Windows Security Alert ( Virus)
Dernière réponse : dans Sécurité
Bonjour a Tous j'ai depuis quelque jour un gros problème un triangle Jaune et aparu a coté de l'heure et il crée des pop up toute les 5 sec ... de plus une frenêtre s'ouvre toute les 2 min en disant que mon ordi est infecté.. antivir a détécter ce virus mais rien a fair mème si je le suprimme il reste.. Help
Autres pages sur : windows security alert virus
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
lu voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:45, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\BUREAU\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bestyourmeds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C5ED18789EAE6F2A1FBB39BFE4976E26CAEDDA7B597A402D3BC7C7 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O2 - BHO: (no name) - {0CBFB9D3-EDC0-446C-8F80-0FC19A01CC88} - C:\WINDOWS\system32\khfcBtQJ.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BhoApp Class - {3EDBF8E9-3130-72C8-ED30-32A3DB08ED44} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\iifcyvUk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur FAMILLE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur FAMILLE" /O20 "\\FAMILLE\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [defragsys] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\BUREAU\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Windows Service] C:\Documents and Settings\BUREAU\mmmhwk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P51 "Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC" /O28 "\\DROUVIN-32356EC\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SaiVolume] C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur PAULINE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur PAULINE" /O20 "\\PAULINE\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [defragsys] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [pvsdhnv] c:\documents and settings\bureau\local settings\application data\pvsdhnv.exe pvsdhnv
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Startup: hamachi.lnk = W:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: iifcyvUk - iifcyvUk.dll (file missing)
O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 13749 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:45, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\BUREAU\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bestyourmeds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C5ED18789EAE6F2A1FBB39BFE4976E26CAEDDA7B597A402D3BC7C7 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O2 - BHO: (no name) - {0CBFB9D3-EDC0-446C-8F80-0FC19A01CC88} - C:\WINDOWS\system32\khfcBtQJ.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BhoApp Class - {3EDBF8E9-3130-72C8-ED30-32A3DB08ED44} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\iifcyvUk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur FAMILLE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur FAMILLE" /O20 "\\FAMILLE\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [defragsys] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\BUREAU\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Windows Service] C:\Documents and Settings\BUREAU\mmmhwk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P51 "Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC" /O28 "\\DROUVIN-32356EC\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SaiVolume] C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur PAULINE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur PAULINE" /O20 "\\PAULINE\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [defragsys] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [pvsdhnv] c:\documents and settings\bureau\local settings\application data\pvsdhnv.exe pvsdhnv
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Startup: hamachi.lnk = W:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: iifcyvUk - iifcyvUk.dll (file missing)
O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 13749 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
voila se que sa donne
ComboFix 08-09-05.03 - BUREAU 2008-09-07 19:03:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1478 [GMT 2:00]
Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Documents and Settings\BUREAU\Application Data\addon.dat
C:\Documents and Settings\BUREAU\Application Data\printer.exe
C:\Documents and Settings\BUREAU\Application Data\temp.dll
C:\Documents and Settings\BUREAU\Application Data\Zango
C:\Documents and Settings\BUREAU\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv_nav.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv_navps.dat
C:\Documents and Settings\BUREAU\Local Settings\Tempmjiwep0.exe
C:\Documents and Settings\BUREAU\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\tous\Cookies\tous@a.hasbro[2].txt
C:\Documents and Settings\tous\Cookies\tous@clickintext[2].txt
C:\Documents and Settings\tous\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\JQtBcfhk.ini
C:\WINDOWS\system32\JQtBcfhk.ini2
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wdpoefan.dll
C:\Documents and Settings\Invité\Cookies\invité@www.toutpourlamicro[1].txt . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 09:32 . 2008-09-07 09:32 575 --a------ C:\WINDOWS\qtracker.INI
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-05 20:54 . 2007-06-20 17:02 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-05 20:54 . 2007-06-20 18:58 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-05 20:54 . 2008-09-05 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-03 14:56 . 2008-09-03 14:56 <REP> d-------- C:\WINDOWS\system32\xlib254.dll
2008-09-03 14:56 . 2008-09-03 14:56 <REP> d-------- C:\WINDOWS\system32\append.dll
2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-21 19:44 . 2008-08-21 19:44 <REP> d-------- C:\Program Files\MSXML 6.0
2008-08-21 00:14 . 2008-08-21 00:15 1,828,319 --a------ C:\WINDOWS\Counter-Strike Source LAN Edition Uninstaller.exe
2008-08-20 22:42 . 2008-08-20 22:42 <REP> d-------- C:\Game
2008-08-20 16:32 . 2008-08-20 16:32 <REP> d-------- C:\Program Files\MSBuild
2008-08-20 16:31 . 2008-08-20 16:33 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-08-20 16:30 . 2008-08-20 16:30 <REP> d-------- C:\Program Files\Reference Assemblies
2008-08-20 16:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-20 16:26 . 2008-09-06 21:48 <REP> d-------- C:\Program Files\World of Warcraft
2008-08-13 18:48 . 2008-09-07 18:19 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\Hamachi
2008-08-13 18:48 . 2008-08-13 18:48 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-12 01:56 . 2008-08-12 01:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-12 01:55 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-12 01:55 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-12 01:55 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-08-12 01:55 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-08-11 22:21 . 2008-08-29 20:04 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-08-11 16:08 . 2008-08-11 16:08 <REP> d-------- C:\Program Files\EA GAMES
2008-08-11 15:51 . 2008-08-11 16:03 45 --a------ C:\TEST.XML
2008-08-10 19:20 . <REP> C:\Documents and Settings\BUREAU\Application Data\La Bataille pour la Terre du Milieu T II
2008-08-09 11:43 . 2007-06-20 17:00 216 --ahs---- C:\BOOT.BKK
2008-08-07 14:04 . 2008-08-07 14:04 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-07 07:39 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Xfire
2008-09-06 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-05 18:49 --------- d-s---w C:\Program Files\Xfire
2008-09-03 17:32 --------- d-----w C:\Documents and Settings\tous\Application Data\OpenOffice.org2
2008-09-03 12:31 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\BitTorrent
2008-08-31 09:09 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\DNA
2008-08-30 18:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 07:50 --------- d-----w C:\Program Files\DNA
2008-08-21 02:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-19 17:04 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-19 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 17:44 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\La Bataille pour la Terre du Milieu ™ II
2008-08-12 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 23:56 22,328 ----a-w C:\Documents and Settings\BUREAU\Application Data\PnkBstrK.sys
2008-08-07 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-07 21:51 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Qtracker
2008-08-04 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-02 09:44 --------- d-----w C:\Program Files\BitTorrent
2008-07-31 16:53 --------- d-----w C:\Program Files\eMule
2008-07-30 15:22 --------- d-----w C:\Program Files\Electronic Arts
2008-07-30 11:16 --------- d-----w C:\Documents and Settings\tous\Application Data\vlc
2008-07-30 06:00 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\vlc
2008-07-30 05:59 --------- d-----w C:\Program Files\VideoLAN
2008-07-26 10:45 --------- d-----w C:\Documents and Settings\tous\Application Data\Media Player Classic
2008-07-22 10:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-22 10:31 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-18 08:46 --------- d-----w C:\Program Files\The All-Seeing Eye
2008-07-17 10:06 --------- d-----w C:\Program Files\Saitek
2008-07-17 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-07-16 21:35 --------- d-----w C:\Program Files\Real
2008-07-16 21:35 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-07-16 21:35 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-16 21:30 --------- d-----w C:\Program Files\DivX
2008-07-16 14:28 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\OpenOffice.org2
2008-07-15 13:02 --------- d-----w C:\Documents and Settings\tous\Application Data\Ahead
2008-07-12 15:45 --------- d-----w C:\Program Files\Java
2007-08-16 21:49 4,572 --sha-w C:\WINDOWS\system32\Bifrost\klog.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec0.dll" [2007-12-14 1502232]
[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-12-14 19:16 1502232 --a------ C:\Program Files\Secured_eMule\tbSec0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec0.dll" [2007-12-14 1502232]
[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-20 385024]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"Auto EPSON Stylus DX3800 Series sur FAMILLE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SMSTray"="C:\Program Files\Samsung\EmoDio\SMSTray.exe" [2008-06-23 479232]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-29 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-29 131072]
"SaiVolume"="C:\Program Files\Saitek\SD6\Software\SaiVolume.exe" [2007-10-29 126976]
"Auto EPSON Stylus DX3800 Series sur PAULINE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-04-24 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 C:\WINDOWS\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.JDCT"= jl_jdct.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\BUREAU\\Mes documents\\JEUX\\batllefield2\\BF2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Documents and Settings\\BUREAU\\Mes documents\\JEUX\\cube\\bin\\cube.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"W:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"W:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"W:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"W:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"W:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"W:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"W:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"W:\\Program Files\\Age of Empires III\\age3.exe"=
"W:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"W:\\Program Files\\Electronic Arts\\Command & Conquer Generals\\game.dat"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"W:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"W:\\Program Files\\TmNationsForever\\TmForever.exe"=
"W:\\Program Files\\Electronic Arts\\lotr\\game.dat"=
"W:\\Program Files\\WIC\\wic.exe"=
"W:\\Program Files\\WIC\\wic_online.exe"=
"W:\\Program Files\\WIC\\wic_ds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"W:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"W:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"W:\\Program Files\\Qtracker\\qtracker.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R3 SaiH0728;SaiH0728;C:\WINDOWS\system32\DRIVERS\SaiH0728.sys [2007-10-30 136448]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-26 68954]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 XDva170;XDva170;C:\WINDOWS\system32\XDva170.sys [ ]
S3 XDva181;XDva181;C:\WINDOWS\system32\XDva181.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b23a05d-1f4e-11dc-b5e0-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{0CBFB9D3-EDC0-446C-8F80-0FC19A01CC88} - C:\WINDOWS\system32\khfcBtQJ.dll
HKCU-Run-defragsys - C:\WINDOWS\svchost.exe
HKCU-Run-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
HKCU-Run-Steam - c:\program files\steam\steam.exe
HKLM-Run-BigDogPath - C:\WINDOWS\VM_STI.EXE
HKLM-Run-defragsys - C:\WINDOWS\svchost.exe
Notify-iifcyvUk - iifcyvUk.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\trzu1ns7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp:// fficial" target="_blank">www.google.fr/firefox?client=firefox-a&rls=org.mozilla:...
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 19:07:51
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 19:11:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 17:11:15
Pre-Run: 15,474,601,984 octets libres
Post-Run: 15,564,849,152 octets libres
286 --- E O F --- 2008-08-22 08:32:50
ComboFix 08-09-05.03 - BUREAU 2008-09-07 19:03:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1478 [GMT 2:00]
Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Documents and Settings\BUREAU\Application Data\addon.dat
C:\Documents and Settings\BUREAU\Application Data\printer.exe
C:\Documents and Settings\BUREAU\Application Data\temp.dll
C:\Documents and Settings\BUREAU\Application Data\Zango
C:\Documents and Settings\BUREAU\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv_nav.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv_navps.dat
C:\Documents and Settings\BUREAU\Local Settings\Tempmjiwep0.exe
C:\Documents and Settings\BUREAU\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\tous\Cookies\tous@a.hasbro[2].txt
C:\Documents and Settings\tous\Cookies\tous@clickintext[2].txt
C:\Documents and Settings\tous\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\JQtBcfhk.ini
C:\WINDOWS\system32\JQtBcfhk.ini2
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wdpoefan.dll
C:\Documents and Settings\Invité\Cookies\invité@www.toutpourlamicro[1].txt . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 09:32 . 2008-09-07 09:32 575 --a------ C:\WINDOWS\qtracker.INI
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-05 20:54 . 2007-06-20 17:02 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-05 20:54 . 2007-06-20 18:58 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-05 20:54 . 2008-09-05 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-03 14:56 . 2008-09-03 14:56 <REP> d-------- C:\WINDOWS\system32\xlib254.dll
2008-09-03 14:56 . 2008-09-03 14:56 <REP> d-------- C:\WINDOWS\system32\append.dll
2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-21 19:44 . 2008-08-21 19:44 <REP> d-------- C:\Program Files\MSXML 6.0
2008-08-21 00:14 . 2008-08-21 00:15 1,828,319 --a------ C:\WINDOWS\Counter-Strike Source LAN Edition Uninstaller.exe
2008-08-20 22:42 . 2008-08-20 22:42 <REP> d-------- C:\Game
2008-08-20 16:32 . 2008-08-20 16:32 <REP> d-------- C:\Program Files\MSBuild
2008-08-20 16:31 . 2008-08-20 16:33 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-08-20 16:30 . 2008-08-20 16:30 <REP> d-------- C:\Program Files\Reference Assemblies
2008-08-20 16:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-20 16:26 . 2008-09-06 21:48 <REP> d-------- C:\Program Files\World of Warcraft
2008-08-13 18:48 . 2008-09-07 18:19 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\Hamachi
2008-08-13 18:48 . 2008-08-13 18:48 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-12 01:56 . 2008-08-12 01:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-12 01:55 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-12 01:55 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-12 01:55 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-08-12 01:55 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-08-11 22:21 . 2008-08-29 20:04 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-08-11 16:08 . 2008-08-11 16:08 <REP> d-------- C:\Program Files\EA GAMES
2008-08-11 15:51 . 2008-08-11 16:03 45 --a------ C:\TEST.XML
2008-08-10 19:20 . <REP> C:\Documents and Settings\BUREAU\Application Data\La Bataille pour la Terre du Milieu T II
2008-08-09 11:43 . 2007-06-20 17:00 216 --ahs---- C:\BOOT.BKK
2008-08-07 14:04 . 2008-08-07 14:04 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-07 07:39 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Xfire
2008-09-06 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-05 18:49 --------- d-s---w C:\Program Files\Xfire
2008-09-03 17:32 --------- d-----w C:\Documents and Settings\tous\Application Data\OpenOffice.org2
2008-09-03 12:31 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\BitTorrent
2008-08-31 09:09 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\DNA
2008-08-30 18:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 07:50 --------- d-----w C:\Program Files\DNA
2008-08-21 02:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-19 17:04 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-19 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 17:44 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\La Bataille pour la Terre du Milieu ™ II
2008-08-12 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 23:56 22,328 ----a-w C:\Documents and Settings\BUREAU\Application Data\PnkBstrK.sys
2008-08-07 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-07 21:51 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Qtracker
2008-08-04 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-02 09:44 --------- d-----w C:\Program Files\BitTorrent
2008-07-31 16:53 --------- d-----w C:\Program Files\eMule
2008-07-30 15:22 --------- d-----w C:\Program Files\Electronic Arts
2008-07-30 11:16 --------- d-----w C:\Documents and Settings\tous\Application Data\vlc
2008-07-30 06:00 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\vlc
2008-07-30 05:59 --------- d-----w C:\Program Files\VideoLAN
2008-07-26 10:45 --------- d-----w C:\Documents and Settings\tous\Application Data\Media Player Classic
2008-07-22 10:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-22 10:31 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-18 08:46 --------- d-----w C:\Program Files\The All-Seeing Eye
2008-07-17 10:06 --------- d-----w C:\Program Files\Saitek
2008-07-17 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-07-16 21:35 --------- d-----w C:\Program Files\Real
2008-07-16 21:35 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-07-16 21:35 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-16 21:30 --------- d-----w C:\Program Files\DivX
2008-07-16 14:28 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\OpenOffice.org2
2008-07-15 13:02 --------- d-----w C:\Documents and Settings\tous\Application Data\Ahead
2008-07-12 15:45 --------- d-----w C:\Program Files\Java
2007-08-16 21:49 4,572 --sha-w C:\WINDOWS\system32\Bifrost\klog.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec0.dll" [2007-12-14 1502232]
[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-12-14 19:16 1502232 --a------ C:\Program Files\Secured_eMule\tbSec0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec0.dll" [2007-12-14 1502232]
[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-20 385024]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"Auto EPSON Stylus DX3800 Series sur FAMILLE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SMSTray"="C:\Program Files\Samsung\EmoDio\SMSTray.exe" [2008-06-23 479232]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-29 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-29 131072]
"SaiVolume"="C:\Program Files\Saitek\SD6\Software\SaiVolume.exe" [2007-10-29 126976]
"Auto EPSON Stylus DX3800 Series sur PAULINE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-04-24 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 C:\WINDOWS\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.JDCT"= jl_jdct.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\BUREAU\\Mes documents\\JEUX\\batllefield2\\BF2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Documents and Settings\\BUREAU\\Mes documents\\JEUX\\cube\\bin\\cube.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"W:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"W:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"W:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"W:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"W:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"W:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"W:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"W:\\Program Files\\Age of Empires III\\age3.exe"=
"W:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"W:\\Program Files\\Electronic Arts\\Command & Conquer Generals\\game.dat"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"W:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"W:\\Program Files\\TmNationsForever\\TmForever.exe"=
"W:\\Program Files\\Electronic Arts\\lotr\\game.dat"=
"W:\\Program Files\\WIC\\wic.exe"=
"W:\\Program Files\\WIC\\wic_online.exe"=
"W:\\Program Files\\WIC\\wic_ds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"W:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"W:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"W:\\Program Files\\Qtracker\\qtracker.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R3 SaiH0728;SaiH0728;C:\WINDOWS\system32\DRIVERS\SaiH0728.sys [2007-10-30 136448]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-26 68954]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 XDva170;XDva170;C:\WINDOWS\system32\XDva170.sys [ ]
S3 XDva181;XDva181;C:\WINDOWS\system32\XDva181.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b23a05d-1f4e-11dc-b5e0-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{0CBFB9D3-EDC0-446C-8F80-0FC19A01CC88} - C:\WINDOWS\system32\khfcBtQJ.dll
HKCU-Run-defragsys - C:\WINDOWS\svchost.exe
HKCU-Run-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
HKCU-Run-Steam - c:\program files\steam\steam.exe
HKLM-Run-BigDogPath - C:\WINDOWS\VM_STI.EXE
HKLM-Run-defragsys - C:\WINDOWS\svchost.exe
Notify-iifcyvUk - iifcyvUk.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\trzu1ns7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp:// fficial" target="_blank">www.google.fr/firefox?client=firefox-a&rls=org.mozilla:...
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 19:07:51
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 19:11:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 17:11:15
Pre-Run: 15,474,601,984 octets libres
Post-Run: 15,564,849,152 octets libres
286 --- E O F --- 2008-08-22 08:32:50
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumWindows security alert virus
- Forumprobleme de virus windows sécurity alert [RESOLUE]
- ForumVirus windows security alert
- ForumSecurity center alert virus
- ForumVirus sécurity alert
- ForumInfection avec Windows Security Alert et Mydisk...[résolu]
- ForumWindows security alert et spywar alert
- ForumWindows Security Alert
- ForumSuppression virus "windows security" mais plus de connexion internet après !
- Voir plus
