pielo
-
Compteur de contenus
6 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par pielo
-
ComboFix 09-03-18.01 - LANGLET 2009-03-19 17:14:47.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.767.346 [GMT 1:00] Lancé depuis: c:\documents and settings\LANGLET\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\LANGLET\Bureau\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090306-0] *On-access scanning disabled* (Outdated) * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 )))))))))))))))))))))))))))))))))))) . 2009-03-17 19:51 . 2009-03-17 20:02 <REP> d----c--- C:\Lop SD 2009-03-13 21:57 . 2009-03-13 21:57 <REP> d-------- c:\program files\GSC Game World 2009-03-08 14:26 . 2009-03-08 14:26 <REP> d-------- c:\program files\Black Isle 2009-03-04 12:45 . 2009-03-04 13:12 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-03-04 12:38 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-03-04 12:38 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-04 12:36 . 2008-12-20 23:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-03 18:42 . 2009-03-03 18:42 <REP> d----c--- c:\documents and settings\LANGLET\Application DataPDFcreator 2009-03-02 22:03 . 2009-03-02 22:03 <REP> d-------- c:\documents and settings\NetworkService\Application DataPDFcreator 2009-02-23 11:20 . 2009-03-08 14:23 <REP> d-------- c:\program files\Garena 2009-02-22 20:53 . 2009-03-04 20:15 <REP> d-------- c:\windows\system32\anooki-v5-0-1 dir 2009-02-22 20:53 . 2009-02-22 20:53 201,728 --a------ c:\windows\system32\anooki-v5-0-1.scr 2009-02-21 21:19 . 2009-02-21 21:21 <REP> d-------- c:\windows\system32\inook-v4-3 dir 2009-02-21 21:19 . 2009-02-21 21:19 201,728 --a------ c:\windows\system32\inook-v4-3.scr 2009-02-20 09:05 . 2009-02-20 09:05 <REP> d-------- c:\program files\Microsoft Games 2009-02-19 23:54 . 2009-02-19 23:54 <REP> d-------- c:\program files\Fichiers communs\Macromedia 2009-02-19 21:15 . 2009-02-19 21:15 <REP> d-------- c:\program files\FileZilla FTP Client 2009-02-19 21:15 . 2009-02-19 22:23 <REP> d----c--- c:\documents and settings\LANGLET\Application Data\FileZilla . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 16:11 --------- dc----w c:\documents and settings\LANGLET\Application Data\DNA 2009-03-19 13:01 --------- d-----w c:\program files\DNA 2009-03-16 20:23 --------- d-----w c:\program files\eMule 2009-03-15 17:14 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-14 21:27 --------- d-----w c:\documents and settings\LANGLET\Application Data\OpenOffice.org2 2009-03-08 13:23 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-08 13:22 --------- dc----w c:\documents and settings\LANGLET\Application Data\mIRC 2009-03-07 18:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-27 23:28 --------- d-----w c:\program files\Warcraft III 2009-02-20 07:56 --------- d-----w c:\program files\Yahoo! 2009-02-15 16:26 --------- d-----w c:\program files\Zylom Games 2009-02-14 19:42 --------- d-----w c:\documents and settings\LANGLET\Application Data\PlayFirst 2009-02-14 19:41 --------- d-----w c:\documents and settings\LANGLET\Application Data\Zylom 2009-02-13 22:24 2,829 ----a-w c:\windows\War3Unin.pif 2009-02-13 22:24 139,264 ----a-w c:\windows\War3Unin.exe 2009-02-13 21:56 --------- dc----w c:\documents and settings\LANGLET\Application Data\BitTorrent 2009-02-13 21:34 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-13 21:34 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-02-11 13:12 --------- d-----w c:\program files\Google 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-06 09:51 34,032 -c--a-w c:\documents and settings\LANGLET\Application Data\GDIPFONTCACHEV1.DAT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPRR____.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLV____.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLST___.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLEV___.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPLED___.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPLC____.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPC_____.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPAJ____.FOT 2009-01-24 17:52 --------- d-----w c:\program files\ffdshow 2009-01-24 17:38 --------- d-----w c:\program files\KC Softwares 2009-01-24 16:01 --------- d-----w c:\program files\ConvertHelper 2009-01-22 11:38 --------- d-----w c:\program files\Creative 2009-01-19 17:34 --------- d-----w c:\program files\Reference Assemblies 2009-01-19 17:34 --------- d-----w c:\program files\MSBuild 2009-01-19 17:27 --------- d-----w c:\program files\MSXML 6.0 2009-01-19 14:28 --------- d-----w c:\program files\MSXML 4.0 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2007-11-15 18:35 357 -c--a-w c:\documents and settings\LANGLET\.cb_layout.bin 2007-02-02 19:20 2 -c--a-w c:\program files\ReDraw.sav 2006-12-16 09:53 20 -c--a-w c:\documents and settings\LANGLET\ZWIN.DLL 2006-05-31 05:39 41,998 -c--a-w c:\program files\dxdllreg_x86.cab 2006-05-31 05:39 181,745 -c--a-w c:\program files\JUN2006_XACT_x64.cab 2006-05-31 05:39 134,631 -c--a-w c:\program files\JUN2006_XACT_x86.cab 2006-05-31 05:25 82,190 -c--a-w c:\program files\dxupdate.cab 2006-05-31 05:24 2,248,984 -c--a-w c:\program files\dsetup32.dll 2006-05-31 05:23 484,632 -c--a-w c:\program files\DXSETUP.exe 2006-05-31 05:22 74,520 -c--a-w c:\program files\DSETUP.dll 2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab 2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab 2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab 2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab 2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab 2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab 2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab 2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab 2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab 2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab 2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab 2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab 2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab 2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab 2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab 2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab 2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab 2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab 2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab 2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab 2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab 2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab 2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab 2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab 2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab 2004-09-27 10:29 703,080 -c----w c:\program files\BDA.cab 2004-09-27 10:29 15,493,481 -c----w c:\program files\DirectX.cab 2004-09-27 10:29 13,265,040 -c----w c:\program files\dxnt.cab 2004-09-27 10:29 1,156,363 -c----w c:\program files\BDANT.cab . ((((((((((((((((((((((((((((( SnapShot@2009-03-17_20.26.37.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-19 13:01:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b0.dat + 2009-03-18 06:08:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_660.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-02 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800] "VX1000"="c:\windows\vVX1000.exe" [2006-12-06 707360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\eMule.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Freeciv-2.0.8-gtk2\\civserver.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:warcraft R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [2005-07-02 3616] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-01 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-01 20560] S2 gupdate1c98c4a568dd8d8;Google Update Service (gupdate1c98c4a568dd8d8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104] S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2007-02-19 21344] S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2006-06-20 52384] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2006-06-20 79248] S3 PV8630;USB Flatbed Scanner Driver;c:\windows\system32\drivers\A1236.SYS [2005-07-30 19144] . Contenu du dossier 'Tâches planifiées' 2009-03-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 14:12] . . ------- Examen supplémentaire ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &Search IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\LANGLET\Application Data\Mozilla\Firefox\Profiles\147tibaq.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 17:17:00 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-436374069-1801674531-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a3,0d,51,d3,75,45,6e,21,d7,72,8d,59,9c,29,e4,6f,0d,b7,6f,6c,6a,10,b7, c8,a7,20,4d,f1,9e,e0,9f,e0,6a,19,80,9b,39,33,28,03,72,1a,13,ce,aa,dc,cf,4e,\ "??"=hex:28,f9,ad,ce,9e,bf,1d,75,09,a5,36,05,09,da,3d,40 . Heure de fin: 2009-03-19 17:20:03 ComboFix-quarantined-files.txt 2009-03-19 16:19:20 ComboFix2.txt 2009-03-19 15:32:57 ComboFix3.txt 2009-03-17 19:28:11 Avant-CF: 5 186 461 696 octets libres Après-CF: 5,188,038,656 octets libres 214 --- E O F --- 2009-03-04 22:41:53 Au fait, j'ai oublié de le dire, mais j'ai l'impression qu'il n'y a plus de problèmes sur mon pc. Mais bon, comme y'a peut être des restes vous devez mieux savoir que moi quand ce sera complètement terminé
-
ComboFix 09-03-15.01 - LANGLET 2009-03-19 16:26:37.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.767.378 [GMT 1:00] Lancé depuis: c:\documents and settings\LANGLET\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\LANGLET\Bureau\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090306-0] *On-access scanning disabled* (Outdated) * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-19 au 2009-03-19 )))))))))))))))))))))))))))))))))))) . 2009-03-17 19:51 . 2009-03-17 20:02 <REP> d----c--- C:\Lop SD 2009-03-13 21:57 . 2009-03-13 21:57 <REP> d-------- c:\program files\GSC Game World 2009-03-08 14:26 . 2009-03-08 14:26 <REP> d-------- c:\program files\Black Isle 2009-03-04 12:45 . 2009-03-04 13:12 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-03-04 12:38 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-03-04 12:38 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-04 12:36 . 2008-12-20 23:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-03 18:42 . 2009-03-03 18:42 <REP> d----c--- c:\documents and settings\LANGLET\Application DataPDFcreator 2009-03-02 22:03 . 2009-03-02 22:03 <REP> d-------- c:\documents and settings\NetworkService\Application DataPDFcreator 2009-02-23 11:20 . 2009-03-08 14:23 <REP> d-------- c:\program files\Garena 2009-02-22 20:53 . 2009-03-04 20:15 <REP> d-------- c:\windows\system32\anooki-v5-0-1 dir 2009-02-22 20:53 . 2009-02-22 20:53 201,728 --a------ c:\windows\system32\anooki-v5-0-1.scr 2009-02-21 21:19 . 2009-02-21 21:21 <REP> d-------- c:\windows\system32\inook-v4-3 dir 2009-02-21 21:19 . 2009-02-21 21:19 201,728 --a------ c:\windows\system32\inook-v4-3.scr 2009-02-20 09:05 . 2009-02-20 09:05 <REP> d-------- c:\program files\Microsoft Games 2009-02-19 23:54 . 2009-02-19 23:54 <REP> d-------- c:\program files\Fichiers communs\Macromedia 2009-02-19 21:15 . 2009-02-19 21:15 <REP> d-------- c:\program files\FileZilla FTP Client 2009-02-19 21:15 . 2009-02-19 22:23 <REP> d----c--- c:\documents and settings\LANGLET\Application Data\FileZilla . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-19 15:21 --------- dc----w c:\documents and settings\LANGLET\Application Data\DNA 2009-03-19 13:01 --------- d-----w c:\program files\DNA 2009-03-16 20:23 --------- d-----w c:\program files\eMule 2009-03-15 17:14 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-14 21:27 --------- d-----w c:\documents and settings\LANGLET\Application Data\OpenOffice.org2 2009-03-08 13:23 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-08 13:22 --------- dc----w c:\documents and settings\LANGLET\Application Data\mIRC 2009-03-07 18:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-27 23:28 --------- d-----w c:\program files\Warcraft III 2009-02-20 07:56 --------- d-----w c:\program files\Yahoo! 2009-02-15 16:26 --------- d-----w c:\program files\Zylom Games 2009-02-14 19:42 --------- d-----w c:\documents and settings\LANGLET\Application Data\PlayFirst 2009-02-14 19:41 --------- d-----w c:\documents and settings\LANGLET\Application Data\Zylom 2009-02-13 22:24 2,829 ----a-w c:\windows\War3Unin.pif 2009-02-13 22:24 139,264 ----a-w c:\windows\War3Unin.exe 2009-02-13 21:56 --------- dc----w c:\documents and settings\LANGLET\Application Data\BitTorrent 2009-02-13 21:34 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-13 21:34 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-02-11 13:12 --------- d-----w c:\program files\Google 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-06 09:51 34,032 -c--a-w c:\documents and settings\LANGLET\Application Data\GDIPFONTCACHEV1.DAT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPRR____.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLV____.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLST___.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLEV___.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPLED___.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPLC____.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPC_____.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPAJ____.FOT 2009-01-24 17:52 --------- d-----w c:\program files\ffdshow 2009-01-24 17:38 --------- d-----w c:\program files\KC Softwares 2009-01-24 16:01 --------- d-----w c:\program files\ConvertHelper 2009-01-22 11:38 --------- d-----w c:\program files\Creative 2009-01-19 17:34 --------- d-----w c:\program files\Reference Assemblies 2009-01-19 17:34 --------- d-----w c:\program files\MSBuild 2009-01-19 17:27 --------- d-----w c:\program files\MSXML 6.0 2009-01-19 14:28 --------- d-----w c:\program files\MSXML 4.0 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2007-11-15 18:35 357 -c--a-w c:\documents and settings\LANGLET\.cb_layout.bin 2007-02-02 19:20 2 -c--a-w c:\program files\ReDraw.sav 2006-12-16 09:53 20 -c--a-w c:\documents and settings\LANGLET\ZWIN.DLL 2006-05-31 05:39 41,998 -c--a-w c:\program files\dxdllreg_x86.cab 2006-05-31 05:39 181,745 -c--a-w c:\program files\JUN2006_XACT_x64.cab 2006-05-31 05:39 134,631 -c--a-w c:\program files\JUN2006_XACT_x86.cab 2006-05-31 05:25 82,190 -c--a-w c:\program files\dxupdate.cab 2006-05-31 05:24 2,248,984 -c--a-w c:\program files\dsetup32.dll 2006-05-31 05:23 484,632 -c--a-w c:\program files\DXSETUP.exe 2006-05-31 05:22 74,520 -c--a-w c:\program files\DSETUP.dll 2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab 2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab 2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab 2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab 2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab 2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab 2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab 2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab 2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab 2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab 2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab 2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab 2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab 2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab 2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab 2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab 2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab 2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab 2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab 2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab 2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab 2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab 2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab 2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab 2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab 2004-09-27 10:29 703,080 -c----w c:\program files\BDA.cab 2004-09-27 10:29 15,493,481 -c----w c:\program files\DirectX.cab 2004-09-27 10:29 13,265,040 -c----w c:\program files\dxnt.cab 2004-09-27 10:29 1,156,363 -c----w c:\program files\BDANT.cab . ((((((((((((((((((((((((((((( SnapShot@2009-03-17_20.26.37.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-19 13:01:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b0.dat + 2009-03-18 06:08:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_660.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-02 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800] "VX1000"="c:\windows\vVX1000.exe" [2006-12-06 707360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= c:\windows\system32\..\auognqq.xri [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\eMule.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Freeciv-2.0.8-gtk2\\civserver.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:warcraft R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [2005-07-02 3616] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-01 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-01 20560] S2 gupdate1c98c4a568dd8d8;Google Update Service (gupdate1c98c4a568dd8d8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104] S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2007-02-19 21344] S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2006-06-20 52384] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2006-06-20 79248] S3 PV8630;USB Flatbed Scanner Driver;c:\windows\system32\drivers\A1236.SYS [2005-07-30 19144] . Contenu du dossier 'Tâches planifiées' 2009-03-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 14:12] . . ------- Examen supplémentaire ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &Search IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\LANGLET\Application Data\Mozilla\Firefox\Profiles\147tibaq.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-19 16:30:13 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-436374069-1801674531-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a3,0d,51,d3,75,45,6e,21,d7,72,8d,59,9c,29,e4,6f,0d,b7,6f,6c,6a,10,b7, c8,a7,20,4d,f1,9e,e0,9f,e0,6a,19,80,9b,39,33,28,03,72,1a,13,ce,aa,dc,cf,4e,\ "??"=hex:28,f9,ad,ce,9e,bf,1d,75,09,a5,36,05,09,da,3d,40 . Heure de fin: 2009-03-19 16:32:55 ComboFix-quarantined-files.txt 2009-03-19 15:32:14 ComboFix2.txt 2009-03-17 19:28:11 Avant-CF: 5 096 701 952 octets libres Après-CF: 5,172,604,928 octets libres 215 --- E O F --- 2009-03-04 22:41:53 Voila. Par contre: Ben ça, ça ne l'a pas fait. Pas d'ouverture de mon navigateur... Au fait, ça a servit à quoi ce fichier?
-
Euh... je veux pas avoir l'air pressé, mais je fais quoi maintenant ? ^^
-
Voila le rapport avec combofix: (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\piaeowsm.ini c:\windows\system32\rcxyltgk.ini c:\windows\system32\uniq.tll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_OULTRAF -------\Service_Boonty Games -------\Service_oUltraf ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-17 au 2009-03-17 )))))))))))))))))))))))))))))))))))) . 2009-03-17 19:51 . 2009-03-17 20:02 <REP> d----c--- C:\Lop SD 2009-03-13 21:57 . 2009-03-13 21:57 <REP> d-------- c:\program files\GSC Game World 2009-03-08 14:26 . 2009-03-08 14:26 <REP> d-------- c:\program files\Black Isle 2009-03-04 12:45 . 2009-03-04 13:12 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-03-04 12:38 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys 2009-03-04 12:38 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-04 12:36 . 2008-12-20 23:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-03 18:42 . 2009-03-03 18:42 <REP> d----c--- c:\documents and settings\LANGLET\Application DataPDFcreator 2009-03-02 22:03 . 2009-03-02 22:03 <REP> d-------- c:\documents and settings\NetworkService\Application DataPDFcreator 2009-02-23 11:20 . 2009-03-08 14:23 <REP> d-------- c:\program files\Garena 2009-02-22 20:53 . 2009-03-04 20:15 <REP> d-------- c:\windows\system32\anooki-v5-0-1 dir 2009-02-22 20:53 . 2009-02-22 20:53 201,728 --a------ c:\windows\system32\anooki-v5-0-1.scr 2009-02-21 21:19 . 2009-02-21 21:21 <REP> d-------- c:\windows\system32\inook-v4-3 dir 2009-02-21 21:19 . 2009-02-21 21:19 201,728 --a------ c:\windows\system32\inook-v4-3.scr 2009-02-20 09:05 . 2009-02-20 09:05 <REP> d-------- c:\program files\Microsoft Games 2009-02-19 23:54 . 2009-02-19 23:54 <REP> d-------- c:\program files\Fichiers communs\Macromedia 2009-02-19 21:15 . 2009-02-19 21:15 <REP> d-------- c:\program files\FileZilla FTP Client 2009-02-19 21:15 . 2009-02-19 22:23 <REP> d----c--- c:\documents and settings\LANGLET\Application Data\FileZilla . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-17 19:22 --------- dc----w c:\documents and settings\LANGLET\Application Data\DNA 2009-03-17 19:22 --------- d-----w c:\program files\DNA 2009-03-16 20:23 --------- d-----w c:\program files\eMule 2009-03-15 17:14 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-14 21:27 --------- d-----w c:\documents and settings\LANGLET\Application Data\OpenOffice.org2 2009-03-08 13:23 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-08 13:22 --------- dc----w c:\documents and settings\LANGLET\Application Data\mIRC 2009-03-07 18:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-27 23:28 --------- d-----w c:\program files\Warcraft III 2009-02-20 07:56 --------- d-----w c:\program files\Yahoo! 2009-02-15 16:26 --------- d-----w c:\program files\Zylom Games 2009-02-14 19:42 --------- d-----w c:\documents and settings\LANGLET\Application Data\PlayFirst 2009-02-14 19:41 --------- d-----w c:\documents and settings\LANGLET\Application Data\Zylom 2009-02-13 22:24 2,829 ----a-w c:\windows\War3Unin.pif 2009-02-13 22:24 139,264 ----a-w c:\windows\War3Unin.exe 2009-02-13 21:56 --------- dc----w c:\documents and settings\LANGLET\Application Data\BitTorrent 2009-02-13 21:34 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-13 21:34 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-02-11 13:12 --------- d-----w c:\program files\Google 2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-06 09:51 34,032 -c--a-w c:\documents and settings\LANGLET\Application Data\GDIPFONTCACHEV1.DAT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPRR____.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLV____.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLST___.FOT 2009-01-31 15:30 1,409 ----a-w c:\windows\Fonts\MPLEV___.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPLED___.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPLC____.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPC_____.FOT 2009-01-31 15:29 1,409 ----a-w c:\windows\Fonts\MPAJ____.FOT 2009-01-24 17:52 --------- d-----w c:\program files\ffdshow 2009-01-24 17:38 --------- d-----w c:\program files\KC Softwares 2009-01-24 16:01 --------- d-----w c:\program files\ConvertHelper 2009-01-22 11:38 --------- d-----w c:\program files\Creative 2009-01-19 17:34 --------- d-----w c:\program files\Reference Assemblies 2009-01-19 17:34 --------- d-----w c:\program files\MSBuild 2009-01-19 17:27 --------- d-----w c:\program files\MSXML 6.0 2009-01-19 14:28 --------- d-----w c:\program files\MSXML 4.0 2007-11-15 18:35 357 -c--a-w c:\documents and settings\LANGLET\.cb_layout.bin 2007-02-02 19:20 2 -c--a-w c:\program files\ReDraw.sav 2006-12-16 09:53 20 -c--a-w c:\documents and settings\LANGLET\ZWIN.DLL 2006-05-31 05:39 41,998 -c--a-w c:\program files\dxdllreg_x86.cab 2006-05-31 05:39 181,745 -c--a-w c:\program files\JUN2006_XACT_x64.cab 2006-05-31 05:39 134,631 -c--a-w c:\program files\JUN2006_XACT_x86.cab 2006-05-31 05:25 82,190 -c--a-w c:\program files\dxupdate.cab 2006-05-31 05:24 2,248,984 -c--a-w c:\program files\dsetup32.dll 2006-05-31 05:23 484,632 -c--a-w c:\program files\DXSETUP.exe 2006-05-31 05:22 74,520 -c--a-w c:\program files\DSETUP.dll 2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab 2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab 2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab 2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab 2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab 2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab 2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab 2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab 2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab 2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab 2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab 2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab 2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab 2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab 2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab 2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab 2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab 2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab 2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab 2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab 2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab 2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab 2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab 2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab 2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab 2004-09-27 10:29 703,080 -c----w c:\program files\BDA.cab 2004-09-27 10:29 15,493,481 -c----w c:\program files\DirectX.cab 2004-09-27 10:29 13,265,040 -c----w c:\program files\dxnt.cab 2004-09-27 10:29 1,156,363 -c----w c:\program files\BDANT.cab . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-02 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800] "VX1000"="c:\windows\vVX1000.exe" [2006-12-06 707360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=unfmvg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= c:\windows\system32\..\auognqq.xri [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\eMule.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Freeciv-2.0.8-gtk2\\civserver.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\winver.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:warcraft R1 as6eio;as6eio;c:\windows\system32\drivers\As6eio.sys [2005-07-02 3616] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-01 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-01 20560] S2 gupdate1c98c4a568dd8d8;Google Update Service (gupdate1c98c4a568dd8d8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104] S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2007-02-19 21344] S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2006-06-20 52384] S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2006-06-20 79248] S3 PV8630;USB Flatbed Scanner Driver;c:\windows\system32\drivers\A1236.SYS [2005-07-30 19144] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cb53f3c-065c-11de-9390-001109ceed81}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcc8a454-d0ab-11db-8b35-001109ceed81}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL remove.exe . Contenu du dossier 'Tâches planifiées' 2009-03-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 14:12] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-intracdrom - c:\docume~1\LANGLET\APPLIC~1\BALMTE~1\junkmetaweb.exe HKLM-Run-VCSPlayer - c:\program files\Virtual CD v4 SDK\system\vcsplay.exe MSConfigStartUp-SSC_UserPrompt - c:\program files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe . ------- Examen supplémentaire ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: &Search IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\LANGLET\Application Data\Mozilla\Firefox\Profiles\147tibaq.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-17 20:22:33 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-436374069-1801674531-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a3,0d,51,d3,75,45,6e,21,d7,72,8d,59,9c,29,e4,6f,0d,b7,6f,6c,6a,10,b7, c8,a7,20,4d,f1,9e,e0,9f,e0,6a,19,80,9b,39,33,28,03,72,1a,13,ce,aa,dc,cf,4e,\ "??"=hex:28,f9,ad,ce,9e,bf,1d,75,09,a5,36,05,09,da,3d,40 . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\windows\system32\nvsvc32.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Heure de fin: 2009-03-17 20:28:08 - La machine a redémarré ComboFix-quarantined-files.txt 2009-03-17 19:27:46 Avant-CF: 2 549 194 752 octets libres Après-CF: 5,221,040,128 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 251 --- E O F --- 2009-03-04 22:41:53
-
Voici mon rapport avec LOP S&D: \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\LANGLET\LOCALS~1\Temp\nsb69.tmp Supprime! - C:\DOCUME~1\LANGLET\LOCALS~1\Temp\nsh14A.tmp Supprime! - C:\DOCUME~1\LANGLET\LOCALS~1\Temp\nsq2.tmp Supprime! - C:\DOCUME~1\LANGLET\LOCALS~1\Temp\ns_temp Supprime! - C:\DOCUME~1\LANGLET\APPLIC~1\BitDownload\Data Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Internet debug mess great Supprime! - C:\DOCUME~1\LANGLET\APPLIC~1\Bitdownload Supprime! - C:\Program Files\Multi_Media_France - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-
Salut à tous ! Alors voila j'ai un petit problème sur mon pc. J'ai fais plusieurs scan avec Avast et MBAM mais le problème persiste... Lorsque j'utilise internet, des sites se chargent à la place des sites voulus. C'est surtout lorsque je suis sur google et que je clique sur un lien pour me connecter à un site, ben au lieu de me mettre mon site, ça me met des sites porno ou de ventes ou un peu tout et n'importe quoi. Je viens donc de faire un rapport HijackThis, mais comme je ne comprend rien, j'aimerais savoir si quelqu'un peux me dire ce qui ne va pas ^^" Merci ! Mon rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42:41, on 16/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\vVX1000.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\LANGLET\Bureau\michael\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [intracdrom] C:\DOCUME~1\LANGLET\APPLIC~1\BALMTE~1\junkmetaweb.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: unfmvg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98c4a568dd8d8) (gupdate1c98c4a568dd8d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 7039 bytes