[Résolu] Keylogger
Dernière réponse : dans Sécurité
Bonjour,
Je me tourne vers vous pour un problème de sécurité sur mon PC.
En effet, je me suis récemment fait hacker mon Compte WoW et je suis maintenant sûr que mon PC contient un keylogger vu que je n'ai pas divulgué mon pass ou autre.
Le soucis est que j'ai effectué une analyse avec Antivir et une avec Ad Aware mais aucun des deux ne trouvent le keylogger en question.
Pourriez-vous m'aider pour me débarrasser de ce virus ?
Merci bien,
Cordialement
Je me tourne vers vous pour un problème de sécurité sur mon PC.
En effet, je me suis récemment fait hacker mon Compte WoW et je suis maintenant sûr que mon PC contient un keylogger vu que je n'ai pas divulgué mon pass ou autre.
Le soucis est que j'ai effectué une analyse avec Antivir et une avec Ad Aware mais aucun des deux ne trouvent le keylogger en question.
Pourriez-vous m'aider pour me débarrasser de ce virus ?
Merci bien,
Cordialement
Autres pages sur : resolu keylogger
Lassé par la pub ? Créez un compte
Bonsoir
1
Télécharge![]()
DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
++
****
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php – clic sur « Download EXE » et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t’aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
Une fois lancé, fais un clic droit sur le fond blanc (comme ci-dessus) et clic sur « Only Non MS files »
Clic en bas à droite sur le bouton « Scan » pour lancer le scan.
![]()
Lorsque le scan est terminé, clic sur « Copy »
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
1
Télécharge
DDS et sauvegarde-le sur ton bureau.<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
++
****
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php – clic sur « Download EXE » et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t’aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clic sur le fichier GMER téléchargé.
Une fois lancé, fais un clic droit sur le fond blanc (comme ci-dessus) et clic sur « Only Non MS files »
Clic en bas à droite sur le bouton « Scan » pour lancer le scan.
Lorsque le scan est terminé, clic sur « Copy »
Ouvre le bloc-note et clic sur le Menu Edition / Coller
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
Bonjour,
Merci de votre aide, voilà les 2 scans :
DDS :
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Guiguess at 12:01:44 on 2011-06-15
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.502 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\World of Warcraft\WoW.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SiSRaid] d:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\wirele~1.lnk - d:\program files\wireless lan driver and utility\RtWLan.exe
IE: E&xporter vers Microsoft Excel - d:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288434054826
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{18D14F67-0070-4D31-B6DE-8C7B544307AF} : DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 213.239.206.138 l2authd.lineage2.com #Harmonie Server
Hosts: 213.239.206.138 l2testauthd.lineage2.com #Harmonie Server
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\guiguess\application data\mozilla\firefox\profiles\94kpnys0.default\
FF - component: d:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: d:\program files\ma-config.com\nphardwaredetection.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2011-6-14 64512]
R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-10-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\avira\antivir desktop\sched.exe [2010-10-30 136360]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-10-30 269480]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-10-30 61960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2151128]
R3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [2010-10-30 187392]
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [2010-10-30 13532]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [2011-3-23 311744]
.
=============== Created Last 30 ================
.
2011-06-14 15:43:12 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-06-14 09:54:52 781272 ----a-w- d:\program files\mozilla firefox\mozsqlite3.dll
2011-06-14 09:54:52 1874904 ----a-w- d:\program files\mozilla firefox\mozjs.dll
2011-06-14 09:54:51 89048 ----a-w- d:\program files\mozilla firefox\libEGL.dll
2011-06-14 09:54:51 465880 ----a-w- d:\program files\mozilla firefox\libGLESv2.dll
2011-06-14 09:54:51 15832 ----a-w- d:\program files\mozilla firefox\mozalloc.dll
2011-06-14 09:54:50 1892184 ----a-w- d:\program files\mozilla firefox\d3dx9_42.dll
2011-06-14 09:54:49 1974616 ----a-w- d:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-14 09:54:49 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
2011-06-14 09:32:07 -------- d-----w- d:\windows\system32\NtmsData
2011-06-14 09:21:37 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-06-14 09:04:47 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-06-14 09:04:23 -------- d-----w- d:\program files\Lavasoft
2011-06-06 13:16:17 33104 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 13:16:17 32656 ----a-w- d:\windows\system32\msonpmon.dll
2011-06-06 13:02:20 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2011-06-06 13:01:34 -------- d-----w- d:\windows\SHELLNEW
2011-06-06 13:01:14 -------- d-----w- d:\documents and settings\guiguess\local settings\application data\Microsoft Help
2011-05-29 10:30:16 -------- d-----w- d:\documents and settings\guiguess\application data\go
2011-05-29 10:29:54 -------- d-----w- d:\documents and settings\all users\application data\Easybits GO
2011-05-20 21:32:57 -------- d-----w- d:\documents and settings\guiguess\application data\TS3Client
2011-05-20 21:31:38 -------- d-----w- d:\program files\TeamSpeak 3 Client
.
==================== Find3M ====================
.
2011-03-21 17:56:22 59904 ----a-w- d:\windows\system32\OVDecode.dll
2011-03-21 17:56:06 51712 ----a-w- d:\windows\system32\OpenCL.dll
2011-03-21 17:55:46 12385792 ----a-w- d:\windows\system32\amdocl.dll
.
============= FINISH: 12:02:22,46 ===============
GMER :
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 12:06:21
Windows 5.1.2600 Service Pack 3
Running: 3kr0sgvb.exe; Driver: D:\DOCUME~1\Guiguess\LOCALS~1\Temp\pwrcqpod.sys
---- Modules - GMER 1.0.15 ----
Module SiSRaid.sys (SiS RAID Miniport Driver/Silicon Integrated Systems) BA0F8000-BA104000 (49152 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) BA128000-BA137000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B91B4000-B9846000 (6889472 bytes)
Module \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) B8D8E000-B917D000 (4124672 bytes)
Module \SystemRoot\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) BA3C0000-BA3C8000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) B8C10000-B8D46000 (1269760 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BA3E8000-BA3ED000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) BA440000-BA446000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) B083E000-B0864000 (155648 bytes)
Module \??\D:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) BA5E2000-BA5E4000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\RTL8187.sys (Realtek RTL8187 NDIS Driver/Realtek Semiconductor Corporation ) B07EC000-B081A000 (188416 bytes)
Module \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.) BF012000-BF060000 (319488 bytes)
Module \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.) BF060000-BF130000 (851968 bytes)
Module \SystemRoot\System32\atikvmag.dll (Virtual Command And Memory Manager/ATI Technologies Inc.) BF130000-BF1DF000 (716800 bytes)
Module \SystemRoot\System32\atiok3x2.dll (Ring 0 x2 component/Advanced Micro Devices, Inc.) BF1DF000-BF25C000 (512000 bytes)
Module \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. ) BF25C000-BF651000 (4149248 bytes)
Module \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/Advanced Micro Devices, Inc. ) BF9C6000-BFC55000 (2682880 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF651000-BF698000 (290816 bytes)
Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) AE446000-AE45B000 (86016 bytes)
Module \SystemRoot\System32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) BA408000-BA40D000 (20480 bytes)
Module \??\D:\WINDOWS\System32\Drivers\SjyPkt.sys (Sample NDIS 5.0 Protocol Driver/Windows (R) 2000 DDK provider) AD544000-AD548000 (16384 bytes)
Module \??\D:\DOCUME~1\Guiguess\LOCALS~1\Temp\mbr.sys BA410000-BA417000 (28672 bytes)
Module \??\D:\DOCUME~1\Guiguess\LOCALS~1\Temp\pwrcqpod.sys (GMER) ABFCB000-ABFE4000 (102400 bytes)
---- Processes - GMER 1.0.15 ----
Process D:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 248
Library D:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00990000
Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00D60000
Process D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 360
Library D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x10000000
Library D:\Program Files\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x00B90000
Library D:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x00CF0000
Library D:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00D10000
Process D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 644
Library D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\libdb44.dll (Berkeley DB 4.4 DLL/Sleepycat Software) 0x13000000
Library D:\Program Files\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH) 0x10000000
Library D:\Program Files\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x00D40000
Library D:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x00D50000
Library D:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00D70000
Library D:\Program Files\Avira\AntiVir Desktop\avsmtp.dll (Antivirus email sender library/Avira GmbH) 0x00F00000
Library D:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH) 0x00F60000
Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01EA0000
Library D:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH) 0x00EE0000
Library D:\Program Files\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01090000
Library D:\Program Files\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x010E0000
Library D:\Program Files\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01110000
Library D:\Program Files\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x012B0000
Library D:\Program Files\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x014E0000
Library D:\Program Files\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01550000
Library D:\Program Files\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01600000
Library D:\Program Files\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x016A0000
Library D:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01700000
Library D:\Program Files\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01750000
Library D:\Program Files\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01AD0000
Library D:\Program Files\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01B20000
Library D:\Program Files\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01BA0000
Library D:\Program Files\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01C20000
Process D:\WINDOWS\system32\winlogon.exe (Application d'ouverture de session Windows NT/Microsoft Corporation) 764
Library D:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x10000000
Library D:\WINDOWS\system32\atiadlxx.dll (ADL/Advanced Micro Devices, Inc.) 0x010D0000
Process D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 984
Library D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library D:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x003C0000
Library D:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
Process D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1528
Library D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library D:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00CA0000
Library D:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
Library D:\WINDOWS\system32\ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x00CD0000
Library D:\WINDOWS\system32\atiadlxx.dll (ADL/Advanced Micro Devices, Inc.) 0x00D10000
Process D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH) 1588
Library D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x10000000
Process D:\Documents and Settings\Guiguess\Mes documents\Téléchargements\3kr0sgvb.exe 1656
Library D:\Documents and Settings\Guiguess\Mes documents\Téléchargements\3kr0sgvb.exe 0x00400000
Process D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) 1704
Library D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) 0x00400000
Library D:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll 0x10000000
Library D:\Program Files\Lavasoft\Ad-Aware\Resources.dll (Resource DLL /Lavasoft Limited) 0x00BA0000
Library D:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll (License solution (desktop edition) /Lavasoft Limited) 0x014A0000
Library D:\Program Files\Lavasoft\Ad-Aware\ceapi.dll (CEAPI Dynamic Link Library /Lavasoft Limited) 0x02150000
Library D:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll 0x02300000
Library D:\Program Files\Lavasoft\Ad-Aware\SBTE.dll (Threat Engine Dynamic Link Library/Sunbelt Software) 0x02380000
Library D:\Program Files\Lavasoft\Ad-Aware\Vipre.dll 0x024F0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll 0x0F600000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll 0x0F800000
Library D:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll (Messaging system for client notification delivery /Lavasoft Limited) 0x04C70000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll 0x051A0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll 0x0EC00000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll 0x053D0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll 0x05A30000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll 0x05BD0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll 0x05C30000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll 0x05CE0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll 0x0EE00000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll 0x05D60000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll 0x0F000000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll 0x05F00000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll 0x05F60000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll 0x0F200000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll 0x0F400000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw 0x07210000
Process D:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1900
Library D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (SBSD IE Protection/Safer Networking Limited) 0x02F00000
Library D:\Program Files\WinRAR\rarext.dll 0x03AA0000
Library D:\Program Files\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH) 0x03B50000
Library D:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll (Shell Extension /Lavasoft Limited) 0x03C20000
Library D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (AMD Desktop Control Panel/Advanced Micro Devices, Inc.) 0x03E00000
Library D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll (AMD Desktop Control Panel/Advanced Micro Devices, Inc.) 0x03C00000
Process D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 2148
Library D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll (Antivirus Control Center Common Worker Library/Avira GmbH) 0x10000000
Library d:\program files\avira\antivir desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x003E0000
Library d:\program files\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00B10000
Library d:\program files\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00C10000
Library d:\program files\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00E20000
Library d:\program files\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00EB0000
Library d:\program files\avira\antivir desktop\ccgrdw.dll (Control Center Guard Worker Plugin/Avira GmbH) 0x00EC0000
Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00EF0000
Library d:\program files\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x00F20000
Library d:\program files\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x00F90000
Library d:\program files\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x011D0000
Library d:\program files\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x01200000
Library d:\program files\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH) 0x01210000
Library d:\program files\avira\antivir desktop\ccmsgrc.dll (Control Center MSG Plugin Resources/Avira GmbH) 0x01280000
Library D:\Program Files\Avira\AntiVir Desktop\rcimage.dll (Avira AntiVir PersonalEdition Classic Master Resource File (English)/Avira GmbH) 0x015A0000
Library d:\program files\avira\antivir desktop\ccmainrc.dll (Control Center Resources/Avira GmbH) 0x00FA0000
Process D:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Office Word/Microsoft Corporation) 2156
Library D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSPTLS.DLL 0x6BDC0000
Process D:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 2304
Library D:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 0x00400000
Process D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 2324
Library D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 0x00400000
Process D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe (SiS Windows Raid Utility/Silicon Integrated Systems Corp.) 2368
Library D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe (SiS Windows Raid Utility/Silicon Integrated Systems Corp.) 0x00400000
Process D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 2504
Library D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 0x00400000
Library D:\Program Files\Spybot - Search & Destroy\advcheck.dll (Dateiüberprüfungs-Bibliothek/Safer-Networking Ltd.) 0x05780000
Process D:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation) 2524
Library D:\Program Files\Windows Live\Messenger\MSIMG32.dll (Loader for Messenger Plus! Live/Yuna Software) 0x26000000
Library D:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) 0x28000000
Library D:\Program Files\Messenger Plus! Live\Detoured.dll 0x0F000000
Library D:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll (Messenger Plus! Live Resources/Yuna Software) 0x29000000
Library D:\WINDOWS\system32\msdmo.dll 0x73600000
Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2732
Library D:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x5A1F0000
Process D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe (RtWLan ( For Win98/ME/2K ) Application/Realtek Semiconductor Corp.) 2792
Library D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe (RtWLan ( For Win98/ME/2K ) Application/Realtek Semiconductor Corp.) 0x00400000
Library D:\Program Files\Wireless LAN Driver and Utility\EnumDevLib.dll 0x10000000
Library D:\Program Files\Wireless LAN Driver and Utility\RtlLib.dll (RtlLib DLL/Realtek Semiconductor Corp.) 0x00340000
Library D:\Program Files\Wireless LAN Driver and Utility\acAuth.dll 0x004C0000
Library D:\Program Files\Wireless LAN Driver and Utility\IpLib.dll (TODO: <File description>/TODO: <Company name>) 0x00380000
Process D:\Program Files\World of Warcraft\WoW.exe (World of Warcraft Retail/Blizzard Entertainment) 3196
Library D:\Program Files\World of Warcraft\WoW.exe (World of Warcraft Retail/Blizzard Entertainment) 0x00400000
Library D:\Program Files\World of Warcraft\Battle.net.dll (Battle.net Client Library/Blizzard Entertainment) 0x3C8F0000
Process D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft Limited) 3800
Library D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft Limited) 0x00400000
Library D:\Program Files\Lavasoft\Ad-Aware\Resources.dll (Resource DLL /Lavasoft Limited) 0x10000000
---- Services - GMER 1.0.15 ----
Service D:\WINDOWS\System32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) [AUTO] AegisP
Service D:\WINDOWS\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) [MANUAL] AgereSoftModem
Service D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM
Service D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller
Service D:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart
Service D:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
Service Atierecord
Service D:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service D:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service D:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) [SYSTEM] avipbb
Service D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (Driver NT Ma-Config.com/CybelSoft) [MANUAL] driverhardwarev2
Service D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) [AUTO] Lavasoft Ad-Aware Service
Service D:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [MANUAL] Lavasoft Kernexplorer
Service D:\WINDOWS\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service D:\Program Files\ma-config.com\maconfservice.exe (Service de détection matériel/CybelSoft) [MANUAL] maconfservice
Service MSDTC Bridge 3.0.0.0
Service Outlook
Service D:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service D:\WINDOWS\system32\DRIVERS\RTL8187.sys (Realtek RTL8187 NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTLWUSB
Service D:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service D:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNIC
Service D:\WINDOWS\system32\DRIVERS\SiSRaid.sys (SiS RAID Miniport Driver/Silicon Integrated Systems) [BOOT] SiSRaid
Service D:\WINDOWS\System32\Drivers\SjyPkt.sys (Sample NDIS 5.0 Protocol Driver/Windows (R) 2000 DDK provider) [MANUAL] SjyPkt
Service SMSvcHost 3.0.0.0
Service D:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service Windows Workflow Foundation 3.0.0.0
---- EOF - GMER 1.0.15 ----
Merci de votre aide, voilà les 2 scans :
DDS :
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Guiguess at 12:01:44 on 2011-06-15
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.502 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\World of Warcraft\WoW.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Microsoft Office\Office12\WINWORD.EXE
D:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "d:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SiSRaid] d:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\wirele~1.lnk - d:\program files\wireless lan driver and utility\RtWLan.exe
IE: E&xporter vers Microsoft Excel - d:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1288434054826
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{18D14F67-0070-4D31-B6DE-8C7B544307AF} : DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - d:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 213.239.206.138 l2authd.lineage2.com #Harmonie Server
Hosts: 213.239.206.138 l2testauthd.lineage2.com #Harmonie Server
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\guiguess\application data\mozilla\firefox\profiles\94kpnys0.default\
FF - component: d:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: d:\program files\ma-config.com\nphardwaredetection.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [2011-6-14 64512]
R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2010-10-30 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\avira\antivir desktop\sched.exe [2010-10-30 136360]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2010-10-30 269480]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2010-10-30 61960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\lavasoft\ad-aware\AAWService.exe [2011-5-25 2151128]
R3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [2010-10-30 187392]
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [2010-10-30 13532]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-5-25 15232]
S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [2011-3-23 311744]
.
=============== Created Last 30 ================
.
2011-06-14 15:43:12 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-06-14 09:54:52 781272 ----a-w- d:\program files\mozilla firefox\mozsqlite3.dll
2011-06-14 09:54:52 1874904 ----a-w- d:\program files\mozilla firefox\mozjs.dll
2011-06-14 09:54:51 89048 ----a-w- d:\program files\mozilla firefox\libEGL.dll
2011-06-14 09:54:51 465880 ----a-w- d:\program files\mozilla firefox\libGLESv2.dll
2011-06-14 09:54:51 15832 ----a-w- d:\program files\mozilla firefox\mozalloc.dll
2011-06-14 09:54:50 1892184 ----a-w- d:\program files\mozilla firefox\d3dx9_42.dll
2011-06-14 09:54:49 1974616 ----a-w- d:\program files\mozilla firefox\D3DCompiler_42.dll
2011-06-14 09:54:49 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
2011-06-14 09:32:07 -------- d-----w- d:\windows\system32\NtmsData
2011-06-14 09:21:37 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-06-14 09:04:47 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-06-14 09:04:23 -------- d-----w- d:\program files\Lavasoft
2011-06-06 13:16:17 33104 ----a-w- d:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 13:16:17 32656 ----a-w- d:\windows\system32\msonpmon.dll
2011-06-06 13:02:20 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2011-06-06 13:01:34 -------- d-----w- d:\windows\SHELLNEW
2011-06-06 13:01:14 -------- d-----w- d:\documents and settings\guiguess\local settings\application data\Microsoft Help
2011-05-29 10:30:16 -------- d-----w- d:\documents and settings\guiguess\application data\go
2011-05-29 10:29:54 -------- d-----w- d:\documents and settings\all users\application data\Easybits GO
2011-05-20 21:32:57 -------- d-----w- d:\documents and settings\guiguess\application data\TS3Client
2011-05-20 21:31:38 -------- d-----w- d:\program files\TeamSpeak 3 Client
.
==================== Find3M ====================
.
2011-03-21 17:56:22 59904 ----a-w- d:\windows\system32\OVDecode.dll
2011-03-21 17:56:06 51712 ----a-w- d:\windows\system32\OpenCL.dll
2011-03-21 17:55:46 12385792 ----a-w- d:\windows\system32\amdocl.dll
.
============= FINISH: 12:02:22,46 ===============
GMER :
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 12:06:21
Windows 5.1.2600 Service Pack 3
Running: 3kr0sgvb.exe; Driver: D:\DOCUME~1\Guiguess\LOCALS~1\Temp\pwrcqpod.sys
---- Modules - GMER 1.0.15 ----
Module SiSRaid.sys (SiS RAID Miniport Driver/Silicon Integrated Systems) BA0F8000-BA104000 (49152 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) BA128000-BA137000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B91B4000-B9846000 (6889472 bytes)
Module \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) B8D8E000-B917D000 (4124672 bytes)
Module \SystemRoot\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) BA3C0000-BA3C8000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) B8C10000-B8D46000 (1269760 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) BA3E8000-BA3ED000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) BA440000-BA446000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) B083E000-B0864000 (155648 bytes)
Module \??\D:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) BA5E2000-BA5E4000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\RTL8187.sys (Realtek RTL8187 NDIS Driver/Realtek Semiconductor Corporation ) B07EC000-B081A000 (188416 bytes)
Module \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.) BF012000-BF060000 (319488 bytes)
Module \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.) BF060000-BF130000 (851968 bytes)
Module \SystemRoot\System32\atikvmag.dll (Virtual Command And Memory Manager/ATI Technologies Inc.) BF130000-BF1DF000 (716800 bytes)
Module \SystemRoot\System32\atiok3x2.dll (Ring 0 x2 component/Advanced Micro Devices, Inc.) BF1DF000-BF25C000 (512000 bytes)
Module \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. ) BF25C000-BF651000 (4149248 bytes)
Module \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/Advanced Micro Devices, Inc. ) BF9C6000-BFC55000 (2682880 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF651000-BF698000 (290816 bytes)
Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) AE446000-AE45B000 (86016 bytes)
Module \SystemRoot\System32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) BA408000-BA40D000 (20480 bytes)
Module \??\D:\WINDOWS\System32\Drivers\SjyPkt.sys (Sample NDIS 5.0 Protocol Driver/Windows (R) 2000 DDK provider) AD544000-AD548000 (16384 bytes)
Module \??\D:\DOCUME~1\Guiguess\LOCALS~1\Temp\mbr.sys BA410000-BA417000 (28672 bytes)
Module \??\D:\DOCUME~1\Guiguess\LOCALS~1\Temp\pwrcqpod.sys (GMER) ABFCB000-ABFE4000 (102400 bytes)
---- Processes - GMER 1.0.15 ----
Process D:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 248
Library D:\WINDOWS\system32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00990000
Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library D:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x00D60000
Process D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 360
Library D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH) 0x10000000
Library D:\Program Files\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH) 0x00B90000
Library D:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x00CF0000
Library D:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00D10000
Process D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 644
Library D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\libdb44.dll (Berkeley DB 4.4 DLL/Sleepycat Software) 0x13000000
Library D:\Program Files\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH) 0x10000000
Library D:\Program Files\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH) 0x00D40000
Library D:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x00D50000
Library D:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 0x00D70000
Library D:\Program Files\Avira\AntiVir Desktop\avsmtp.dll (Antivirus email sender library/Avira GmbH) 0x00F00000
Library D:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH) 0x00F60000
Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x01EA0000
Library D:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH) 0x00EE0000
Library D:\Program Files\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01090000
Library D:\Program Files\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x010E0000
Library D:\Program Files\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01110000
Library D:\Program Files\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x012B0000
Library D:\Program Files\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x014E0000
Library D:\Program Files\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01550000
Library D:\Program Files\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01600000
Library D:\Program Files\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software) 0x016A0000
Library D:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01700000
Library D:\Program Files\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01750000
Library D:\Program Files\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01AD0000
Library D:\Program Files\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01B20000
Library D:\Program Files\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01BA0000
Library D:\Program Files\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH) 0x01C20000
Process D:\WINDOWS\system32\winlogon.exe (Application d'ouverture de session Windows NT/Microsoft Corporation) 764
Library D:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x10000000
Library D:\WINDOWS\system32\atiadlxx.dll (ADL/Advanced Micro Devices, Inc.) 0x010D0000
Process D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 984
Library D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library D:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x003C0000
Library D:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
Process D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 1528
Library D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library D:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00CA0000
Library D:\WINDOWS\system32\atipdlxx.dll (ATI Desktop CWDDEDI DLL/ATI Technologies, Inc.) 0x10000000
Library D:\WINDOWS\system32\ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x00CD0000
Library D:\WINDOWS\system32\atiadlxx.dll (ADL/Advanced Micro Devices, Inc.) 0x00D10000
Process D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH) 1588
Library D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x10000000
Process D:\Documents and Settings\Guiguess\Mes documents\Téléchargements\3kr0sgvb.exe 1656
Library D:\Documents and Settings\Guiguess\Mes documents\Téléchargements\3kr0sgvb.exe 0x00400000
Process D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) 1704
Library D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) 0x00400000
Library D:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll 0x10000000
Library D:\Program Files\Lavasoft\Ad-Aware\Resources.dll (Resource DLL /Lavasoft Limited) 0x00BA0000
Library D:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll (License solution (desktop edition) /Lavasoft Limited) 0x014A0000
Library D:\Program Files\Lavasoft\Ad-Aware\ceapi.dll (CEAPI Dynamic Link Library /Lavasoft Limited) 0x02150000
Library D:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll 0x02300000
Library D:\Program Files\Lavasoft\Ad-Aware\SBTE.dll (Threat Engine Dynamic Link Library/Sunbelt Software) 0x02380000
Library D:\Program Files\Lavasoft\Ad-Aware\Vipre.dll 0x024F0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll 0x0F600000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll 0x0F800000
Library D:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll (Messaging system for client notification delivery /Lavasoft Limited) 0x04C70000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll 0x051A0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll 0x0EC00000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll 0x053D0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll 0x05A30000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll 0x05BD0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll 0x05C30000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll 0x05CE0000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll 0x0EE00000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll 0x05D60000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll 0x0F000000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll 0x05F00000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll 0x05F60000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll 0x0F200000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll 0x0F400000
Library D:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw 0x07210000
Process D:\WINDOWS\Explorer.EXE (Explorateur Windows/Microsoft Corporation) 1900
Library D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (SBSD IE Protection/Safer Networking Limited) 0x02F00000
Library D:\Program Files\WinRAR\rarext.dll 0x03AA0000
Library D:\Program Files\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH) 0x03B50000
Library D:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll (Shell Extension /Lavasoft Limited) 0x03C20000
Library D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (AMD Desktop Control Panel/Advanced Micro Devices, Inc.) 0x03E00000
Library D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll (AMD Desktop Control Panel/Advanced Micro Devices, Inc.) 0x03C00000
Process D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 2148
Library D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH) 0x00400000
Library D:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll (Antivirus Control Center Common Worker Library/Avira GmbH) 0x10000000
Library d:\program files\avira\antivir desktop\cfglib.dll (Antivirus configuration library/Avira GmbH) 0x003E0000
Library d:\program files\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH) 0x00B10000
Library d:\program files\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH) 0x00C10000
Library d:\program files\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH) 0x00E20000
Library d:\program files\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH) 0x00EB0000
Library d:\program files\avira\antivir desktop\ccgrdw.dll (Control Center Guard Worker Plugin/Avira GmbH) 0x00EC0000
Library D:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH) 0x00EF0000
Library d:\program files\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH) 0x00F20000
Library d:\program files\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH) 0x00F90000
Library d:\program files\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH) 0x011D0000
Library d:\program files\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH) 0x01200000
Library d:\program files\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH) 0x01210000
Library d:\program files\avira\antivir desktop\ccmsgrc.dll (Control Center MSG Plugin Resources/Avira GmbH) 0x01280000
Library D:\Program Files\Avira\AntiVir Desktop\rcimage.dll (Avira AntiVir PersonalEdition Classic Master Resource File (English)/Avira GmbH) 0x015A0000
Library d:\program files\avira\antivir desktop\ccmainrc.dll (Control Center Resources/Avira GmbH) 0x00FA0000
Process D:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Office Word/Microsoft Corporation) 2156
Library D:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSPTLS.DLL 0x6BDC0000
Process D:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 2304
Library D:\WINDOWS\AGRSMMSG.exe (SoftModem Messaging Applet/Agere Systems) 0x00400000
Process D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 2324
Library D:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.) 0x00400000
Process D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe (SiS Windows Raid Utility/Silicon Integrated Systems Corp.) 2368
Library D:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe (SiS Windows Raid Utility/Silicon Integrated Systems Corp.) 0x00400000
Process D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 2504
Library D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (System settings protector/Safer-Networking Ltd.) 0x00400000
Library D:\Program Files\Spybot - Search & Destroy\advcheck.dll (Dateiüberprüfungs-Bibliothek/Safer-Networking Ltd.) 0x05780000
Process D:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation) 2524
Library D:\Program Files\Windows Live\Messenger\MSIMG32.dll (Loader for Messenger Plus! Live/Yuna Software) 0x26000000
Library D:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x753C0000
Library D:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) 0x28000000
Library D:\Program Files\Messenger Plus! Live\Detoured.dll 0x0F000000
Library D:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll (Messenger Plus! Live Resources/Yuna Software) 0x29000000
Library D:\WINDOWS\system32\msdmo.dll 0x73600000
Process D:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 2732
Library D:\WINDOWS\System32\strmfilt.dll (Stream Filter Library/Microsoft Corporation) 0x5A1F0000
Process D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe (RtWLan ( For Win98/ME/2K ) Application/Realtek Semiconductor Corp.) 2792
Library D:\Program Files\Wireless LAN Driver and Utility\RtWLan.exe (RtWLan ( For Win98/ME/2K ) Application/Realtek Semiconductor Corp.) 0x00400000
Library D:\Program Files\Wireless LAN Driver and Utility\EnumDevLib.dll 0x10000000
Library D:\Program Files\Wireless LAN Driver and Utility\RtlLib.dll (RtlLib DLL/Realtek Semiconductor Corp.) 0x00340000
Library D:\Program Files\Wireless LAN Driver and Utility\acAuth.dll 0x004C0000
Library D:\Program Files\Wireless LAN Driver and Utility\IpLib.dll (TODO: <File description>/TODO: <Company name>) 0x00380000
Process D:\Program Files\World of Warcraft\WoW.exe (World of Warcraft Retail/Blizzard Entertainment) 3196
Library D:\Program Files\World of Warcraft\WoW.exe (World of Warcraft Retail/Blizzard Entertainment) 0x00400000
Library D:\Program Files\World of Warcraft\Battle.net.dll (Battle.net Client Library/Blizzard Entertainment) 0x3C8F0000
Process D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft Limited) 3800
Library D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Ad-Aware Tray Application/Lavasoft Limited) 0x00400000
Library D:\Program Files\Lavasoft\Ad-Aware\Resources.dll (Resource DLL /Lavasoft Limited) 0x10000000
---- Services - GMER 1.0.15 ----
Service D:\WINDOWS\System32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Cisco Systems, Inc.) [AUTO] AegisP
Service D:\WINDOWS\system32\DRIVERS\AGRSM.sys (SoftModem Device Driver/Agere Systems) [MANUAL] AgereSoftModem
Service D:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.) [MANUAL] ALCXWDM
Service D:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service D:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller
Service D:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart
Service D:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
Service Atierecord
Service D:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service D:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service D:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH) [SYSTEM] avipbb
Service D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (Driver NT Ma-Config.com/CybelSoft) [MANUAL] driverhardwarev2
Service D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) [AUTO] Lavasoft Ad-Aware Service
Service D:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [MANUAL] Lavasoft Kernexplorer
Service D:\WINDOWS\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service D:\Program Files\ma-config.com\maconfservice.exe (Service de détection matériel/CybelSoft) [MANUAL] maconfservice
Service MSDTC Bridge 3.0.0.0
Service Outlook
Service D:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service D:\WINDOWS\system32\DRIVERS\RTL8187.sys (Realtek RTL8187 NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTLWUSB
Service D:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service D:\WINDOWS\System32\DRIVERS\sisnic.sys (SiS PCI Fast Ethernet Adapter Driver/SiS Corporation) [MANUAL] SISNIC
Service D:\WINDOWS\system32\DRIVERS\SiSRaid.sys (SiS RAID Miniport Driver/Silicon Integrated Systems) [BOOT] SiSRaid
Service D:\WINDOWS\System32\Drivers\SjyPkt.sys (Sample NDIS 5.0 Protocol Driver/Windows (R) 2000 DDK provider) [MANUAL] SjyPkt
Service SMSvcHost 3.0.0.0
Service D:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service Windows Workflow Foundation 3.0.0.0
---- EOF - GMER 1.0.15 ----
Bonsoir
j'avais un doute sur:
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [2010-10-30 13532]
mais apparemment c'est propre:
http://www.file.net/process/sjypkt.sys.html
et en plus Gmer n'a pas coinqué dessus.
On va faire une routine avec Combofix, mais à mon avis, c'est propre.
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :![]()
Combofix
Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
+++++++++++++++++++++
j'avais un doute sur:
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [2010-10-30 13532]
mais apparemment c'est propre:
http://www.file.net/process/sjypkt.sys.html
et en plus Gmer n'a pas coinqué dessus.
On va faire une routine avec Combofix, mais à mon avis, c'est propre.
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
Combofix Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
+++++++++++++++++++++
Merci de votre aide !
Je ne sais pas si c'est réellement propre encore, j'ai eu une nouvelle tentative de hack...
ComboFix 11-06-17.04 - Guiguess 18/06/2011 13:13:03.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1180 [GMT 2:00]
Lancé depuis: d:\documents and settings\Guiguess\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
D:\Install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-18 au 2011-06-18 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-15 13:28 . 2011-06-15 16:36 -------- d-----w- d:\windows\SxsCaPendDel
2011-06-15 09:19 . 2011-04-21 13:37 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2011-06-14 15:43 . 2011-06-14 09:21 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-06-14 09:54 . 2011-06-14 09:54 781272 ----a-w- d:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-14 09:54 . 2011-06-14 09:54 1874904 ----a-w- d:\program files\Mozilla Firefox\mozjs.dll
2011-06-14 09:54 . 2011-06-14 09:54 89048 ----a-w- d:\program files\Mozilla Firefox\libEGL.dll
2011-06-14 09:54 . 2011-06-14 09:54 465880 ----a-w- d:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-14 09:54 . 2011-06-14 09:54 15832 ----a-w- d:\program files\Mozilla Firefox\mozalloc.dll
2011-06-14 09:54 . 2011-06-14 09:54 1892184 ----a-w- d:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 1974616 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-14 09:42 . 2011-06-14 09:42 -------- d-----r- d:\documents and settings\LocalService\Favoris
2011-06-14 09:32 . 2011-06-14 14:16 -------- d-----w- d:\windows\system32\NtmsData
2011-06-14 09:21 . 2011-06-14 09:21 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-06-14 09:04 . 2011-05-25 00:00 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\program files\Lavasoft
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2011-06-06 13:16 . 2008-11-10 09:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2011-06-06 13:16 . 2006-10-26 17:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 13:11 . 2011-06-08 00:26 -------- d-----w- d:\program files\Microsoft Works
2011-06-06 13:07 . 2011-06-06 13:07 -------- d-----w- d:\program files\Microsoft.NET
2011-06-06 13:02 . 2011-06-06 13:02 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2011-06-06 13:01 . 2011-06-06 13:09 -------- d-----w- d:\windows\SHELLNEW
2011-06-06 13:01 . 2011-06-06 13:01 -------- d-----w- d:\documents and settings\Guiguess\Local Settings\Application Data\Microsoft Help
2011-06-06 13:01 . 2011-06-15 13:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-06 13:00 . 2011-06-06 13:00 -------- d-----r- D:\MSOCache
2011-05-29 10:30 . 2011-06-18 10:57 -------- d-----w- d:\documents and settings\Guiguess\Application Data\go
2011-05-29 10:29 . 2011-06-18 11:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Easybits GO
2011-05-20 21:32 . 2011-05-21 01:03 -------- d-----w- d:\documents and settings\Guiguess\Application Data\TS3Client
2011-05-20 21:31 . 2011-05-20 21:32 -------- d-----w- d:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2010-10-28 12:38 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-09-28 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2001-09-28 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:06 . 2001-09-28 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2001-09-28 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-10-30 11:12 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37 . 2001-09-28 12:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
2011-04-02 10:37 . 2010-10-30 11:20 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- d:\windows\system32\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- d:\windows\system32\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- d:\windows\system32\amdocl.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="d:\program files\Steam\Steam.exe" [2010-12-24 1242448]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SiSRaid"="d:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 389120]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless LAN Utility.lnk - d:\program files\Wireless LAN Driver and Utility\RtWLan.exe [2010-10-30 729088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Documents and Settings\\Guiguess\\Mes documents\\Games\\Riot Games\\League of Legends\\lol.launcher.exe"=
"d:\\Program Files\\Heroes of Newerth\\hon.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [14/06/2011 11:04 64512]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [30/10/2010 13:20 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [25/05/2011 02:00 2151128]
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [30/10/2010 15:11 13532]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [25/05/2011 02:00 15232]
S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [23/03/2011 10:25 311744]
S3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [30/10/2010 15:11 187392]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SJYPKT
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-18 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Guiguess\Application Data\Mozilla\Firefox\Profiles\94kpnys0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
.
Heure de fin: 2011-06-18 13:19:13
ComboFix-quarantined-files.txt 2011-06-18 11:18
.
Avant-CF: 56 189 759 488 octets libres
Après-CF: 56 542 978 048 octets libres
.
- - End Of File - - 286B441324BD4444F438CE9B972038A7
Je ne sais pas si c'est réellement propre encore, j'ai eu une nouvelle tentative de hack...
ComboFix 11-06-17.04 - Guiguess 18/06/2011 13:13:03.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1180 [GMT 2:00]
Lancé depuis: d:\documents and settings\Guiguess\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
D:\Install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-18 au 2011-06-18 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-15 13:28 . 2011-06-15 16:36 -------- d-----w- d:\windows\SxsCaPendDel
2011-06-15 09:19 . 2011-04-21 13:37 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2011-06-14 15:43 . 2011-06-14 09:21 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-06-14 09:54 . 2011-06-14 09:54 781272 ----a-w- d:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-14 09:54 . 2011-06-14 09:54 1874904 ----a-w- d:\program files\Mozilla Firefox\mozjs.dll
2011-06-14 09:54 . 2011-06-14 09:54 89048 ----a-w- d:\program files\Mozilla Firefox\libEGL.dll
2011-06-14 09:54 . 2011-06-14 09:54 465880 ----a-w- d:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-14 09:54 . 2011-06-14 09:54 15832 ----a-w- d:\program files\Mozilla Firefox\mozalloc.dll
2011-06-14 09:54 . 2011-06-14 09:54 1892184 ----a-w- d:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 1974616 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-14 09:42 . 2011-06-14 09:42 -------- d-----r- d:\documents and settings\LocalService\Favoris
2011-06-14 09:32 . 2011-06-14 14:16 -------- d-----w- d:\windows\system32\NtmsData
2011-06-14 09:21 . 2011-06-14 09:21 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-06-14 09:04 . 2011-05-25 00:00 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\program files\Lavasoft
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2011-06-06 13:16 . 2008-11-10 09:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2011-06-06 13:16 . 2006-10-26 17:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 13:11 . 2011-06-08 00:26 -------- d-----w- d:\program files\Microsoft Works
2011-06-06 13:07 . 2011-06-06 13:07 -------- d-----w- d:\program files\Microsoft.NET
2011-06-06 13:02 . 2011-06-06 13:02 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2011-06-06 13:01 . 2011-06-06 13:09 -------- d-----w- d:\windows\SHELLNEW
2011-06-06 13:01 . 2011-06-06 13:01 -------- d-----w- d:\documents and settings\Guiguess\Local Settings\Application Data\Microsoft Help
2011-06-06 13:01 . 2011-06-15 13:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-06 13:00 . 2011-06-06 13:00 -------- d-----r- D:\MSOCache
2011-05-29 10:30 . 2011-06-18 10:57 -------- d-----w- d:\documents and settings\Guiguess\Application Data\go
2011-05-29 10:29 . 2011-06-18 11:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Easybits GO
2011-05-20 21:32 . 2011-05-21 01:03 -------- d-----w- d:\documents and settings\Guiguess\Application Data\TS3Client
2011-05-20 21:31 . 2011-05-20 21:32 -------- d-----w- d:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2010-10-28 12:38 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-09-28 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2001-09-28 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:06 . 2001-09-28 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2001-09-28 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-10-30 11:12 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37 . 2001-09-28 12:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
2011-04-02 10:37 . 2010-10-30 11:20 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- d:\windows\system32\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- d:\windows\system32\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- d:\windows\system32\amdocl.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="d:\program files\Steam\Steam.exe" [2010-12-24 1242448]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SiSRaid"="d:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 389120]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless LAN Utility.lnk - d:\program files\Wireless LAN Driver and Utility\RtWLan.exe [2010-10-30 729088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Documents and Settings\\Guiguess\\Mes documents\\Games\\Riot Games\\League of Legends\\lol.launcher.exe"=
"d:\\Program Files\\Heroes of Newerth\\hon.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [14/06/2011 11:04 64512]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [30/10/2010 13:20 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [25/05/2011 02:00 2151128]
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [30/10/2010 15:11 13532]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [25/05/2011 02:00 15232]
S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [23/03/2011 10:25 311744]
S3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [30/10/2010 15:11 187392]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SJYPKT
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-18 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Guiguess\Application Data\Mozilla\Firefox\Profiles\94kpnys0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
.
Heure de fin: 2011-06-18 13:19:13
ComboFix-quarantined-files.txt 2011-06-18 11:18
.
Avant-CF: 56 189 759 488 octets libres
Après-CF: 56 542 978 048 octets libres
.
- - End Of File - - 286B441324BD4444F438CE9B972038A7
ComboFix 11-06-17.04 - Guiguess 18/06/2011 13:13:03.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1180 [GMT 2:00]
Lancé depuis: d:\documents and settings\Guiguess\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
D:\Install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-18 au 2011-06-18 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-15 13:28 . 2011-06-15 16:36 -------- d-----w- d:\windows\SxsCaPendDel
2011-06-15 09:19 . 2011-04-21 13:37 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2011-06-14 15:43 . 2011-06-14 09:21 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-06-14 09:54 . 2011-06-14 09:54 781272 ----a-w- d:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-14 09:54 . 2011-06-14 09:54 1874904 ----a-w- d:\program files\Mozilla Firefox\mozjs.dll
2011-06-14 09:54 . 2011-06-14 09:54 89048 ----a-w- d:\program files\Mozilla Firefox\libEGL.dll
2011-06-14 09:54 . 2011-06-14 09:54 465880 ----a-w- d:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-14 09:54 . 2011-06-14 09:54 15832 ----a-w- d:\program files\Mozilla Firefox\mozalloc.dll
2011-06-14 09:54 . 2011-06-14 09:54 1892184 ----a-w- d:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 1974616 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-14 09:42 . 2011-06-14 09:42 -------- d-----r- d:\documents and settings\LocalService\Favoris
2011-06-14 09:32 . 2011-06-14 14:16 -------- d-----w- d:\windows\system32\NtmsData
2011-06-14 09:21 . 2011-06-14 09:21 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-06-14 09:04 . 2011-05-25 00:00 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\program files\Lavasoft
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2011-06-06 13:16 . 2008-11-10 09:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2011-06-06 13:16 . 2006-10-26 17:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 13:11 . 2011-06-08 00:26 -------- d-----w- d:\program files\Microsoft Works
2011-06-06 13:07 . 2011-06-06 13:07 -------- d-----w- d:\program files\Microsoft.NET
2011-06-06 13:02 . 2011-06-06 13:02 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2011-06-06 13:01 . 2011-06-06 13:09 -------- d-----w- d:\windows\SHELLNEW
2011-06-06 13:01 . 2011-06-06 13:01 -------- d-----w- d:\documents and settings\Guiguess\Local Settings\Application Data\Microsoft Help
2011-06-06 13:01 . 2011-06-15 13:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-06 13:00 . 2011-06-06 13:00 -------- d-----r- D:\MSOCache
2011-05-29 10:30 . 2011-06-18 10:57 -------- d-----w- d:\documents and settings\Guiguess\Application Data\go
2011-05-29 10:29 . 2011-06-18 11:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Easybits GO
2011-05-20 21:32 . 2011-05-21 01:03 -------- d-----w- d:\documents and settings\Guiguess\Application Data\TS3Client
2011-05-20 21:31 . 2011-05-20 21:32 -------- d-----w- d:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2010-10-28 12:38 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-09-28 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2001-09-28 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:06 . 2001-09-28 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2001-09-28 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-10-30 11:12 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37 . 2001-09-28 12:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
2011-04-02 10:37 . 2010-10-30 11:20 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- d:\windows\system32\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- d:\windows\system32\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- d:\windows\system32\amdocl.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="d:\program files\Steam\Steam.exe" [2010-12-24 1242448]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SiSRaid"="d:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 389120]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless LAN Utility.lnk - d:\program files\Wireless LAN Driver and Utility\RtWLan.exe [2010-10-30 729088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Documents and Settings\\Guiguess\\Mes documents\\Games\\Riot Games\\League of Legends\\lol.launcher.exe"=
"d:\\Program Files\\Heroes of Newerth\\hon.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [14/06/2011 11:04 64512]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [30/10/2010 13:20 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [25/05/2011 02:00 2151128]
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [30/10/2010 15:11 13532]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [25/05/2011 02:00 15232]
S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [23/03/2011 10:25 311744]
S3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [30/10/2010 15:11 187392]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SJYPKT
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-18 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Guiguess\Application Data\Mozilla\Firefox\Profiles\94kpnys0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
.
Heure de fin: 2011-06-18 13:19:13
ComboFix-quarantined-files.txt 2011-06-18 11:18
.
Avant-CF: 56 189 759 488 octets libres
Après-CF: 56 542 978 048 octets libres
.
- - End Of File - - 286B441324BD4444F438CE9B972038A7
C'est pas ça ?
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1180 [GMT 2:00]
Lancé depuis: d:\documents and settings\Guiguess\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
D:\Install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-18 au 2011-06-18 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-15 13:28 . 2011-06-15 16:36 -------- d-----w- d:\windows\SxsCaPendDel
2011-06-15 09:19 . 2011-04-21 13:37 105472 -c----w- d:\windows\system32\dllcache\mup.sys
2011-06-14 15:43 . 2011-06-14 09:21 16432 ----a-w- d:\windows\system32\lsdelete.exe
2011-06-14 09:54 . 2011-06-14 09:54 781272 ----a-w- d:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-14 09:54 . 2011-06-14 09:54 1874904 ----a-w- d:\program files\Mozilla Firefox\mozjs.dll
2011-06-14 09:54 . 2011-06-14 09:54 89048 ----a-w- d:\program files\Mozilla Firefox\libEGL.dll
2011-06-14 09:54 . 2011-06-14 09:54 465880 ----a-w- d:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-14 09:54 . 2011-06-14 09:54 15832 ----a-w- d:\program files\Mozilla Firefox\mozalloc.dll
2011-06-14 09:54 . 2011-06-14 09:54 1892184 ----a-w- d:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 1974616 ----a-w- d:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-14 09:42 . 2011-06-14 09:42 -------- d-----r- d:\documents and settings\LocalService\Favoris
2011-06-14 09:32 . 2011-06-14 14:16 -------- d-----w- d:\windows\system32\NtmsData
2011-06-14 09:21 . 2011-06-14 09:21 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2011-06-14 09:04 . 2011-05-25 00:00 64512 ----a-w- d:\windows\system32\drivers\Lbd.sys
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\program files\Lavasoft
2011-06-14 09:04 . 2011-06-14 09:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2011-06-06 13:16 . 2008-11-10 09:41 32656 ----a-w- d:\windows\system32\msonpmon.dll
2011-06-06 13:16 . 2006-10-26 17:56 33104 ----a-w- d:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-06-06 13:11 . 2011-06-08 00:26 -------- d-----w- d:\program files\Microsoft Works
2011-06-06 13:07 . 2011-06-06 13:07 -------- d-----w- d:\program files\Microsoft.NET
2011-06-06 13:02 . 2011-06-06 13:02 -------- d-----w- d:\program files\Microsoft Visual Studio 8
2011-06-06 13:01 . 2011-06-06 13:09 -------- d-----w- d:\windows\SHELLNEW
2011-06-06 13:01 . 2011-06-06 13:01 -------- d-----w- d:\documents and settings\Guiguess\Local Settings\Application Data\Microsoft Help
2011-06-06 13:01 . 2011-06-15 13:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-06 13:00 . 2011-06-06 13:00 -------- d-----r- D:\MSOCache
2011-05-29 10:30 . 2011-06-18 10:57 -------- d-----w- d:\documents and settings\Guiguess\Application Data\go
2011-05-29 10:29 . 2011-06-18 11:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Easybits GO
2011-05-20 21:32 . 2011-05-21 01:03 -------- d-----w- d:\documents and settings\Guiguess\Application Data\TS3Client
2011-05-20 21:31 . 2011-05-20 21:32 -------- d-----w- d:\program files\TeamSpeak 3 Client
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2010-10-28 12:38 692736 ----a-w- d:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-09-28 12:00 456320 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2001-09-28 12:00 916480 ----a-w- d:\windows\system32\wininet.dll
2011-04-25 16:06 . 2001-09-28 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2001-09-28 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-10-30 11:12 385024 ----a-w- d:\windows\system32\html.iec
2011-04-21 13:37 . 2001-09-28 12:00 105472 ----a-w- d:\windows\system32\drivers\mup.sys
2011-04-02 10:37 . 2010-10-30 11:20 137656 ----a-w- d:\windows\system32\drivers\avipbb.sys
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- d:\windows\system32\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- d:\windows\system32\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- d:\windows\system32\amdocl.dll
2011-06-14 09:54 . 2011-06-14 09:54 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="d:\program files\Steam\Steam.exe" [2010-12-24 1242448]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SiSRaid"="d:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2007-01-18 389120]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Wireless LAN Utility.lnk - d:\program files\Wireless LAN Driver and Utility\RtWLan.exe [2010-10-30 729088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Documents and Settings\\Guiguess\\Mes documents\\Games\\Riot Games\\League of Legends\\lol.launcher.exe"=
"d:\\Program Files\\Heroes of Newerth\\hon.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6903:TCP"= 6903:TCP:League of Legends Launcher
"6903:UDP"= 6903:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"6959:TCP"= 6959:TCP:League of Legends Launcher
"6959:UDP"= 6959:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 Lbd;Lbd;d:\windows\system32\drivers\Lbd.sys [14/06/2011 11:04 64512]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [30/10/2010 13:20 136360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [25/05/2011 02:00 2151128]
R3 SjyPkt;SjyPkt;d:\windows\system32\drivers\SjyPkt.sys [30/10/2010 15:11 13532]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [25/05/2011 02:00 15232]
S3 maconfservice;Ma-Config Service;d:\program files\ma-config.com\maconfservice.exe [23/03/2011 10:25 311744]
S3 RTLWUSB;802.11g USB 2.0 Wireless LAN Adapter;d:\windows\system32\drivers\RTL8187.sys [30/10/2010 15:11 187392]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SJYPKT
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-18 d:\windows\Tasks\Ad-Aware Update (Weekly).job
- d:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 00:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Guiguess\Application Data\Mozilla\Firefox\Profiles\94kpnys0.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\atiadlxx.dll
.
Heure de fin: 2011-06-18 13:19:13
ComboFix-quarantined-files.txt 2011-06-18 11:18
.
Avant-CF: 56 189 759 488 octets libres
Après-CF: 56 542 978 048 octets libres
.
- - End Of File - - 286B441324BD4444F438CE9B972038A7
C'est pas ça ?
Supprime/Désinstalle tous les programmes utilisés pour la désinfection.
(mais garde Malwarebytes' Anti-Malware pour faire des scan réguliers (en n'omettant pas de le mettre à jour)
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Lire aussi:
~Clique, sur ton premier message, sur le bouton "Editer"
et marque [résolu] dans le titre.Clique ensuite sur "Valider votre message"
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
+++
Lassé par la pub ? Créez un compte
