Tom's Guide > Forum > Sécurité - Virus > [Abandon] Fenêtres publicitaires intempestives

[Abandon] Fenêtres publicitaires intempestives

Forum Sécurité - Virus : [Abandon] Fenêtres publicitaires intempestives

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
Chre   07-09-2008 à 20:59:32

Bonjour toutes et tous,

Sur l'ordi d'un autre copain (décidément !), des fenêtres publicitaires intempestives apparaissent sans arrêt.

Dans le log ci-dessous, plusieurs lignes me paraissent suspectes. Toute aide sera cordialement appréciée. Merci pour vos lumières :D

Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:04, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\twain_32\vivid\flatbed.exe
C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=c:\windows\twain_32\vivid\flatbed.exe,C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HDbpt5] C:\WINDOWS\vhouv.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://origin.games.yahoo.net/game [...] /kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/g [...] poti_x.cab
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehouse.com/games/adventureball/abx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://real.gamehouse.com/games/wa [...] loader.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://real.gamehouse.com/games/trijinx/TriJinx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9692882312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 9804961406
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Za [...] ge-c11.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/code [...] p6_mp3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b55200.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/download [...] _en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Unknown owner - E:\SolidWorks 2005 SP0 crack (Ita-Eng-Fra)\Crack\lmgrd.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13008 bytes


Message édité par Chre le 04-01-2009 à 12:55:47
------------------------------ @+, Christian.
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Chre   11-09-2008 à 06:41:02
- 0 +

Bonjour vous,

Bon, dans l'interval et pour aider mon copain, un passage de Malwarebytes' Anti-Malware a été fait, je vous livre ici le rapport.

Je pense que cela n'est pas suffisant, aussi tout conseil sera vivement apprécié :)

Citation :

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1122
Windows 5.1.2600 Service Pack 2

07/09/2008 15:56:36
mbam-log-2008-09-07 (15-56-36).txt

Type de recherche: Examen rapide
Eléments examinés: 55254
Temps écoulé: 13 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 18

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc341f1b-ec77-47be-8f58-96e83861cc5a} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winwim32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agztchjoyg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iycccaa_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxmtoabaf_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sceaoqo_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkpdfgvxl_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwsbkiyw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agztchjoyg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iycccaa_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxmtoabaf_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sceaoqo_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkpdfgvxl_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwsbkiyw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

------------------------------ @+, Christian.
 Répondre à Chre
Angeldark   11-09-2008 à 13:23:28
- 0 +

Bonjour,

 

Merci de rester dans ton autre topic. Je lock.


Message édité par Angeldark le 11-09-2008 à 13:24:02
------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Angeldark   11-09-2008 à 13:24:04
- 0 +

Ce sujet a été fermé par Angeldark

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Angeldark   11-09-2008 à 19:47:52
- 0 +

Ce sujet a été réouvert par Angeldark

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Angeldark   11-09-2008 à 19:48:27
- 0 +

Au temps pour moi :D

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Message cité 1 fois
------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
Chre   20-09-2008 à 12:32:47
- 0 +

Bonjour toutes et tous,
Bonjour Angeldark,

Le rapport Combofix. (Il est un peu long, alors je l'ai mis là)


Message édité par Chre le 20-09-2008 à 12:33:10
------------------------------ @+, Christian.
 Répondre à Chre
Chre   20-09-2008 à 16:34:47
- 0 +

Re,

Pour mieux voir ;) j'ai fait un rapport complet avec Karspesky
(désolé pour la conversion HTML vers TEXTE) :

Citation :

*KASPERSKY ONLINE SCANNER 7 REPORT*
Saturday, September 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2
(build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 20, 2008 10:20:41
Records in database: 1247167

*Scan settings*
Scan using the following database extended
Scan archives yes
Scan mail databases yes
*Scan area* My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
*Scan statistics*
Files scanned 110882
Threat name 4
Infected objects 5
Suspicious objects 0
Duration of the scan 01:59:25


*File name* *Threat name* *Threats count*
C:\Documents and Settings\Compaq_Propriétaire\Application
Data\Sun\Java\Deployment\cache\6.0\0\7d5e6700-5c0c07cb Infected:
Trojan-Downloader.Java.OpenStream.y 1

C:\Documents and Settings\Compaq_Propriétaire\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-36d0e9c1-11e4f8b0.class
Infected: Trojan-Downloader.Java.OpenStream.y 1

C:\Program Files\Common Files\Companion Wizard\compwiz.exe Infected:
not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1

C:\Program Files\MSN Messenger\msimg32.dll Infected:
not-a-virus:AdTool.Win32.MyWebSearch.au 1

C:\Program Files\MSN Messenger\riched20.dll Infected:
not-a-virus:AdTool.Win32.MyWebSearch 1
* The selected area was scanned.*

------------------------------ @+, Christian.
 Répondre à Chre
Chre   24-09-2008 à 21:00:09
- 0 +

Bonsoir toutes et tous,
Bonsoir Angeldark,

Ce n'est pas mon habitude ;) mais je me permets juste un petit "refresh"
du post, pour avoir une idée de la suite à donner, ou pas.

Merci et désolé pour le dérangement. :ouch:


Message édité par Chre le 24-09-2008 à 21:03:14
------------------------------ @+, Christian.
 Répondre à Chre
Chre   28-09-2008 à 08:46:32
- 0 +

Bonjour toutes et tous,
Bonjour Angeldark,

Angeldark a écrit :

  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


Le rapport Combofix demandé :

Citation :

ComboFix 08-09-19.09 - Compaq_Propri‚taire 2008-09-20 11:41:57.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\WA6P
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image3.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\bluebucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\buckettriangle.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chainlink.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chaintip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\genericbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\greenbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\redbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallblue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallgreen.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallred.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallyellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnplatform.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\yellowbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\warning.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\error.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\game.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\gameover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscore.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\instructions.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\leveldesign.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\levelover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainarcade.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maincontinue.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maingames.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainpuzzle.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maphelptip.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\options.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\pause.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\quitconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\start.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\storyplayer.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\style.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\upsell.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\strings.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\TriJinx.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\igmmu.dat
C:\WINDOWS\system32\igmmu.exe
C:\WINDOWS\system32\igmmu_navps.dat
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\sjnltqe_navtmp.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 15:01 . 2005-03-31 02:50 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\WINDOWS
2008-09-07 15:01 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Voisinage r‚seau
2008-09-07 15:01 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Voisinage d'impression
2008-09-07 15:01 . 2005-10-19 03:52 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\ModŠles
2008-09-07 15:01 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Mes documents
2008-09-07 15:01 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Menu D‚marrer
2008-09-07 15:01 . 2005-10-18 19:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Favoris
2008-09-07 15:01 . 2005-03-31 02:55 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Bureau
2008-09-07 15:01 . 2005-03-31 03:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\Symantec
2008-09-07 15:01 . 2005-03-31 03:00 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\SampleView
2008-09-07 15:01 . 2005-03-31 02:49 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\Apple Computer
2008-09-07 15:01 . 2008-09-07 15:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610
2008-09-07 14:45 . 2008-09-07 14:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 14:45 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-09-07 14:45 . 2008-09-07 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 14:45 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 14:45 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 14:12 . 2008-09-07 14:12 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 12:26 . 2008-09-06 12:51 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d---s---- C:\Documents and Settings\Administrateur
2008-09-06 12:11 . 2008-09-06 12:11 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-31 19:34 . 2008-08-31 19:34 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-08-23 22:15 . 2008-08-23 22:15 <REP> d-------- C:\Program Files\Smallvideosoft
2008-08-23 22:15 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-08-23 22:15 . 2008-08-28 19:51 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-08-23 22:15 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-08-23 21:57 . 2008-08-23 21:57 <REP> d-------- C:\tmpDownload
2008-08-23 21:54 . 2008-08-23 21:54 <REP> d-------- C:\tmp
2008-08-23 21:09 . 2008-08-23 21:10 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.19
2008-08-23 19:25 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\MP-Manager
2008-08-23 19:24 . 2008-08-23 19:24 <REP> d-------- C:\Program Files\MPMAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 09:51 8,056,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-20 09:49 2,707,749 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-20 09:48 95,396 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-17 11:25 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\U3
2008-09-11 09:04 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\SolidWorks
2008-09-06 15:40 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-09-06 15:40 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-09-06 08:04 --------- d-----w C:\Program Files\Java
2008-08-31 17:26 --------- d-----w C:\Program Files\Recognita Standard OCR 3.2
2008-08-18 09:19 --------- d-----w C:\Program Files\DivX
2008-08-18 09:17 --------- d-----w C:\Program Files\Winamp
2008-07-19 11:57 2,670,080 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-19 11:57 1,683,456 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-04-30 17:19 50,840 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-03-05 20:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-20 19:06 15,397 ----a-w C:\Program Files\settings.dat
2006-03-05 17:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 22400]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;E:\SolidWorks 2005 SP0 crack (Ita-Eng-Fra)\Crack\lmgrd.exe [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{104d827d-77c2-11db-9429-0011d8b8c118}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5e9eb8-03c7-11dd-8c39-0011d8b8c118}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbab124a-712c-11dd-8d1d-0011d8b8c118}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-HDbpt5 - C:\WINDOWS\vhouv.exe
HKLM-Run-Media Gateway - C:\Program Files\Media Gateway\MediaGateway.exe
HKLM-Run-igmmu - c:\windows\system32\igmmu.exe


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: &Search
O8 -: E&xporter vers Microsoft Excel

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Yahoo! Checkers - hxxp://origin.games.yahoo.net/games/clients/y/kt4_x.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Checkers.osd

O16 -: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://real.gamehouse.com/games/adventureball/abx.cab
C:\WINDOWS\Downloaded Program Files\abx.inf
C:\WINDOWS\Downloaded Program Files\abx.ocx

O16 -: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} - hxxp://real.gamehouse.com/games/waterbugs/r64loader.cab
C:\WINDOWS\Downloaded Program Files\r64loader.inf
C:\WINDOWS\Downloaded Program Files\r64loader.dll

O16 -: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://real.gamehouse.com/games/trijinx/TriJinx.cab
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60.dll

O16 -: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}

O16 -: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - hxxp://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
C:\WINDOWS\Downloaded Program Files\nsvplayx_vp6_mp3.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 11:50:04
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\hp\KBD\kbd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 11:54:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-20 09:54:43

Avant-CF: 133ÿ119ÿ307ÿ776 octets libres
Après-CF: 134,878,224,384 octets libres

458 --- E O F --- 2008-08-28 09:38:08

------------------------------ @+, Christian.
 Répondre à Chre
Chre   04-01-2009 à 12:54:39
- 0 +

Bonjour vous,

Le problème a été résolu finalement différemment, alors on peut clore ce sujet, et je lui ajoute le statut "abandon" ;)

A bientôt,
Christian.

------------------------------ @+, Christian.
 Répondre à Chre
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > [Abandon] Fenêtres publicitaires intempestives
Aller à :

Il y a 1715 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,191 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens