Analyse rapport hyjackthis SVP
Dernière réponse : dans Sécurité
Bonjour,
je suis envahie de pubs intempestives depuis peu, après avoir lu plusieurs sujets g fait une analyse spybot et supprimé les fichiers malveillants mais sa recommence encore donc g fait une analyse hyjackthis seulement je compte sur vous pour analyser le rapport
Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:22, on 22/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC1\Bureau\Nouveau dossier\abcde.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: snappyads browser enhancer - {F76004AE-816A-CF4D-F0B9-A4196CC44D49} - C:\WINDOWS\system32\hspvdhkfes.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [abnmdmsqplg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\hspvdhkfes.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: C:\WINDOWS\System32\ftsrch32.dll
O20 - Winlogon Notify: b8594895517 - C:\WINDOWS\System32\ftsrch32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8886 bytes
je suis envahie de pubs intempestives depuis peu, après avoir lu plusieurs sujets g fait une analyse spybot et supprimé les fichiers malveillants mais sa recommence encore donc g fait une analyse hyjackthis seulement je compte sur vous pour analyser le rapport
Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:22, on 22/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC1\Bureau\Nouveau dossier\abcde.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: snappyads browser enhancer - {F76004AE-816A-CF4D-F0B9-A4196CC44D49} - C:\WINDOWS\system32\hspvdhkfes.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [abnmdmsqplg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\hspvdhkfes.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: C:\WINDOWS\System32\ftsrch32.dll
O20 - Winlogon Notify: b8594895517 - C:\WINDOWS\System32\ftsrch32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8886 bytes
Autres pages sur : analyse rapport hyjackthis svp
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Bonjour,
Voici le rapport combofix
ComboFix 09-01-21.04 - PC1 2009-01-26 11:48:40.2 - NTFSx86
Lancé depuis: c:\documents and settings\PC1\Bureau\Nouveau dossier\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081222-0] *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *enabled*
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC1\Application Data\02000000394dfd39517C.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517O.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517P.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\2.tmp
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
.
---- Exécution préalable -------
.
C:\Autorun.inf
c:\documents and settings\PC1\Application Data\02000000394dfd39517C.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517O.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517P.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517S.manifest
c:\documents and settings\PC1\new.txt
c:\program files\Altnet
c:\program files\Altnet\DBBackup\Sigfiles.db
c:\program files\Altnet\Download Manager\admdata.dll
c:\program files\Altnet\Download Manager\dminfo3.cab
c:\program files\Altnet\Download Manager\dminstall7.cab
c:\program files\Altnet\Download Manager\dmsetup.bmp
c:\program files\Altnet\Download Manager\dmsetupbig.bmp
c:\program files\Altnet\Download Manager\jsinstall.cab
c:\program files\Altnet\Download Manager\jslegals.txt
c:\program files\Altnet\Download Manager\selectdir.txt
c:\program files\Altnet\Download Manager\selectdir1st.txt
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\GnuHashes.ini
c:\windows\smdat32m.sys
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\32.crack.zip
c:\windows\system32\GroupPolicyManifest\32.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\33.video.zip
c:\windows\system32\GroupPolicyManifest\33.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\34.setup.zip
c:\windows\system32\GroupPolicyManifest\34.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\35.unpack.zip
c:\windows\system32\GroupPolicyManifest\35.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\36.keygen.zip
c:\windows\system32\GroupPolicyManifest\36.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\37.serial.zip
c:\windows\system32\GroupPolicyManifest\37.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\39.music.mp3
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
c:\windows\system32\hspvdhkfes.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.
2009-01-23 08:53 . 2009-01-26 09:31 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-23 08:53 . 2009-01-26 09:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 09:55 . 2009-01-22 09:55 373,760 --ahs---- c:\windows\system32\A2.tmp
2009-01-21 11:15 . 2009-01-21 11:15 <REP> d-------- c:\program files\CCleaner
2009-01-21 10:42 . 2009-01-21 10:42 47,584 --a------ c:\windows\system32\nwgtofhqcqhlecxd.exe
2009-01-21 09:54 . 2009-01-21 09:54 135,168 --a------ c:\windows\system32\ftsrch32.dll
2009-01-20 10:26 . 2009-01-20 10:26 <REP> d-------- c:\documents and settings\PC1\Application Data\BigFishv1002
2009-01-19 15:26 . 2009-01-19 15:26 <REP> d-------- c:\documents and settings\PC1\Application Data\Realv1001
2009-01-19 15:06 . 2009-01-19 15:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2009-01-16 10:57 . 2009-01-21 11:00 <REP> d-------- C:\My Games
2009-01-16 10:53 . 2009-01-21 17:47 <REP> d-------- C:\My Download Files
2009-01-15 16:33 . 2009-01-15 16:33 <REP> d-------- c:\documents and settings\All Users\Application Data\SpecialBit
2009-01-14 14:30 . 2009-01-14 14:30 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-14 14:30 . 2009-01-14 14:30 1,409 --a------ c:\windows\QTFont.for
2009-01-12 09:57 . 2009-01-12 09:57 <REP> d--hs---- c:\documents and settings\PC1\UserData
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\PC1\Application Data\blg
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\blg
2009-01-06 16:23 . 2009-01-06 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-06 11:12 . 2009-01-06 11:12 <REP> d-------- c:\documents and settings\All Users\Application Data\PlayPond
2009-01-06 08:28 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-06 08:27 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-01-06 08:26 . 2009-01-06 08:26 <REP> d-------- c:\windows\Logs
2009-01-05 08:55 . 2009-01-05 08:55 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 15:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-01-21 09:53 --------- d-----w c:\documents and settings\PC1\Application Data\LimeWire
2009-01-20 13:47 --------- d-----w c:\documents and settings\PC1\Application Data\Meridian93
2009-01-05 07:55 --------- d-----w c:\program files\Java
2008-12-23 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\AdventureChronicles1
2008-12-23 13:55 --------- d-----w c:\documents and settings\PC1\Application Data\Cat's Eye Games
2008-12-17 14:53 --------- d-----w c:\documents and settings\PC1\Application Data\PlayFirst
2008-12-17 14:53 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-11 16:38 --------- d-----w c:\documents and settings\PC1\Application Data\Shape games
2008-12-11 16:24 --------- d-----w c:\documents and settings\PC1\Application Data\Pogo Games
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\NeptunesAdve
2008-12-09 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze
2008-12-03 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Mushroom Age
2008-12-03 13:16 --------- d-----w c:\program files\Google
2008-11-27 10:43 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-27 10:43 --------- d-----w c:\program files\HPQ
2008-11-27 10:43 --------- d-----w c:\program files\HP
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-27 10:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 10:21 --------- d-----w c:\documents and settings\PC1\Application Data\GlarySoft
2008-04-23 08:23 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-03-05 09:31 0 ----a-w c:\program files\temp01
2007-07-10 08:00 0 ----a-w c:\documents and settings\PC1\Application Data\wklnhst.dat
2007-06-04 08:51 6,261,907 ----a-w c:\program files\install.exe
2007-06-04 06:50 5,823,256 ----a-w c:\program files\Firefox Setup 2.0.0.4.exe
2005-07-12 10:23 22,786,672 ----a-w c:\program files\iTunesSetup.exe
2008-10-08 12:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100820081009\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-11 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\b8594895517]
2009-01-21 09:54 135168 c:\windows\system32\ftsrch32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"6346:TCP"= 6346:TCP:SHAREAZA
"65091:TCP"= 65091:TCP:eMule_TCP
"16689:UDP"= 16689:UDP:eMule-UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2005-03-17 14156]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
.
Contenu du dossier 'Tâches planifiées'
2005-07-22 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - PC1.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-11-22 11:04]
2007-10-16 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{F76004AE-816A-CF4D-F0B9-A4196CC44D49} - c:\windows\system32\hspvdhkfes.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC1\Application Data\Mozilla\Firefox\Profiles\oodx1ci0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 11:52:33
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,3d,e9,40,75,85,88,74,c0,9c,7b,75,dd,0d,49,c2,dc,7e,73,65,10,f2,c3,
c4,c1,8d,03,09,66,46,99,33,b5,ba,f1,d2,3b,5b,66,9f,62,ce,7f,eb,27,fc,15,f3,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:36,2c,01,b1,5f,c7,0c,59,e6,e6,f9,47,e0,5e,8d,b2,9b,92,ec,56,1a,
e8,5e,62,05,34,1f,d0,fb,57,61,f3,78,c6,bf,d6,00,b5,3b,90,dc,0c,9e,a6,42,54,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\System32\ftsrch32.dll
.
Heure de fin: 2009-01-26 11:55:28
ComboFix-quarantined-files.txt 2009-01-26 10:55:20
Avant-CF: 32,392,814,592 octets libres
Après-CF: 32,379,789,312 octets libres
233 --- E O F --- 2009-01-15 07:45:10
Voici le rapport combofix
ComboFix 09-01-21.04 - PC1 2009-01-26 11:48:40.2 - NTFSx86
Lancé depuis: c:\documents and settings\PC1\Bureau\Nouveau dossier\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081222-0] *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *enabled*
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC1\Application Data\02000000394dfd39517C.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517O.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517P.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517S.manifest
c:\windows\GnuHashes.ini
c:\windows\system32\2.tmp
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
.
---- Exécution préalable -------
.
C:\Autorun.inf
c:\documents and settings\PC1\Application Data\02000000394dfd39517C.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517O.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517P.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517S.manifest
c:\documents and settings\PC1\new.txt
c:\program files\Altnet
c:\program files\Altnet\DBBackup\Sigfiles.db
c:\program files\Altnet\Download Manager\admdata.dll
c:\program files\Altnet\Download Manager\dminfo3.cab
c:\program files\Altnet\Download Manager\dminstall7.cab
c:\program files\Altnet\Download Manager\dmsetup.bmp
c:\program files\Altnet\Download Manager\dmsetupbig.bmp
c:\program files\Altnet\Download Manager\jsinstall.cab
c:\program files\Altnet\Download Manager\jslegals.txt
c:\program files\Altnet\Download Manager\selectdir.txt
c:\program files\Altnet\Download Manager\selectdir1st.txt
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\GnuHashes.ini
c:\windows\smdat32m.sys
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\32.crack.zip
c:\windows\system32\GroupPolicyManifest\32.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\33.video.zip
c:\windows\system32\GroupPolicyManifest\33.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\34.setup.zip
c:\windows\system32\GroupPolicyManifest\34.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\35.unpack.zip
c:\windows\system32\GroupPolicyManifest\35.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\36.keygen.zip
c:\windows\system32\GroupPolicyManifest\36.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\37.serial.zip
c:\windows\system32\GroupPolicyManifest\37.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\39.music.mp3
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
c:\windows\system32\hspvdhkfes.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.
2009-01-23 08:53 . 2009-01-26 09:31 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-23 08:53 . 2009-01-26 09:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 09:55 . 2009-01-22 09:55 373,760 --ahs---- c:\windows\system32\A2.tmp
2009-01-21 11:15 . 2009-01-21 11:15 <REP> d-------- c:\program files\CCleaner
2009-01-21 10:42 . 2009-01-21 10:42 47,584 --a------ c:\windows\system32\nwgtofhqcqhlecxd.exe
2009-01-21 09:54 . 2009-01-21 09:54 135,168 --a------ c:\windows\system32\ftsrch32.dll
2009-01-20 10:26 . 2009-01-20 10:26 <REP> d-------- c:\documents and settings\PC1\Application Data\BigFishv1002
2009-01-19 15:26 . 2009-01-19 15:26 <REP> d-------- c:\documents and settings\PC1\Application Data\Realv1001
2009-01-19 15:06 . 2009-01-19 15:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2009-01-16 10:57 . 2009-01-21 11:00 <REP> d-------- C:\My Games
2009-01-16 10:53 . 2009-01-21 17:47 <REP> d-------- C:\My Download Files
2009-01-15 16:33 . 2009-01-15 16:33 <REP> d-------- c:\documents and settings\All Users\Application Data\SpecialBit
2009-01-14 14:30 . 2009-01-14 14:30 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-14 14:30 . 2009-01-14 14:30 1,409 --a------ c:\windows\QTFont.for
2009-01-12 09:57 . 2009-01-12 09:57 <REP> d--hs---- c:\documents and settings\PC1\UserData
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\PC1\Application Data\blg
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\blg
2009-01-06 16:23 . 2009-01-06 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-06 11:12 . 2009-01-06 11:12 <REP> d-------- c:\documents and settings\All Users\Application Data\PlayPond
2009-01-06 08:28 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-06 08:27 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-01-06 08:26 . 2009-01-06 08:26 <REP> d-------- c:\windows\Logs
2009-01-05 08:55 . 2009-01-05 08:55 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 15:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-01-21 09:53 --------- d-----w c:\documents and settings\PC1\Application Data\LimeWire
2009-01-20 13:47 --------- d-----w c:\documents and settings\PC1\Application Data\Meridian93
2009-01-05 07:55 --------- d-----w c:\program files\Java
2008-12-23 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\AdventureChronicles1
2008-12-23 13:55 --------- d-----w c:\documents and settings\PC1\Application Data\Cat's Eye Games
2008-12-17 14:53 --------- d-----w c:\documents and settings\PC1\Application Data\PlayFirst
2008-12-17 14:53 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-11 16:38 --------- d-----w c:\documents and settings\PC1\Application Data\Shape games
2008-12-11 16:24 --------- d-----w c:\documents and settings\PC1\Application Data\Pogo Games
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\NeptunesAdve
2008-12-09 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze
2008-12-03 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Mushroom Age
2008-12-03 13:16 --------- d-----w c:\program files\Google
2008-11-27 10:43 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-27 10:43 --------- d-----w c:\program files\HPQ
2008-11-27 10:43 --------- d-----w c:\program files\HP
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-27 10:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 10:21 --------- d-----w c:\documents and settings\PC1\Application Data\GlarySoft
2008-04-23 08:23 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-03-05 09:31 0 ----a-w c:\program files\temp01
2007-07-10 08:00 0 ----a-w c:\documents and settings\PC1\Application Data\wklnhst.dat
2007-06-04 08:51 6,261,907 ----a-w c:\program files\install.exe
2007-06-04 06:50 5,823,256 ----a-w c:\program files\Firefox Setup 2.0.0.4.exe
2005-07-12 10:23 22,786,672 ----a-w c:\program files\iTunesSetup.exe
2008-10-08 12:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100820081009\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-11 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\b8594895517]
2009-01-21 09:54 135168 c:\windows\system32\ftsrch32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"6346:TCP"= 6346:TCP:SHAREAZA
"65091:TCP"= 65091:TCP:eMule_TCP
"16689:UDP"= 16689:UDP:eMule-UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2005-03-17 14156]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
.
Contenu du dossier 'Tâches planifiées'
2005-07-22 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - PC1.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-11-22 11:04]
2007-10-16 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{F76004AE-816A-CF4D-F0B9-A4196CC44D49} - c:\windows\system32\hspvdhkfes.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC1\Application Data\Mozilla\Firefox\Profiles\oodx1ci0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 11:52:33
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,3d,e9,40,75,85,88,74,c0,9c,7b,75,dd,0d,49,c2,dc,7e,73,65,10,f2,c3,
c4,c1,8d,03,09,66,46,99,33,b5,ba,f1,d2,3b,5b,66,9f,62,ce,7f,eb,27,fc,15,f3,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:36,2c,01,b1,5f,c7,0c,59,e6,e6,f9,47,e0,5e,8d,b2,9b,92,ec,56,1a,
e8,5e,62,05,34,1f,d0,fb,57,61,f3,78,c6,bf,d6,00,b5,3b,90,dc,0c,9e,a6,42,54,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(568)
c:\windows\System32\ftsrch32.dll
.
Heure de fin: 2009-01-26 11:55:28
ComboFix-quarantined-files.txt 2009-01-26 10:55:20
Avant-CF: 32,392,814,592 octets libres
Après-CF: 32,379,789,312 octets libres
233 --- E O F --- 2009-01-15 07:45:10
Bonjour,
Ci-dessous nouveau rapport HIJACKTHIS.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:32, on 27/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC1\Bureau\Nouveau dossier\abcde.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: b8594895517 - C:\WINDOWS\System32\ftsrch32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8340 bytes
Ci-dessous nouveau rapport HIJACKTHIS.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:32, on 27/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC1\Bureau\Nouveau dossier\abcde.exe.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: b8594895517 - C:\WINDOWS\System32\ftsrch32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 8340 bytes
Re,
Sélectionne l'intégralité du cadre ci-dessous :
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
![]()
Cela va relancer Combofix.
Tu devras accepter la licence.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Sélectionne l'intégralité du cadre ci-dessous :
File::
c:\windows\system32\nwgtofhqcqhlecxd.exe
c:\windows\system32\ftsrch32.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\b8594895517]
c:\windows\system32\nwgtofhqcqhlecxd.exe
c:\windows\system32\ftsrch32.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\b8594895517]
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Voila le nouveau rapport comme demandé. Alors sa donne quoi car moi je ne comprends pas tout, c'est grave ?
ComboFix 09-01-21.04 - PC1 2009-01-27 14:30:39.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.212 [GMT 1:00]
Lancé depuis: c:\documents and settings\PC1\Bureau\Nouveau dossier\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\PC1\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 081222-0] *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
c:\windows\system32\ftsrch32.dll
c:\windows\system32\nwgtofhqcqhlecxd.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC1\Application Data\02000000394dfd39517C.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517O.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517P.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517S.manifest
c:\windows\system32\ftsrch32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\32.crack.zip
c:\windows\system32\GroupPolicyManifest\32.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\33.video.zip
c:\windows\system32\GroupPolicyManifest\33.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\34.setup.zip
c:\windows\system32\GroupPolicyManifest\34.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\35.unpack.zip
c:\windows\system32\GroupPolicyManifest\35.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\36.keygen.zip
c:\windows\system32\GroupPolicyManifest\36.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\37.serial.zip
c:\windows\system32\GroupPolicyManifest\37.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\39.music.mp3
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
c:\windows\system32\nwgtofhqcqhlecxd.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
.
2009-01-27 14:26 . 2009-01-27 14:26 373,760 --ahs---- c:\windows\system32\4C.tmp
2009-01-23 08:53 . 2009-01-26 09:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 09:55 . 2009-01-22 09:55 373,760 --ahs---- c:\windows\system32\A2.tmp
2009-01-21 11:15 . 2009-01-21 11:15 <REP> d-------- c:\program files\CCleaner
2009-01-20 10:26 . 2009-01-20 10:26 <REP> d-------- c:\documents and settings\PC1\Application Data\BigFishv1002
2009-01-19 15:26 . 2009-01-19 15:26 <REP> d-------- c:\documents and settings\PC1\Application Data\Realv1001
2009-01-19 15:06 . 2009-01-19 15:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2009-01-16 10:53 . 2009-01-26 15:22 <REP> d-------- C:\My Download Files
2009-01-15 16:33 . 2009-01-15 16:33 <REP> d-------- c:\documents and settings\All Users\Application Data\SpecialBit
2009-01-14 14:30 . 2009-01-14 14:30 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-14 14:30 . 2009-01-14 14:30 1,409 --a------ c:\windows\QTFont.for
2009-01-12 09:57 . 2009-01-12 09:57 <REP> d--hs---- c:\documents and settings\PC1\UserData
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\PC1\Application Data\blg
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\blg
2009-01-06 16:23 . 2009-01-06 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-06 11:12 . 2009-01-06 11:12 <REP> d-------- c:\documents and settings\All Users\Application Data\PlayPond
2009-01-06 08:28 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-06 08:27 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-01-06 08:26 . 2009-01-06 08:26 <REP> d-------- c:\windows\Logs
2009-01-05 08:55 . 2009-01-05 08:55 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 09:02 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-21 15:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 09:53 --------- d-----w c:\documents and settings\PC1\Application Data\LimeWire
2009-01-20 13:47 --------- d-----w c:\documents and settings\PC1\Application Data\Meridian93
2009-01-05 07:55 --------- d-----w c:\program files\Java
2008-12-23 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\AdventureChronicles1
2008-12-23 13:55 --------- d-----w c:\documents and settings\PC1\Application Data\Cat's Eye Games
2008-12-17 14:53 --------- d-----w c:\documents and settings\PC1\Application Data\PlayFirst
2008-12-17 14:53 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-11 16:38 --------- d-----w c:\documents and settings\PC1\Application Data\Shape games
2008-12-11 16:24 --------- d-----w c:\documents and settings\PC1\Application Data\Pogo Games
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\NeptunesAdve
2008-12-09 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze
2008-12-03 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Mushroom Age
2008-12-03 13:16 --------- d-----w c:\program files\Google
2008-11-27 10:43 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-27 10:43 --------- d-----w c:\program files\HPQ
2008-11-27 10:43 --------- d-----w c:\program files\HP
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-27 10:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 10:21 --------- d-----w c:\documents and settings\PC1\Application Data\GlarySoft
2008-04-23 08:23 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-03-05 09:31 0 ----a-w c:\program files\temp01
2007-07-10 08:00 0 ----a-w c:\documents and settings\PC1\Application Data\wklnhst.dat
2007-06-04 08:51 6,261,907 ----a-w c:\program files\install.exe
2007-06-04 06:50 5,823,256 ----a-w c:\program files\Firefox Setup 2.0.0.4.exe
2005-07-12 10:23 22,786,672 ----a-w c:\program files\iTunesSetup.exe
2008-10-08 12:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100820081009\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-26_11.53.10.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-27 13:34:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_430.dat
+ 2009-01-27 13:34:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4dc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-11 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-08-04 58992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"6346:TCP"= 6346:TCP:SHAREAZA
"65091:TCP"= 65091:TCP:eMule_TCP
"16689:UDP"= 16689:UDP:eMule-UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2005-03-17 14156]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
.
Contenu du dossier 'Tâches planifiées'
2005-07-22 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - PC1.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-11-22 11:04]
2007-10-16 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 14:35:14
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,3d,e9,40,75,85,88,74,c0,9c,7b,75,dd,0d,49,c2,dc,7e,73,65,10,f2,c3,
c4,c1,8d,03,09,66,46,99,33,b5,ba,f1,d2,3b,5b,66,9f,62,ce,7f,eb,27,fc,15,f3,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:36,2c,01,b1,5f,c7,0c,59,e6,e6,f9,47,e0,5e,8d,b2,9b,92,ec,56,1a,
e8,5e,62,05,34,1f,d0,fb,57,61,f3,78,c6,bf,d6,00,b5,3b,90,dc,0c,9e,a6,42,54,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Heure de fin: 2009-01-27 14:42:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-27 13:42:02
ComboFix2.txt 2009-01-27 13:23:42
ComboFix3.txt 2009-01-26 10:55:30
Avant-CF: 33 882 513 408 octets libres
Après-CF: 33,872,560,128 octets libres
207 --- E O F --- 2009-01-15 07:45:10
ComboFix 09-01-21.04 - PC1 2009-01-27 14:30:39.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.212 [GMT 1:00]
Lancé depuis: c:\documents and settings\PC1\Bureau\Nouveau dossier\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\PC1\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 081222-0] *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
c:\windows\system32\ftsrch32.dll
c:\windows\system32\nwgtofhqcqhlecxd.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC1\Application Data\02000000394dfd39517C.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517O.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517P.manifest
c:\documents and settings\PC1\Application Data\02000000394dfd39517S.manifest
c:\windows\system32\ftsrch32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\32.crack.zip
c:\windows\system32\GroupPolicyManifest\32.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\33.video.zip
c:\windows\system32\GroupPolicyManifest\33.video.zip.kwd
c:\windows\system32\GroupPolicyManifest\34.setup.zip
c:\windows\system32\GroupPolicyManifest\34.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\35.unpack.zip
c:\windows\system32\GroupPolicyManifest\35.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\36.keygen.zip
c:\windows\system32\GroupPolicyManifest\36.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\37.serial.zip
c:\windows\system32\GroupPolicyManifest\37.serial.zip.kwd
c:\windows\system32\GroupPolicyManifest\39.music.mp3
c:\windows\system32\GroupPolicyManifest\39.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\40.mpgvideo.mpg.kwd
c:\windows\system32\nwgtofhqcqhlecxd.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
.
2009-01-27 14:26 . 2009-01-27 14:26 373,760 --ahs---- c:\windows\system32\4C.tmp
2009-01-23 08:53 . 2009-01-26 09:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-22 09:55 . 2009-01-22 09:55 373,760 --ahs---- c:\windows\system32\A2.tmp
2009-01-21 11:15 . 2009-01-21 11:15 <REP> d-------- c:\program files\CCleaner
2009-01-20 10:26 . 2009-01-20 10:26 <REP> d-------- c:\documents and settings\PC1\Application Data\BigFishv1002
2009-01-19 15:26 . 2009-01-19 15:26 <REP> d-------- c:\documents and settings\PC1\Application Data\Realv1001
2009-01-19 15:06 . 2009-01-19 15:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2009-01-16 10:53 . 2009-01-26 15:22 <REP> d-------- C:\My Download Files
2009-01-15 16:33 . 2009-01-15 16:33 <REP> d-------- c:\documents and settings\All Users\Application Data\SpecialBit
2009-01-14 14:30 . 2009-01-14 14:30 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-14 14:30 . 2009-01-14 14:30 1,409 --a------ c:\windows\QTFont.for
2009-01-12 09:57 . 2009-01-12 09:57 <REP> d--hs---- c:\documents and settings\PC1\UserData
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\PC1\Application Data\blg
2009-01-09 10:18 . 2009-01-09 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\blg
2009-01-06 16:23 . 2009-01-06 16:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-06 11:12 . 2009-01-06 11:12 <REP> d-------- c:\documents and settings\All Users\Application Data\PlayPond
2009-01-06 08:28 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-01-06 08:27 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-01-06 08:26 . 2009-01-06 08:26 <REP> d-------- c:\windows\Logs
2009-01-05 08:55 . 2009-01-05 08:55 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 09:02 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-21 15:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 09:53 --------- d-----w c:\documents and settings\PC1\Application Data\LimeWire
2009-01-20 13:47 --------- d-----w c:\documents and settings\PC1\Application Data\Meridian93
2009-01-05 07:55 --------- d-----w c:\program files\Java
2008-12-23 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\AdventureChronicles1
2008-12-23 13:55 --------- d-----w c:\documents and settings\PC1\Application Data\Cat's Eye Games
2008-12-17 14:53 --------- d-----w c:\documents and settings\PC1\Application Data\PlayFirst
2008-12-17 14:53 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-11 16:38 --------- d-----w c:\documents and settings\PC1\Application Data\Shape games
2008-12-11 16:24 --------- d-----w c:\documents and settings\PC1\Application Data\Pogo Games
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\NeptunesAdve
2008-12-09 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Alawar Stargaze
2008-12-03 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\Mushroom Age
2008-12-03 13:16 --------- d-----w c:\program files\Google
2008-11-27 10:43 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-27 10:43 --------- d-----w c:\program files\HPQ
2008-11-27 10:43 --------- d-----w c:\program files\HP
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-27 10:43 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-11-27 10:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 10:21 --------- d-----w c:\documents and settings\PC1\Application Data\GlarySoft
2008-04-23 08:23 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-03-05 09:31 0 ----a-w c:\program files\temp01
2007-07-10 08:00 0 ----a-w c:\documents and settings\PC1\Application Data\wklnhst.dat
2007-06-04 08:51 6,261,907 ----a-w c:\program files\install.exe
2007-06-04 06:50 5,823,256 ----a-w c:\program files\Firefox Setup 2.0.0.4.exe
2005-07-12 10:23 22,786,672 ----a-w c:\program files\iTunesSetup.exe
2008-10-08 12:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100820081009\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-26_11.53.10.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-27 13:34:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_430.dat
+ 2009-01-27 13:34:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4dc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-11 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-08-04 58992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:UDP"= 6346:UDP:shareaza
"6346:TCP"= 6346:TCP:SHAREAZA
"65091:TCP"= 65091:TCP:eMule_TCP
"16689:UDP"= 16689:UDP:eMule-UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2005-03-17 14156]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-31 20560]
.
Contenu du dossier 'Tâches planifiées'
2005-07-22 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur - PC1.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-11-22 11:04]
2007-10-16 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 14:35:14
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:38,3d,e9,40,75,85,88,74,c0,9c,7b,75,dd,0d,49,c2,dc,7e,73,65,10,f2,c3,
c4,c1,8d,03,09,66,46,99,33,b5,ba,f1,d2,3b,5b,66,9f,62,ce,7f,eb,27,fc,15,f3,\
"??"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_USERS\S-1-5-21-1454471165-602162358-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:36,2c,01,b1,5f,c7,0c,59,e6,e6,f9,47,e0,5e,8d,b2,9b,92,ec,56,1a,
e8,5e,62,05,34,1f,d0,fb,57,61,f3,78,c6,bf,d6,00,b5,3b,90,dc,0c,9e,a6,42,54,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Symantec Shared\CCSETMGR.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Heure de fin: 2009-01-27 14:42:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-27 13:42:02
ComboFix2.txt 2009-01-27 13:23:42
ComboFix3.txt 2009-01-26 10:55:30
Avant-CF: 33 882 513 408 octets libres
Après-CF: 33,872,560,128 octets libres
207 --- E O F --- 2009-01-15 07:45:10
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide : Comment utiliser MBAM.
Comment faire démarrer son ordinateur en mode sans échec.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide :
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumAnalyse de mon rapport hijackthis svp
- ForumSvp analyse de mon rapport hijack
- ForumDemande analyse rapport svp
- ForumAnalyse de rapport hjt svp
- ForumAnalyse de mon rapport hijack svp
- ForumAnalyse rapport navilog svp
- ForumAnalyse rapport rsit svp
- ForumAnalyse rapport smitfraudfix svp
- ForumAnalyse de rapport navilog svp
- ForumAnalyse rapport hijackthis svp -
- Voir plus
