Aller au contenu

kaponitch

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    5

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par kaponitch

  1. kaponitch
    Tout est rentré dans l'ordre grace à ton aide, très professionnelle et rapide ! C'est vraiment fluide maintenant, grand merci ! Kap.
  2. kaponitch
    Aucun fichier (htm et/ou zip) autre que le log n'a été généré (voir log ci-dessous). Dois-je réessayer ? Faut-il un autre CFScript.txt ou réessaye-je avec le dernier que tu m'as transmis ? Merci d'avance. Je vais probablement m'absenter mais je serai de retour lundi Très bon WE et grand merci pour ton aide. Kap. ============ ComboFix 08-06-11.7 - Robert Freaks 2008-06-13 17:04:16.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1501 [GMT 2:00] Endroit: C:\Documents and Settings\Robert Freaks\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Robert Freaks\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\evwkdejh.ini C:\WINDOWS\system32\hgGwTNec.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\evwkdejh.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))))))) . 2008-06-13 16:36 . 2008-06-13 16:36 <REP> d-------- C:\WINDOWS\LastGood 2008-06-13 16:05 . 2008-06-13 16:05 <REP> d-------- C:\HJT 2008-06-13 14:24 . 2008-06-13 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-11 10:23 . 2008-06-11 10:23 <REP> d-------- C:\Program Files\Lavasoft 2008-06-11 10:23 . 2008-06-11 10:23 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-11 10:23 . 2008-06-11 10:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-10 17:40 . 2008-06-10 17:40 <REP> d-------- C:\Program Files\Adblock Pro 2008-06-10 17:40 . 2008-06-10 17:40 <REP> d-------- C:\Documents and Settings\Robert Freaks\Application Data\Adblock Pro 2008-06-10 16:22 . 2008-06-10 16:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-06 14:51 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll 2008-06-05 14:29 . 2008-06-05 14:29 164 --a------ C:\WINDOWS\SnapKey.cfg 2008-06-05 11:52 . 2008-06-05 11:52 <REP> d-------- C:\Documents and Settings\Robert Freaks\Application Data\Mobipocket 2008-06-05 10:32 . 2008-06-05 10:32 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-05-30 16:27 . 2008-05-30 16:27 <REP> d-------- C:\Program Files\ESET 2008-05-30 16:27 . 2008-05-30 16:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-05-28 15:17 . 2008-05-28 15:17 <REP> d-------- C:\Documents and Settings\Robert Freaks\Application Data\Anonymizer 2008-05-28 15:16 . 2008-05-28 15:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer 2008-05-24 15:04 . 2004-08-05 14:00 49,536 --a------ C:\WINDOWS\system32\drivers\a16vo8vr.sys 2008-05-21 21:52 . 2004-08-05 14:00 49,536 --a------ C:\WINDOWS\system32\drivers\ar87mxv1.sys 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-07 09:49 --------- d-----w C:\Program Files\uTorrent 2008-04-29 11:51 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-04-29 10:07 --------- d-----w C:\Documents and Settings\Robert Freaks\Application Data\Xerox 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-28 15:34 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-28 15:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-04-17 09:40 --------- d-----w C:\Documents and Settings\Robert Freaks\Application Data\Vso 2008-04-17 08:40 --------- d-----w C:\Documents and Settings\Robert Freaks\Application Data\vmntoolbar 2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys 2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-03-29 03:53 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll 2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-03-29 03:44 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-03-29 03:13 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-03-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-03-25 17:39 17,330,511 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_24_14_12_51_full.dmp.zip 2008-03-25 17:38 116,511 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_24_14_12_34_small.dmp.zip 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-23 16:21 17,269,980 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_03_20_17_06_08_full.dmp.zip 2008-03-23 16:20 114,980 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_20_17_05_44_small.dmp.zip 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2007-11-25 20:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-11-17 00:06 636,114 --sh--w C:\WINDOWS\msagent\cr3mp.bak2 2006-11-17 12:55 643,932 --sh--w C:\WINDOWS\msagent\cr3mp.ini2 2006-11-12 18:38 1,021,419 --sh--w C:\WINDOWS\msagent\cr3mp.bak1 . ((((((((((((((((((((((((((((( snapshot@2008-06-13_16.32.48.13 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F385C231-605B-4d8f-ACA9-DBFF765BBE17}] 2008-04-07 07:37 458752 --a------ C:\Program Files\Adblock Pro\AdblockPro.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NB Probe"="" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 23:23 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20 1024000] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 06:29 102400] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48 86016] "WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2002-12-20 15:22 24576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "RegistryMechanic"="" [] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 05:39 14850560 C:\WINDOWS\RTHDCPL.EXE] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-28 17:33 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll "VIDC.VP40"= vp4vfw.dll "vidc.yv12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS ChkMail.lnk] backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Robert Freaks^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk] backup=C:\WINDOWS\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe] --a------ 2005-07-27 17:07 765952 C:\Program Files\ASUS\NB Probe\NBProbe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-28 17:33 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console] --a------ 2005-07-22 14:36 57344 C:\Program Files\ASUS\Wireless Console\wcourier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "\\\\ACER-BBF60584A3\\Wolfenstein\\ET.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 16:26] R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 16:26] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys [] S3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e938fb9-8653-11dc-ace1-0015004726f4}] \Shell\Auto\command - KM.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{771e306e-3487-11dc-accc-0015004726f4}] \Shell\AutoRun\command - H:\launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a334a1ea-eedb-11dc-ad06-0015004726f4}] \Shell\Auto\command - KM.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab82fecc-a32d-11db-ac53-0015004726f4}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abb319b1-e476-11dc-ad01-0015004726f4}] \Shell\Auto\command - KM.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7778de4-e5b9-11da-ab8a-0015004726f4}] \Shell\AutoRun\command - I:\AutoRunMorrowind.exe \Shell\install\command - I:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e926b5b1-1cb8-11db-abb7-0015004726f4}] \Shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5ded1c-9433-11db-ac42-0015004726f4}] \Shell\AutoRun\command - E:\LaunchU3.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 17:05:11 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-13 17:05:30 ComboFix-quarantined-files.txt 2008-06-13 15:05:30 ComboFix2.txt 2008-06-13 14:33:12 Pre-Run: 22,487,859,200 octets libres Post-Run: 22,493,757,440 octets libres 209 --- E O F --- 2008-06-10 15:52:20
  3. kaponitch
    Le voici ! Merci beaucoup de ton aide et de la précision de tes instructions. ComboFix 08-06-11.7 - Robert Freaks 2008-06-13 16:19:42.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1437 [GMT 2:00] Endroit: C:\Documents and Settings\Robert Freaks\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Robert Freaks\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\dndvfobd.dll C:\WINDOWS\system32\lowgadro.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMebf07f68.xml C:\WINDOWS\Fonts\CALIBRIB.TTF C:\WINDOWS\pskt.ini C:\WINDOWS\system32\apefycpa.dll C:\WINDOWS\system32\bhgggskx.dll C:\WINDOWS\system32\ceNTwGgh.ini C:\WINDOWS\system32\ceNTwGgh.ini2 C:\WINDOWS\system32\ddccArss.dll C:\WINDOWS\system32\dndvfobd.dll C:\WINDOWS\system32\efjpvddu.ini C:\WINDOWS\system32\elptqhyn.ini C:\WINDOWS\system32\fntyhkxx.ini C:\WINDOWS\system32\gcgarrmu.ini C:\WINDOWS\system32\hnwmgakj.dll C:\WINDOWS\system32\ikfgpyiw.dll C:\WINDOWS\system32\ioicyyem.ini C:\WINDOWS\system32\kbcbocod.ini C:\WINDOWS\system32\knvmwjuf.dll C:\WINDOWS\system32\lowgadro.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mnxqghps.ini C:\WINDOWS\system32\oilwisxv.ini C:\WINDOWS\system32\ordagwol.ini C:\WINDOWS\system32\qjobwjsq.ini C:\WINDOWS\system32\qsjwbojq.dll C:\WINDOWS\system32\rbkkliev.ini C:\WINDOWS\system32\ssrAccdd.ini C:\WINDOWS\system32\ssrAccdd.ini2 C:\WINDOWS\system32\vjpfaare.dll C:\WINDOWS\system32\wprufyho.ini C:\WINDOWS\system32\wvUoPfFY.dll C:\WINDOWS\system32\ykjndysp.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))))))) . 2008-06-13 16:05 . 2008-06-13 16:05 <REP> d-------- C:\HJT 2008-06-13 14:24 . 2008-06-13 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-11 10:23 . 2008-06-11 10:23 <REP> d-------- C:\Program Files\Lavasoft 2008-06-11 10:23 . 2008-06-11 10:23 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-11 10:23 . 2008-06-11 10:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-10 17:40 . 2008-06-10 17:40 <REP> d-------- C:\Program Files\Adblock Pro 2008-06-10 17:40 . 2008-06-10 17:40 <REP> d-------- C:\Documents and Settings\Robert Freaks\Application Data\Adblock Pro 2008-06-10 16:22 . 2008-06-10 16:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-10 01:43 . 2008-06-10 10:04 354 ---hs---- C:\WINDOWS\system32\evwkdejh.ini 2008-06-06 14:51 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll 2008-06-05 14:29 . 2008-06-05 14:29 164 --a------ C:\WINDOWS\SnapKey.cfg 2008-06-05 11:52 . 2008-06-05 11:52 <REP> d-------- C:\Documents and Settings\Robert Freaks\Application Data\Mobipocket 2008-06-05 10:32 . 2008-06-05 10:32 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-05-30 16:27 . 2008-05-30 16:27 <REP> d-------- C:\Program Files\ESET 2008-05-30 16:27 . 2008-05-30 16:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-05-28 15:17 . 2008-05-28 15:17 <REP> d-------- C:\Documents and Settings\Robert Freaks\Application Data\Anonymizer 2008-05-28 15:16 . 2008-05-28 15:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer 2008-05-24 15:04 . 2004-08-05 14:00 49,536 --a------ C:\WINDOWS\system32\drivers\a16vo8vr.sys 2008-05-21 21:52 . 2004-08-05 14:00 49,536 --a------ C:\WINDOWS\system32\drivers\ar87mxv1.sys 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-07 09:49 --------- d-----w C:\Program Files\uTorrent 2008-04-29 11:51 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-04-29 10:07 --------- d-----w C:\Documents and Settings\Robert Freaks\Application Data\Xerox 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-28 15:34 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-28 15:33 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-04-17 09:40 --------- d-----w C:\Documents and Settings\Robert Freaks\Application Data\Vso 2008-04-17 08:40 --------- d-----w C:\Documents and Settings\Robert Freaks\Application Data\vmntoolbar 2008-03-29 06:21 2,873,856 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys 2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-03-29 03:53 6,221,824 ----a-w C:\WINDOWS\system32\Atioglgl.dll 2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-03-29 03:44 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-03-29 03:13 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-03-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2007-11-25 20:29 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2006-11-17 00:06 636,114 --sh--w C:\WINDOWS\msagent\cr3mp.bak2 2006-11-17 12:55 643,932 --sh--w C:\WINDOWS\msagent\cr3mp.ini2 2006-11-12 18:38 1,021,419 --sh--w C:\WINDOWS\msagent\cr3mp.bak1 . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41C23517-EE79-4BF5-A261-209A05E9E09A}] C:\WINDOWS\system32\hgGwTNec.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F385C231-605B-4d8f-ACA9-DBFF765BBE17}] 2008-04-07 07:37 458752 --a------ C:\Program Files\Adblock Pro\AdblockPro.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NB Probe"="" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 23:23 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20 1024000] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 06:29 102400] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00 98304] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48 86016] "WooCnxMon"="C:\PROGRA~1\WANADOO\CnxMon.exe" [2002-12-20 15:22 24576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "RegistryMechanic"="" [] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 05:39 14850560 C:\WINDOWS\RTHDCPL.EXE] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-28 17:33 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pm3rc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32] winghy32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll "VIDC.VP40"= vp4vfw.dll "vidc.yv12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS ChkMail.lnk] backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Robert Freaks^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk] backup=C:\WINDOWS\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe] --a------ 2005-07-27 17:07 765952 C:\Program Files\ASUS\NB Probe\NBProbe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-04-28 17:33 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console] --a------ 2005-07-22 14:36 57344 C:\Program Files\ASUS\Wireless Console\wcourier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zshutdown] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "\\\\ACER-BBF60584A3\\Wolfenstein\\ET.exe"= "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 16:26] R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 16:26] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys [] S3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e938fb9-8653-11dc-ace1-0015004726f4}] \Shell\Auto\command - KM.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{771e306e-3487-11dc-accc-0015004726f4}] \Shell\AutoRun\command - H:\launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a334a1ea-eedb-11dc-ad06-0015004726f4}] \Shell\Auto\command - KM.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab82fecc-a32d-11db-ac53-0015004726f4}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abb319b1-e476-11dc-ad01-0015004726f4}] \Shell\Auto\command - KM.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7778de4-e5b9-11da-ab8a-0015004726f4}] \Shell\AutoRun\command - I:\AutoRunMorrowind.exe \Shell\install\command - I:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e926b5b1-1cb8-11db-abb7-0015004726f4}] \Shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee5ded1c-9433-11db-ac42-0015004726f4}] \Shell\AutoRun\command - E:\LaunchU3.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 16:29:21 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-13 16:33:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-13 14:33:06 Pre-Run: 17,323,261,952 octets libres Post-Run: 22,635,347,968 octets libres 261 --- E O F --- 2008-06-10 15:52:20
  4. kaponitch
    Merci de ton aide. C'est parti ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06:05, on 13/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\PROGRA~1\WANADOO\CnxMon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\HJT\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\WANADOO\CnxMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\Xerox\EReg\EReg.exe" /Startup O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [e8c34cf4] rundll32.exe "C:\WINDOWS\system32\lowgadro.dll",b O4 - HKLM\..\Run: [bMebf07f68] Rundll32.exe "C:\WINDOWS\system32\dndvfobd.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html O8 - Extra context menu item: &Bloquer cette image (ABP) - C:\Program Files\Adblock Pro\blockimg.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0D0FDBFE-4F72-4CBF-ADF0-3E2D5CA381F1}: NameServer = 139.165.32.13 O17 - HKLM\System\CS2\Services\Tcpip\..\{0D0FDBFE-4F72-4CBF-ADF0-3E2D5CA381F1}: NameServer = 139.165.32.13 O17 - HKLM\System\CS3\Services\Tcpip\..\{0D0FDBFE-4F72-4CBF-ADF0-3E2D5CA381F1}: NameServer = 139.165.32.13 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 9885 bytes
  5. kaponitch
    Bonjour à tous, Mon PC (Asus A6Va datant de 2005, XP SP2) peine beaucoup lors de mes tentatives pour naviguer sur Internet. La navigation est fréquemment interrompue par d'impudiques pop-ups de pub (pub porno principalment, s'intitulant "hopeless romantic"), soit dans de nouveaux onglets, soit dans de nouvelles fenetres. Je n'avais, jusqu'il y a peu, très peu, voire aucun, problème de pub depuis longtemps grace à Ad-block Plus (firefox) et Ad Block Pro (IE) mais là, j'ai la malchance d'être complètement infecté ! En désespoir de cause, et malgré mon hostilité à l'égard de ce type de logiciels, j'ai même installé la Google ToolBar,afin de voir si elle pouvait bloquer quoi que ce soit. Elle en fut, cela ne vous étonnera pas, totalement incapable ! Coté anti-virus, j'ai longtemps utilisé Kaspersky + Zone Alarm (free) mais, pour soulager un peu mon système qui commencait à s'essouffler (Kaspersky pouvait bouffer jusqu'à 80% des ressources processeurs, et ceci, en conditions normales...), j'ai, malgré leurs supplications, désinstallé ces deux logiciels et les ai remplacé par Nod 32 associé au pare-feu Windows. L'infection provient probablement d'opérations d'échanges de photos entre copains, ayant impliqué de nombreux disques durs, clés USB, etc. Quoi qu'il en soit, je suis désormais dans une sacré panade ("in a holly bread-soup") ! J'ai réinstallé IE et Mozilla mais cela n'a rien arrangé.Je souhaiterais fortement éviter d'avoir à réinstaller totalement Windows. QUelqu'un aurait-il une solution pour m'aidr ? Par avance grand merci ! Kap.
×
×
  • Créer...