hlp
2008-05-26 17:13 . 2004-05-10 15:54 10,062 -ra------ C:\WINDOWS\system32\hpipxmui.hlp
2008-05-26 17:13 . 2004-05-10 15:54 3,279 -ra------ C:\WINDOWS\system32\hptcpmon.ini
2008-05-26 17:13 . 2008-05-26 17:13 138 --a------ C:\WINDOWS\system32\AddPort.ini
2008-05-26 17:11 . 2008-05-26 17:14 102,846 --a------ C:\WINDOWS\hpdj6800.his
2008-05-26 17:11 . 2008-05-26 17:16 23,083 --a------ C:\WINDOWS\hpf6800m.his
2008-05-26 17:11 . 2008-05-26 17:14 13,829 --a------ C:\WINDOWS\hpdj6800.ini
2008-05-26 17:11 . 2008-05-26 17:16 5,412 --a------ C:\WINDOWS\hpf6800m.ini
2008-05-25 20:30 . 2008-06-06 14:44 0 --a------ C:\23990098.$$$
2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Downloads
2008-05-25 18:19 . 2008-05-25 18:22 <REP> d-------- C:\Bases
2008-05-25 18:04 . 2008-05-25 18:04 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-05-25 17:31 . 2008-05-25 17:31 <REP> d-------- C:\Program Files\Lavalys
2008-05-25 01:31 . 2008-05-25 01:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CCP
2008-05-25 01:28 . 2008-05-25 01:28 <REP> d-------- C:\Program Files\CCP
2008-05-24 14:46 . <REP> C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu T II
2008-05-24 13:34 . 2008-05-24 13:34 <REP> d-------- C:\Program Files\Electronic Arts
2008-05-22 21:32 . 2008-05-22 21:32 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Command & Conquer 3 Kane's Wrath
2008-05-22 21:22 . 2008-05-25 00:00 <REP> d-------- C:\Documents and Settings\Michael\Application Data\skypePM
2008-05-22 21:22 . 2008-05-22 21:22 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-22 21:19 . 2008-05-23 10:58 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Hamachi
2008-05-22 21:18 . 2008-05-22 21:18 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Skype
2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-05-22 21:17 . 2008-05-25 03:17 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Skype
2008-05-22 21:17 . 2008-05-22 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-22 13:36 . 2008-06-05 21:48 <REP> d-------- C:\Program Files\Winamp Remote
2008-05-22 13:36 . 2008-05-22 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-22 11:17 . 2008-05-22 11:17 <REP> d-------- C:\Program Files\GIGABYTE
2008-05-21 21:37 . 2008-05-21 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-21 12:22 . 2008-05-21 12:22 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-21 12:14 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
2008-05-21 12:14 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
2008-05-21 01:59 . 2008-05-21 01:59 <REP> d-------- C:\Program Files\X'nStop 2.5
2008-05-21 00:50 . 2008-05-21 00:50 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-05-20 19:59 . 2008-05-20 20:57 <REP> d-------- C:\Program Files\uTorrent
2008-05-20 19:59 . 2008-06-07 17:24 <REP> d-------- C:\Documents and Settings\Michael\Application Data\uTorrent
2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-19 22:53 . 2008-05-19 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-05-19 22:53 . 2008-05-19 22:53 2,337,865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-05-19 22:53 . 2008-05-19 22:53 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-19 22:53 . 2008-05-19 22:53 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-19 22:53 . 2008-05-19 22:53 22,328 --a------ C:\Documents and Settings\Michael\Application Data\PnkBstrK.sys
2008-05-19 22:44 . 2008-05-21 12:09 <REP> d-------- C:\Program Files\Ubisoft
2008-05-19 21:50 . 2008-05-19 21:50 <REP> d-------- C:\Program Files\FileZilla
2008-05-19 12:35 . 2008-05-25 21:35 <REP> d-------- C:\Program Files\PhotoFiltre
2008-05-19 01:03 . 2008-05-19 01:03 <REP> d-------- C:\Program Files\UselessCreations
2008-05-19 00:34 . 2008-05-20 22:45 <REP> d--h----- C:\WINDOWS\Icons
2008-05-19 00:19 . 2008-05-19 00:19 <REP> d-------- C:\Documents and Settings\Michael\Application Data\TuneUp Software
2008-05-19 00:19 . 2008-05-19 00:19 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-19 00:19 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-19 00:18 . 2008-05-19 00:19 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-19 00:18 . 2008-05-19 00:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-18 21:59 . 2008-05-18 21:59 <REP> d-------- C:\Documents and Settings\Michael\Application Data\Media Player Classic
2008-05-18 21:53 . 2008-05-18 21:53 <REP> d-------- C:\Program Files\Satsuki Decoder Pack
2008-05-18 21:53 . 2008-05-18 21:53 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp Toolbar
2008-05-18 21:40 . 2008-05-18 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-05-18 21:38 . 2008-05-18 21:40 <REP> d-------- C:\Program Files\Winamp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 16:28 --------- d-----w C:\Program Files\Command & Conquer 3 Kane's Wrath
2008-05-25 12:51 --------- d-----w C:\Documents and Settings\Michael\Application Data\La Bataille pour la Terre du Milieu ™ II
2008-05-22 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 23:47 --------- d-----w C:\Program Files\Team Fortress 2
2008-05-18 09:31 --------- d-----w C:\Program Files\Warcraft III
2008-05-17 14:54 --------- d-----w C:\Program Files\Realtek AC97
2008-05-17 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-05-17 14:32 --------- d-----w C:\Program Files\ma-config.com
2008-05-17 14:05 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-17 12:45 --------- d-----w C:\Program Files\Marvell
2008-05-17 12:29 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-17 12:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-05-17 12:29 --------- d-----w C:\Program Files\AvRack
2008-05-17 12:29 --------- d-----w C:\Program Files\AMD
2008-05-17 12:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-17 12:18 --------- d-----w C:\Program Files\Services en ligne
2008-05-03 03:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.
------- Sigcheck -------
2001-08-24 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2002-08-29 11:45 561152 0abf2f5280940d32d1d52bd3500b0c37 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 16:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2001-08-24 14:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ws2_32.dll
2004-08-19 16:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
2002-08-29 11:45 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2002-08-29 02:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 11:45 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2001-08-24 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2002-08-29 11:45 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2002-08-29 11:45 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\cb753d18e2092b6b6a89289134569652\ctfmon.exe
2004-08-19 16:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-07_ 1.22.23.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 23:15:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 15:26:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 02:32 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Team Fortress 2\\hl2.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S3 maconfservice;maconfservice;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-14 16:40]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-19 00:19]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-07 15:26:25 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 17:26:46
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Michael\LOCALS~1\Temp\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-07 17:33:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 15:33:25
ComboFix2.txt 2008-06-06 23:22:41
Pre-Run: 90,214,686,720 octets libres
Post-Run: 90,196,090,880 octets libres
325 --- E O F --- 2008-05-30 01:01:49
Par ailleurs le fichier 23990098.$$$ est bien présent sur C:\ mais quand je l'envoie sur "virustotal" je reçois ce message : 0 bytes size received
Re,
Supprime ce fichier.
Sélectionne l’intégralité du cadre ci-dessous :
@echo off & cls
|
Copie/colle le dans le Bloc-notes (Démarrer\Tous les programmes\Accessoires\Bloc-notes.)
Enregistre le sous sur ton Bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
Puis poste un nouveau rapport HJT.
Répondre à XmichouX
Pas de rapport géneré pour les instructions sous DOS , je poste cellui de HJT :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:51, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Marvell\Mrv8000x.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_0_29.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A628EC-9AF8-4240-AE0E-038F41F6E6A1}: NameServer = 80.10.246.2,80.10.242.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: maconfservice - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8264 bytes
Re,
Télécharge Clean (de Malekal) sur ton Bureau.
- Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
- Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
- Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
- Poste le rapport qui se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Aide : Comment utiliser Clean.
*******
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
- Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Aide : Comment utiliser MBAM.
Répondre à XmichouX
RE, alors voici le petit rapport Clean :
09/06/2008 a 10:02:00,59
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
Par contre MBAM, une erreur se produit en plein scan :
J'ai essayé un scan rapide.. meme erreur.. l'aurai je mal installé?
Peux-tu tenter de le désinstaller/réinstaller et l'exécuter en mode sans échec ? Voir si ça change quelque chose.
Répondre à XmichouX
Il y a 1701 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
