Infection bagle
Forum Sécurité - Virus : Infection bagle
Salut, j'ai ce que je pense etre une infection par un bagle, mais les outils tel que elibagla et autres combofix n'ont pas résolu le probleme.
La pluspart de mes logiciels de sécurité (norton, spybot, ...) ne marchent plus, mes cartes sons déconnent, enfin bref, la joie.
J'ai fait des scans avec malwarebytes, avg, ad aware, ... Qui n'ont rien donné, je ne sais plus que faire.
A l'aide SVP.
Ci joint mon rapport combo fix, après moultes tatonnements
ComboFix 08-09-28.03 - Compaq_Propri‚taire 2008-09-30 4:03:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.569 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Antibagle.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@clickintext[1].txt
C:\InfoSat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\MSINET.oca
D:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 02:56 . 2008-09-30 02:56 250 --a------ C:\WINDOWS\gmer.ini
2008-09-29 13:42 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
2008-09-29 13:40 . 2008-09-29 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-29 13:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-29 11:38 . 2008-09-29 11:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-27 19:51 . 2008-09-27 19:51 <REP> d-------- C:\Muestras
2008-09-27 18:45 . 2008-09-27 18:45 <REP> d-------- C:\WINDOWS\55A6283C638A4EE0B49151118554BDA2.TMP
2008-09-26 18:34 . 2008-09-26 18:34 <REP> d-------- C:\VueScan
2008-09-26 16:54 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Oberon Media
2008-09-26 16:53 . 2008-09-26 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Media
2008-09-25 15:35 . 2008-09-25 15:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-09-25 15:35 . 2001-05-03 06:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-09-25 15:35 . 1996-02-26 18:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-09-24 22:55 . 2008-09-24 22:56 120 --a------ C:\drmHeader.bin
2008-09-24 22:37 . 2008-09-25 02:01 <REP> d-------- C:\divx
2008-09-24 22:23 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DivX
2008-09-24 19:54 . 2008-09-24 19:54 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-09-24 19:53 . 2008-09-24 19:53 21,764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe
2008-09-24 19:52 . 2006-03-24 17:01 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-09-24 19:52 . 2006-03-24 17:09 237,568 --a------ C:\WINDOWS\system32\vp7dec.ax
2008-09-24 19:52 . 2005-10-25 13:10 53,248 --a------ C:\WINDOWS\system32\vp7dec_settings.cpl
2008-09-24 19:51 . 2008-09-24 19:51 599,570 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-09-24 19:49 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-09-24 19:49 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-24 19:49 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-24 18:57 . 2008-09-24 18:58 <REP> d-------- C:\Program Files\ConvertMovie 4.4
2008-09-24 05:33 . 2008-09-27 19:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 05:33 . 2008-09-24 05:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-24 04:57 . 2008-09-24 04:57 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD5.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD4.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD3.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD2.sys
2008-09-17 20:09 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECEE.sys
2008-09-17 20:08 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECED.sys
2008-09-17 13:06 . 2000-08-02 10:16 1,048,640 --a------ C:\WINDOWS\system32\wsecedit.dll
2008-09-16 03:18 . 2008-09-16 03:18 <REP> d-------- C:\WINDOWS\Logs
2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-09-16 02:12 . 2008-09-16 02:12 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 02:12 . 2008-09-16 02:12 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2008-09-16 02:12 . 2008-09-16 02:12 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-09-16 02:12 . 2008-09-16 02:12 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-09-16 02:12 . 2008-09-16 02:12 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 02:12 . 2008-09-16 02:12 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-09-16 02:12 . 2008-09-16 02:12 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll
2008-09-16 02:11 . 2008-09-16 02:11 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-16 02:11 . 2008-09-16 02:11 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF5.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF4.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB74.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB73.sys
2008-09-14 23:13 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD7.sys
2008-09-14 23:12 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD6.sys
2008-09-10 04:50 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-09-10 04:20 . 2008-09-10 04:20 <REP> d-------- C:\Program Files\Uniblue
2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 04:15 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 04:15 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 04:15 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 05:49 . 2008-09-09 05:52 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-09 05:43 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002950_.tmp
2008-09-09 03:11 . 2008-09-09 04:04 <REP> d-------- C:\WINDOWS\EHome
2008-09-08 18:42 . 2008-09-09 18:43 4,031 ---hs---- C:\WINDOWS\system32\dajldinq.ini
2008-09-08 18:40 . 2008-09-10 03:59 510,729 --ahs---- C:\WINDOWS\system32\QBKTDJjl.ini2
2008-09-08 18:40 . 2008-09-10 04:00 510,729 --ahs---- C:\WINDOWS\system32\QBKTDJjl.ini
2008-09-08 17:55 . 2008-09-17 11:27 <REP> d-------- C:\Program Files\DNA
2008-09-08 17:55 . 2008-09-08 17:55 <REP> d-------- C:\Program Files\BitTorrent
2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DNA
2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\BitTorrent
2008-09-07 00:18 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Alawar
2008-09-03 05:07 . 2008-09-03 05:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp6ED8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp43E8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp28E8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp1CE8E.FOT
2008-09-03 05:06 . 2008-09-06 23:05 <REP> d-------- C:\Program Files\GamesBar
2008-09-01 16:18 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Calendrier Xtra
2008-09-01 14:45 . 2008-09-01 14:45 <REP> d-------- C:\Program Files\LuckyTender
2008-09-01 14:12 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCC.sys
2008-09-01 14:11 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCB.sys
2008-09-01 01:00 . 2008-09-01 01:00 <REP> d-------- C:\Program Files\Nomad Factory
2008-08-31 16:43 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2B17BA39E.sys
2008-08-29 23:26 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC1.sys
2008-08-29 23:25 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC0.sys
2008-08-27 17:40 . 2006-10-26 15:29 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-08-27 17:40 . 2006-10-26 15:29 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-08-27 16:40 . 2006-09-21 16:45 84,992 --a------ C:\WINDOWS\system32\drivers\koreusb.sys
2008-08-27 16:40 . 2006-09-21 16:46 25,088 --a------ C:\WINDOWS\system32\drivers\koreavs.sys
2008-08-24 15:34 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D272B730B3.sys
2008-08-23 19:20 . 2008-08-23 19:20 <REP> d-------- C:\Program Files\Garritan Jazz Big Band
2008-08-23 10:06 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D232414DDE.sys
2008-08-22 22:46 . 2008-08-22 22:47 <REP> d-------- C:\Program Files\LiquidInstrument
2008-08-22 18:52 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D228CEB20A.sys
2008-08-21 02:18 . 2008-04-11 21:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-03 13:14 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\LuckyTender
2008-08-02 15:03 . 2008-08-02 15:04 <REP> d-------- C:\Program Files\CDXTRACT4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-29 10:14 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-27 16:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-27 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-27 16:44 --------- d-----w C:\Program Files\Norton 360
2008-09-26 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-25 13:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 16:57 --------- d-----w C:\Program Files\MOVAVI
2008-09-24 03:02 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-24 02:57 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-09-23 01:10 --------- d-----w C:\Program Files\VstPlugins
2008-09-16 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 21:30 --------- d-----w C:\Program Files\Best Service
2008-09-10 14:46 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Real
2008-09-09 18:38 --------- d-----w C:\Program Files\WinClamAVShield
2008-09-09 18:05 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-09-09 09:49 --------- d-----w C:\Program Files\Symantec
2008-09-09 09:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-09 09:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-09 09:48 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-05 13:22 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-09-04 16:25 --------- d-----w C:\Program Files\Wanadoo
2008-08-30 12:41 --------- d-----w C:\Program Files\Fichiers communs\Native Instruments
2008-08-27 15:40 --------- d-----w C:\Program Files\Native Instruments
2008-07-31 21:54 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26659B183.sys
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 11:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Bioshock
2008-07-29 06:40 --------- d--h--r C:\Documents and Settings\Compaq_Propriétaire\Application Data\SecuROM
2008-07-24 19:52 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2ABB8C36B.sys
2008-07-22 18:37 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2859F7D89.sys
2008-07-12 18:42 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D29D34FFEA.sys
2008-07-04 10:48 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2008-06-07 21:07 65,344 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-08-13 00:36 604 ---ha-w C:\Program Files\STLL Notifier
2007-06-03 03:06 134 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-05-29 21:47 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D206385595.sys
1996-12-04 22:00 73,184 ----a-w C:\Program Files\Fichiers communs\Dao2535.tlb
1996-12-02 16:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll
2007-05-01 17:35 524,260 --sha-w C:\WINDOWS\system32\pqstv.bak1
2007-05-01 21:33 524,101 --sha-w C:\WINDOWS\system32\pqstv.bak2
2007-04-28 02:35 522,608 --sha-w C:\WINDOWS\system32\stvwa.bak2
2007-04-28 10:40 510,082 --sha-w C:\WINDOWS\system32\stvwa.ini2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}]
2008-05-30 00:42 188416 --a------ C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"kX Mixer"="C:\WINDOWS\system32\kxmixer.exe" [2004-02-17 438784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-09-29 51048]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 172544]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-05 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"= rddv1027.dll
"midi8"= rddv1027.dll
"vidc.X264"= x264vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
backup=C:\WINDOWS\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Registration .LNK]
backup=C:\WINDOWS\pss\Registration .LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zlwatzhnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCD2000]
-ra------ 2005-06-15 11:34 536576 C:\WINDOWS\system32\bcd2kcpan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:34 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Applications\Bureau\Daemon Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DJ Console]
--------- 2004-01-08 11:08 270336 C:\Applications\SON\Hercule DJC\DJConsoleMixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-07-13 03:38 1851392 C:\Program Files\Electronic Arts\EA Downloader\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2007-12-11 04:59 307200 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-11-09 19:29 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:34 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 20:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-31 13:11 98304 C:\Applications\Bureau\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 20:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-10-12 04:04 856072 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-24 04:56 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-05-25 19:35 35328 C:\Applications\Players\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
--a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-13 17:12 49152 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-01-11 19:23 15961088 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"sp_rssrv"=2 (0x2)
"gusvc"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"StarWindService"=2 (0x2)
"PnkBstrA"=2 (0x2)
"pr2amkwb"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Applications\Bureau\Daemon Tools\daemon.exe" -lang 1033
"AdobeUpdater"=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=C:\Applications\Players\Winamp\winampa.exe
"EoSudoku"=
"EoEngine"=
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Applications\\Internet\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Guild wars
"80:TCP"= 80:TCP:guild wars 2
R0 pe3amkwb;Reprobates Environment Driver (pe3amkwb);C:\WINDOWS\system32\drivers\pe3amkwb.sys [2007-08-20 64632]
R0 ps7amkwb;Reprobates Synchronization Driver (ps7amkwb);C:\WINDOWS\system32\drivers\ps7amkwb.sys [2007-08-20 68736]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-06-14 135936]
R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2007-04-01 81408]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe [2007-07-03 446464]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 8768]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-02-19 162432]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-02-19 12032]
R2 MicroGuard;MicroGuard Copy Protection;C:\WINDOWS\system32\drivers\mgnt.sys [1997-10-09 40288]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys [2004-02-17 571776]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-01-29 48928]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 BCD2000;Behringer BCD2000 V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000.SYS [2005-06-15 39648]
S3 BCD2000WDM;Behringer BCD2000WDM V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000WDM.SYS [2005-06-15 21600]
S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys [2003-06-12 34994]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2003-08-26 30080]
S3 NvnUsbAudio;NvnUsbAudio;C:\WINDOWS\system32\drivers\nvnusbaudio.sys [2007-05-04 25600]
S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2003-10-31 60698]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);C:\WINDOWS\system32\Drivers\ScratchAmp.sys [2003-01-31 22912]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 16896]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S4 pr2amkwb;Reprobates Drivers Auto Removal (pr2amkwb);C:\WINDOWS\system32\pr2amkwb.exe svc [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38410722-bc7d-11db-a009-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{531d722c-f1a5-11da-9efd-0017310e7e21}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994c5f83-9a47-11dc-a0bf-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42a4530-f1d8-11da-9f07-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec276cc-0645-11dd-a4a6-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb87633-f1c6-11da-9f06-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
*Newly Created Service* - COMHOST
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
HKU-Default-RunOnce-POSTRBT - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
HKU-Default-RunOnce-<NO NAME> - (no file)
ShellExecuteHooks-{1FB5C8F6-82F0-49CE-BCD9-9C80DDA48E26} - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-InfoData - C:\WINDOWS\system32\tanialdr.dll
MSConfigStartUp-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-WindowsService - C:\WINDOWS\system32\xddahfwm.dll
MSConfigStartUp-WindowsUpdate - C:\WINDOWS\system32\xrjrhfed.dll
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xporter vers Microsoft Excel - C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485}
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05}
O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485} - -
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe -
O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - -
O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe -
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - -
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe -
O17 -: HKLM\CCS\Interface\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 04:17:12
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system\hpsysdrv.exe
.
**************************************************************************
.
Heure de fin: 2008-09-30 4:44:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-30 02:43:58
Avant-CF: 4ÿ088ÿ037ÿ376 octets libres
Après-CF: 3,977,338,880 octets libres
444 --- E O F --- 2008-09-10 02:46:37
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Salut, merci de te pencher sur mon triste cas
J'ai effectue un scan mbam qui à trouvé quelques clefs de registres infectées et les à virées.
Par contre, norton ne marche toujours pas, spybot non plus, le mode sans échec est toujours aléatoire, et ma carte son redémarre toujours systématiquement avec toutes les entrées mutées et volume à zero.
Je te met le log mbam
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
30/09/2008 02:51:04
mbam-log-2008-09-30 (02-51-04).txt
Type de recherche: Examen rapide
Eléments examinés: 47355
Temps écoulé: 23 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Live_TV\INSTALL.LOG (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1f98a346.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1f98a346.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iyvjzpod_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zlwatzhnk_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iyvjzpod_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zlwatzhnk_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\taskmon.exe (Proxy.Agent) -> Quarantined and deleted successfully.
Re,
- Télécharge Catchme (Gmer) sur ton Bureau.
- Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
&
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Salut, j'ai déjà fait un scan hijack this, qui à donné cela:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:16:31, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kxmixer.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\jkos-Compaq_Propriétaire\binaries\ScanningProcess.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\jkos-Compaq_Propriétaire\binaries\ScanningProcess.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/aurigma/ImageUploader4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.c [...] lashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10891 bytes
Je tente un Gmer et je te poste le log
Voila aussi un log de scan Kapersky en ligne, si ça peut servir
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 30, 2008 04:44:38
Records in database: 1275644
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Critical Areas:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage
C:\Program Files
C:\WINDOWS
Scan statistics:
Files scanned: 176205
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 10:15:15
File name / Threat name / Threats count
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.abv 1
C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll Infected: not-a-virus:AdWare.Win32.Agent.fps 1
The selected area was scanned.
Re,
Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
:files
|
Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
&
Réinstalle GoogleToolbarNotifier si nécessaire.
Répondre à Angeldark
Voici le rapport de OT move it
========== FILES ==========
C:\WINDOWS\system32\dajldinq.ini moved successfully.
C:\WINDOWS\system32\QBKTDJjl.ini2 moved successfully.
C:\WINDOWS\system32\QBKTDJjl.ini moved successfully.
C:\WINDOWS\system32\pqstv.bak1 moved successfully.
C:\WINDOWS\system32\pqstv.bak2 moved successfully.
C:\WINDOWS\system32\stvwa.bak2 moved successfully.
C:\WINDOWS\system32\stvwa.ini2 moved successfully.
C:\Program Files\GamesBar moved successfully.
C:\Program Files\LuckyTender\1.3.0 moved successfully.
C:\Program Files\LuckyTender moved successfully.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\LuckyTender moved successfully.
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}\\ not found.
OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10012008_153753
Reposte un rapport Hijackthis.
Répondre à Angeldark
Voila le rapport hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:50, on 01/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kxmixer.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\catchme.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/aurigma/ImageUploader4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.c [...] lashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 10108 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll (file missing)
|
Répondre à Angeldark
Sinon, j'ai lancé Gmer qui m'a ouvert une fenêtre DOS et me dit qu'il scanne, mais n'a plus l'air de bouger.
Un truc que j'ai oublié de dire: j'ai essayé ce matin de désinstaller norton, mais il ne veux pas aller au bout de la désinstallation.
Tu as raté mon message 
Répondre à Angeldark
C'est OK, j'ai fixé les lignes que tu m'as donné avec hijack this, elles ont disparu du nouveau rapport.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:55:31, on 01/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\kxmixer.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\catchme.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLIC~1\Bureau\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fotodiscount.com/aurigma/ImageUploader4.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.c [...] lashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CCS\Services\Tcpip\..\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9747 bytes
Tiens, Gmer à bougé. Maintenant, il me dit:
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
C'est Catchme et pas Gmer 
Pour virer Norton :
http://service1.symantec.com/SUPPO [...] 4110429924
Répondre à Angeldark
Est ce que tu penses que ma machine est propre maintenant?
Je pense
Répondre à Angeldark
Zut et flute, je croyais ma machine propre, mais j'ai essayé de réinstaller norton et spybot, et les deux me renvoyent toujours le même message d'erreur (... n'est pas une application win 32 valide) et refusent catégoriquement de se lancer.
Par contre je n'ai plus de problème avec mes cartes son.
J'ai donc besoin d'un petit rab d'aide si y a moyen.
Refais un scan Combofix pour voir.
Répondre à Angeldark
Mon dernier log combofix:
ComboFix 08-10-01.06 - Compaq_Propri‚taire 2008-10-02 22:16:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.445 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Antibagle.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.
2008-10-01 19:50 . 2008-10-01 19:54 <REP> d-------- C:\Program Files\Norton 360
2008-10-01 19:48 . 2008-10-01 19:52 <REP> d-------- C:\Program Files\Symantec
2008-10-01 19:48 . 2008-10-01 19:52 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-01 19:48 . 2008-10-01 19:52 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-01 15:37 . 2008-10-01 15:37 <REP> d-------- C:\_OTMoveIt
2008-10-01 15:00 . 2008-10-01 15:00 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-10-01 10:38 . 2008-10-01 10:38 <REP> d-------- C:\KAV
2008-09-30 07:12 . 2008-09-30 07:35 <REP> d-------- C:\Program Files\Spyware Doctor
2008-09-30 07:12 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\PC Tools
2008-09-30 07:12 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-30 07:12 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-30 07:12 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-30 07:12 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-30 07:10 . 2008-09-30 07:10 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-09-30 07:10 . 2008-09-30 07:10 3,120 --a------ C:\WINDOWS\118294.78
2008-09-30 07:09 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-09-30 07:09 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-09-30 05:49 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
2008-09-30 05:49 . 2008-09-30 05:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-30 05:49 . 2008-09-30 05:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-30 05:48 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Oberon Media
2008-09-30 05:47 . 2008-09-30 05:47 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-09-30 05:46 . 2008-09-30 05:46 <REP> d-------- C:\WINDOWS\Logs
2008-09-30 05:27 . 2008-09-30 05:27 <REP> d-------- C:\Program Files\Trend Micro
2008-09-30 02:56 . 2008-09-30 02:56 250 --a------ C:\WINDOWS\gmer.ini
2008-09-29 13:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-27 19:51 . 2008-09-27 19:51 <REP> d-------- C:\Muestras
2008-09-26 18:34 . 2008-09-30 05:39 <REP> d-------- C:\VueScan
2008-09-26 16:53 . 2008-09-26 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Media
2008-09-25 15:35 . 2008-09-30 05:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FirstClass
2008-09-25 15:35 . 2001-05-03 06:36 4,710 --a------ C:\WINDOWS\system32\fc.ico
2008-09-25 15:35 . 1996-02-26 18:15 2,528 --a------ C:\WINDOWS\FCIC.INI
2008-09-24 22:55 . 2008-09-24 22:56 120 --a------ C:\drmHeader.bin
2008-09-24 22:37 . 2008-09-25 02:01 <REP> d-------- C:\divx
2008-09-24 22:23 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DivX
2008-09-24 19:54 . 2008-09-24 19:54 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-09-24 19:53 . 2008-09-24 19:53 21,764 --a------ C:\WINDOWS\system32\CoreAAC-uninstall.exe
2008-09-24 19:52 . 2006-03-24 17:01 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-09-24 19:52 . 2006-03-24 17:09 237,568 --a------ C:\WINDOWS\system32\vp7dec.ax
2008-09-24 19:52 . 2005-10-25 13:10 53,248 --a------ C:\WINDOWS\system32\vp7dec_settings.cpl
2008-09-24 19:51 . 2008-09-24 19:51 599,570 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-09-24 19:49 . 2008-07-23 18:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-09-24 19:49 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-09-24 19:49 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-09-24 18:57 . 2008-09-30 05:40 <REP> d-------- C:\Program Files\ConvertMovie 4.4
2008-09-24 05:33 . 2008-09-27 19:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 05:33 . 2008-09-24 05:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD5.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD4.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD3.sys
2008-09-20 15:04 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD2.sys
2008-09-17 20:09 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECEE.sys
2008-09-17 20:08 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2571BECED.sys
2008-09-17 13:06 . 2000-08-02 10:16 1,048,640 --a------ C:\WINDOWS\system32\wsecedit.dll
2008-09-16 02:14 . 2008-09-16 02:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 02:14 . 2008-09-16 02:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-09-16 02:14 . 2008-09-16 02:14 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2008-09-16 02:14 . 2008-09-16 02:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-09-16 02:12 . 2008-09-16 02:12 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 02:12 . 2008-09-16 02:12 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2008-09-16 02:12 . 2008-09-16 02:12 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-09-16 02:12 . 2008-09-16 02:12 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-09-16 02:12 . 2008-09-16 02:12 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 02:12 . 2008-09-16 02:12 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2008-09-16 02:12 . 2008-09-16 02:12 3,067 --a------ C:\WINDOWS\system32\dtu_fr.qm
2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-09-16 02:12 . 2008-09-16 02:12 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 02:11 . 2008-09-16 02:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 02:11 . 2008-09-16 02:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 02:11 . 2008-09-16 02:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 02:11 . 2008-09-16 02:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll
2008-09-16 02:11 . 2008-09-16 02:11 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-16 02:11 . 2008-09-16 02:11 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-09-16 02:11 . 2008-09-16 02:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 02:11 . 2008-09-16 02:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF5.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A84BAF4.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB74.sys
2008-09-14 23:17 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D24A06AB73.sys
2008-09-14 23:13 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD7.sys
2008-09-14 23:12 . 0 C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D221B25AD6.sys
2008-09-10 04:50 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-09-10 04:20 . 2008-09-10 04:20 <REP> d-------- C:\Program Files\Uniblue
2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 04:15 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-09-10 04:15 . 2008-09-10 04:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 04:15 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 04:15 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 05:49 . 2008-09-09 05:52 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-09 05:43 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002950_.tmp
2008-09-09 03:11 . 2008-09-09 04:04 <REP> d-------- C:\WINDOWS\EHome
2008-09-08 17:55 . 2008-09-17 11:27 <REP> d-------- C:\Program Files\DNA
2008-09-08 17:55 . 2008-09-08 17:55 <REP> d-------- C:\Program Files\BitTorrent
2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\DNA
2008-09-08 17:55 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\BitTorrent
2008-09-07 00:18 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Alawar
2008-09-03 05:07 . 2008-09-03 05:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Playtonium Games
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp6ED8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp43E8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp28E8E.FOT
2008-09-03 05:07 . 2008-09-03 05:07 1,409 --a------ C:\WINDOWS\system32\tmp1CE8E.FOT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 20:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-01 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-01 17:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Symantec
2008-10-01 17:52 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-01 17:52 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-30 05:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-30 05:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 03:47 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-09-30 03:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-30 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 03:45 --------- d-----w C:\Program Files\VstPlugins
2008-09-30 03:40 --------- d-----w C:\Program Files\MOVAVI
2008-09-30 03:38 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-29 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-14 21:30 --------- d-----w C:\Program Files\Best Service
2008-09-10 14:46 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Real
2008-09-09 18:38 --------- d-----w C:\Program Files\WinClamAVShield
2008-09-09 18:05 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-09-05 13:22 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-09-04 16:25 --------- d-----w C:\Program Files\Wanadoo
2008-09-01 14:26 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Calendrier Xtra
2008-09-01 12:12 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCC.sys
2008-09-01 12:11 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26E113FCB.sys
2008-08-31 23:00 --------- d-----w C:\Program Files\Nomad Factory
2008-08-31 14:43 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2B17BA39E.sys
2008-08-30 12:41 --------- d-----w C:\Program Files\Fichiers communs\Native Instruments
2008-08-29 21:26 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC1.sys
2008-08-29 21:25 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2BF986FC0.sys
2008-08-27 15:40 --------- d-----w C:\Program Files\Native Instruments
2008-08-24 13:34 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D272B730B3.sys
2008-08-23 17:20 --------- d-----w C:\Program Files\Garritan Jazz Big Band
2008-08-23 08:06 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D232414DDE.sys
2008-08-22 20:47 --------- d-----w C:\Program Files\LiquidInstrument
2008-08-22 16:52 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D228CEB20A.sys
2008-08-02 13:04 --------- d-----w C:\Program Files\CDXTRACT4
2008-07-31 21:54 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D26659B183.sys
2008-07-24 19:52 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2ABB8C36B.sys
2008-07-22 18:37 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D2859F7D89.sys
2008-07-12 18:42 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D29D34FFEA.sys
2008-07-04 10:48 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2008-06-07 21:07 65,344 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2007-08-13 00:36 604 ---ha-w C:\Program Files\STLL Notifier
2007-06-03 03:06 134 ----a-w C:\Program Files\satsukidecodersettings.ini
2007-05-29 21:47 0 ---ha-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\.EB5543D206385595.sys
1996-12-04 22:00 73,184 ----a-w C:\Program Files\Fichiers communs\Dao2535.tlb
1996-12-02 16:44 582,144 ----a-w C:\Program Files\Fichiers communs\dao350.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-30_ 4.43.30.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 04:29:52 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
+ 2008-10-01 17:48:46 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
- 2008-09-09 09:10:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-01 17:34:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-09 09:10:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-10-01 17:34:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-09-09 09:10:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 17:34:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-30 15:42:12 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2008-01-12 18:32:00 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
- 2008-06-13 12:13:38 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
+ 2008-02-05 19:34:43 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
- 2008-06-13 12:13:38 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
+ 2008-02-05 19:34:43 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
- 2008-06-13 12:13:38 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
+ 2008-02-05 19:34:43 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
- 2008-06-13 12:14:02 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
+ 2008-02-06 21:43:53 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
- 2008-06-13 12:13:38 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
+ 2008-02-05 19:34:43 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
- 2008-06-13 12:13:40 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
+ 2008-02-05 19:34:43 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
- 2008-06-13 12:13:38 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
+ 2008-02-05 19:34:43 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
- 2008-06-13 12:13:40 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
+ 2008-02-05 19:34:43 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
- 2008-09-09 09:13:46 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-30 05:14:37 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-09 09:13:47 85,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-09-30 05:14:37 85,688 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-09-09 09:13:46 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-30 05:14:37 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-09-09 09:13:47 512,286 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-09-30 05:14:37 512,286 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-06-17 16:30:45 1,121,372 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-30 03:49:30 29,290,452 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2008-06-13 12:45:48 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
+ 2008-02-20 01:06:11 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
- 2008-06-13 12:45:44 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
+ 2008-02-20 01:06:11 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
+ 2008-10-02 20:36:09 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_5d4.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"kX Mixer"="C:\WINDOWS\system32\kxmixer.exe" [2004-02-17 438784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-04 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 172544]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-09-28 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-09-28 988512]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-05 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"= rddv1027.dll
"midi8"= rddv1027.dll
"vidc.X264"= x264vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
backup=C:\WINDOWS\pss\Accélérateur de démarrage AutoCAD.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire^Menu Démarrer^Programmes^Démarrage^Registration .LNK]
backup=C:\WINDOWS\pss\Registration .LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zlwatzhnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCD2000]
-ra------ 2005-06-15 11:34 536576 C:\WINDOWS\system32\bcd2kcpan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:34 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Applications\Bureau\Daemon Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DJ Console]
--------- 2004-01-08 11:08 270336 C:\Applications\SON\Hercule DJC\DJConsoleMixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-07-13 03:38 1851392 C:\Program Files\Electronic Arts\EA Downloader\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2007-12-11 04:59 307200 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-11-09 19:29 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 16:44 61440 C:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:34 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2006-02-24 20:46 147456 C:\Program Files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-31 13:11 98304 C:\Applications\Bureau\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 20:23 663552 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-24 04:56 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-05-25 19:35 35328 C:\Applications\Players\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
--a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\CnxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-13 17:12 49152 C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-10-13 17:12 24576 C:\PROGRA~1\Wanadoo\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-01-11 19:23 15961088 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"sp_rssrv"=2 (0x2)
"gusvc"=2 (0x2)
"IDriverT"=3 (0x3)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"StarWindService"=2 (0x2)
"PnkBstrA"=2 (0x2)
"pr2amkwb"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Applications\Bureau\Daemon Tools\daemon.exe" -lang 1033
"AdobeUpdater"=C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=C:\Applications\Players\Winamp\winampa.exe
"EoSudoku"=
"EoEngine"=
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"C:\\Applications\\Internet\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Guild wars
"80:TCP"= 80:TCP:guild wars 2
R0 pe3amkwb;Reprobates Environment Driver (pe3amkwb);C:\WINDOWS\system32\drivers\pe3amkwb.sys [2007-08-20 64632]
R0 ps7amkwb;Reprobates Synchronization Driver (ps7amkwb);C:\WINDOWS\system32\drivers\ps7amkwb.sys [2007-08-20 68736]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-06-14 135936]
R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2007-04-01 81408]
R2 ADSLAutoconnect;ADSLAutoconnect;C:\APPLICATIONS\INTERNET\ADSL Autoconnect\ADSL Autoconnect.exe [2007-07-03 446464]
R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 8768]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-02-19 162432]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-02-19 12032]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 MicroGuard;MicroGuard Copy Protection;C:\WINDOWS\system32\drivers\mgnt.sys [1997-10-09 40288]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 kxwdmdrv;kX WDM Driver Service;C:\WINDOWS\system32\drivers\kx.sys [2004-02-17 571776]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-01-29 48928]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 BCD2000;Behringer BCD2000 V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000.SYS [2005-06-15 39648]
S3 BCD2000WDM;Behringer BCD2000WDM V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000WDM.SYS [2005-06-15 21600]
S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys [2003-06-12 34994]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2003-08-26 30080]
S3 NvnUsbAudio;NvnUsbAudio;C:\WINDOWS\system32\drivers\nvnusbaudio.sys [2007-05-04 25600]
S3 RDID1027;EDIROL PCR;C:\WINDOWS\system32\Drivers\rdwm1027.sys [2003-10-31 60698]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);C:\WINDOWS\system32\Drivers\ScratchAmp.sys [2003-01-31 22912]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-01-29 16896]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 pr2amkwb;Reprobates Drivers Auto Removal (pr2amkwb);C:\WINDOWS\system32\pr2amkwb.exe svc [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38410722-bc7d-11db-a009-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{531d722c-f1a5-11da-9efd-0017310e7e21}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b42a4530-f1d8-11da-9f07-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cec276cc-0645-11dd-a4a6-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb87633-f1c6-11da-9f06-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
*Newly Created Service* - CLTNETCNSERVICE
*Newly Created Service* - COMHOST
*Newly Created Service* - LIVEUPDATE_NOTICE
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xporter vers Microsoft Excel - C:\APPLIC~1\Bureau\OfficeXP\Office10\EXCEL.EXE/3000
O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485}
O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05}
O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 -: {13C1DBF6-7535-495c-91F6-8C13714ED485} - -
O9 -: {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - -
O9 -: {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe -
O9 -: {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe -
O17 -: HKLM\CCS\Interface\{3AAAD5C2-861F-4CF2-9AD7-58349A7025DB}: NameServer = 80.10.246.1 81.253.149.2
O17 -: HKLM\CCS\Interface\{575583AB-2F01-45A0-9B99-81FAB89906B1}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{7A2F933A-2A6D-4311-856E-4519331C083C}: NameServer = 208.67.220.220,208.67.222.222
O17 -: HKLM\CCS\Interface\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 208.67.220.220,208.67.222.222
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 22:36:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system\hpsysdrv.exe
.
**************************************************************************
.
Heure de fin: 2008-10-02 23:24:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 21:23:56
ComboFix2.txt 2008-09-30 02:44:06
Avant-CF: 7ÿ122ÿ612ÿ224 octets libres
Après-CF: 7,147,495,424 octets libres
465 --- E O F --- 2008-09-10 02:46:37
Euh t'as réinstallé les programmes qui déconnaient en fin de désinfection ?
Répondre à Angeldark
Salut, oui, j'ai désinstallé et tenté de réinstaller et spybot, et norton. Les deux se réinstallent, mais quand j'essaye de les ouvrir, ils m'envoyent un message ... n'est pas une application win 32 valide et refusent de s'ouvrir. Je ne comprend pas pourquoi.
Bizarre.
Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.
Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Répondre à Angeldark
Salut, je reviens à la charge après deux semaines de dépit total.
Tout à l'air de fonctionner normalement mais je ne peux toujours pas reinstaller ni Norton antivirus, ni spybot.
Après plusieurs tentatives de nettoyage et de réinstallation de Norton, le centre de sécurité windows me le signale comme étant périmé ( ce qui n'est pas vrai). Quoi que je fasse Norton ne veux pas se lancer correctement, ni spybot.
Je joins un rapport Gmer dans mon prochain message.
Salut, le scan Gmer s'est terminé par:
aucune modification systeme détectée.
Pourtant, à cause du mauvais fonctionnement de mes antivirus, je suis sûr qu'il doit rester une trace quelque part. J'ai fait plusieurs nettoyages de registre qui n'ont pas changé le problème. Je ne sais plus quoi faire de plus.
Il y a 1931 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
