sophienantes
-
Compteur de contenus
8 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par sophienantes
-
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:21, on 16/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nogues\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B565FC8-4023-49DB-B4F4-65F6A2430ED3}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7004 bytes
-
Ca doit aller mieux, poste un nouveau rapport HijackThis stp.
Ce que tu appelles le rapport hijackthis c'est le premier que j'ai fait hier ou le second de tout à l'heure ?
-
Bonjour,
Voici le rapport :
ComboFix 09-04-15.08 - Nogues 16/04/2009 16:41.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.685 [GMT 2:00]
Lancé depuis: c:\documents and settings\Nogues\Bureau\tralala.exe
Commutateurs utilisés :: c:\documents and settings\Nogues\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP
-------\Service_aswFsBlk
-------\Service_aswSP
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-16 au 2009-04-16 ))))))))))))))))))))))))))))))))))))
.
2009-04-15 21:56 . 2009-04-15 21:56 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-15 20:53 . 2009-04-15 20:53 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-15 19:59 . 2009-04-15 20:06 -------- d-----w C:\FindyKill
2009-04-15 19:19 . 2009-04-15 19:19 360580 ----a-w c:\windows\eSellerateEngine.dll
2009-03-18 16:40 . 2009-03-25 21:01 -------- d-----w c:\documents and settings\Nogues\Application Data\Nero
2009-03-18 16:22 . 2009-03-18 16:22 4767 ----a-w c:\windows\Irremote.ini
2009-03-18 15:47 . 2009-04-16 14:43 -------- d-----w c:\documents and settings\Nogues\Tracing
2009-03-18 15:47 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\Nogues\Application Data\Babylon
2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 14:32 . 2009-01-14 09:11 -------- d-----w c:\documents and settings\Nogues\Application Data\Skype
2009-04-15 21:04 . 2009-04-15 21:04 -------- d-----w c:\program files\ToniArts
2009-04-15 21:04 . 2008-09-24 16:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 21:04 . 2009-04-15 21:04 2951802 ----a-w c:\program files\easycleaner_easycleaner_2.0.6.381_francais_11170.exe
2009-04-15 21:01 . 2009-04-15 21:01 1346784 ----a-w c:\program files\EClea2_0.zip
2009-04-15 21:00 . 2009-04-15 21:00 -------- d-----w c:\program files\CCleaner
2009-04-15 21:00 . 2009-04-15 21:00 3190688 ----a-w c:\program files\ccsetup218.exe
2009-04-15 20:26 . 2009-04-15 20:26 904048 ----a-w c:\program files\fsbl.exe
2009-04-15 20:07 . 2001-08-24 12:00 81148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-15 20:07 . 2001-08-24 12:00 501226 ----a-w c:\windows\system32\perfh00C.dat
2009-04-15 19:59 . 2009-04-15 19:59 1699447 ----a-w c:\program files\FindyKill.exe
2009-04-15 19:49 . 2008-09-24 14:30 65312 ----a-w c:\documents and settings\Nogues\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 19:44 . 2009-04-15 19:44 1161576 ----a-w c:\program files\wlsetup-custom.exe
2009-04-15 19:43 . 2009-04-15 19:43 128280 ----a-w c:\program files\install_wlsetup-web(2).exe
2009-04-15 19:38 . 2009-04-15 19:36 32911528 ----a-w c:\program files\setupfre.exe
2009-04-15 19:35 . 2008-09-24 18:10 -------- d-----w c:\program files\eMule
2009-04-15 19:15 . 2009-04-15 19:15 -------- d-----w c:\program files\MSNContentPlus
2009-04-15 19:14 . 2009-04-15 19:13 4227899 ----a-w c:\program files\WinksSetup.exe
2009-04-15 17:35 . 2009-04-15 17:35 -------- d-----w c:\program files\MSN BackUp
2009-04-15 17:34 . 2009-04-15 17:34 3301375 ----a-w c:\program files\mcoinstaller.zip
2009-04-15 17:33 . 2009-04-15 17:33 22903 ----a-w c:\program files\AddEmoticons47w.zip
2009-04-15 17:27 . 2009-04-15 17:27 42823 ----a-w c:\program files\23.MCO
2009-04-15 17:27 . 2009-04-15 17:27 107321 ----a-w c:\program files\44.MCO
2009-04-15 17:27 . 2009-04-15 17:27 50264 ----a-w c:\program files\67.MCO
2009-04-15 17:27 . 2009-04-15 17:27 96345 ----a-w c:\program files\64.MCO
2009-04-15 17:27 . 2009-04-15 17:27 21915 ----a-w c:\program files\60.MCO
2009-04-15 17:27 . 2009-04-15 17:27 58916 ----a-w c:\program files\66.MCO
2009-04-15 17:27 . 2009-04-15 17:27 15554 ----a-w c:\program files\29.MCO
2009-04-15 17:25 . 2009-04-15 17:25 38645 ----a-w c:\program files\18.MCO
2009-04-15 17:18 . 2009-04-15 17:18 89760 ----a-w c:\program files\121.mco
2009-04-15 17:08 . 2009-04-15 17:08 26115 ----a-w c:\program files\123.mco
2009-04-15 17:06 . 2009-04-15 17:06 93791 ----a-w c:\program files\474.exe
2009-04-15 17:05 . 2009-04-15 17:05 72660 ----a-w c:\program files\amour011.MCO
2009-04-15 17:05 . 2009-04-15 17:05 132826 ----a-w c:\program files\amour010.MCO
2009-04-15 17:05 . 2009-04-15 17:05 160618 ----a-w c:\program files\amour014.MCO
2009-04-15 17:05 . 2009-04-15 17:05 106750 ----a-w c:\program files\amour016.MCO
2009-04-15 17:04 . 2009-04-15 17:04 156759 ----a-w c:\program files\amour013.MCO
2009-04-15 16:57 . 2009-04-15 16:57 105571 ----a-w c:\program files\a078.MCO
2009-04-15 16:57 . 2009-04-15 16:57 40224 ----a-w c:\program files\a072.MCO
2009-04-15 16:57 . 2009-04-15 16:57 66648 ----a-w c:\program files\a064.MCO
2009-04-15 16:56 . 2009-04-15 16:56 19758 ----a-w c:\program files\a061.MCO
2009-04-15 16:56 . 2009-04-15 16:56 37632 ----a-w c:\program files\a059.MCO
2009-04-15 16:56 . 2009-04-15 16:56 54297 ----a-w c:\program files\a058.MCO
2009-04-15 16:56 . 2009-04-15 16:56 32732 ----a-w c:\program files\a051.MCO
2009-04-15 16:56 . 2009-04-15 16:56 98610 ----a-w c:\program files\a050.MCO
2009-04-15 16:56 . 2009-04-15 16:56 8581 ----a-w c:\program files\a048.MCO
2009-04-15 16:55 . 2009-04-15 16:55 9777 ----a-w c:\program files\a042.MCO
2009-04-15 16:55 . 2009-04-15 16:55 10012 ----a-w c:\program files\a041.MCO
2009-04-15 14:37 . 2009-04-15 14:37 72011 ----a-w c:\program files\a007.MCO
2009-04-15 14:36 . 2009-04-15 14:36 48304 ----a-w c:\program files\385.MCO
2009-04-15 14:35 . 2009-04-15 14:35 178377 ----a-w c:\program files\343.MCO
2009-04-15 14:35 . 2009-04-15 14:35 162822 ----a-w c:\program files\337.MCO
2009-04-15 14:35 . 2009-04-15 14:35 142099 ----a-w c:\program files\336.MCO
2009-04-15 14:34 . 2009-04-15 14:34 152316 ----a-w c:\program files\297.MCO
2009-04-15 14:33 . 2009-04-15 14:33 149946 ----a-w c:\program files\287.MCO
2009-04-15 14:33 . 2009-04-15 14:33 138693 ----a-w c:\program files\286.MCO
2009-04-15 14:33 . 2009-04-15 14:33 134139 ----a-w c:\program files\285.MCO
2009-04-15 14:33 . 2009-04-15 14:33 111769 ----a-w c:\program files\283.MCO
2009-04-15 14:33 . 2009-04-15 14:33 106383 ----a-w c:\program files\281.MCO
2009-04-15 14:33 . 2009-04-15 14:33 89553 ----a-w c:\program files\280.MCO
2009-04-15 14:32 . 2009-04-15 14:32 98795 ----a-w c:\program files\255.MCO
2009-04-15 14:32 . 2009-04-15 14:32 184364 ----a-w c:\program files\256.MCO
2009-04-15 14:32 . 2009-04-15 14:32 92370 ----a-w c:\program files\258.MCO
2009-04-15 14:32 . 2009-04-15 14:32 57730 ----a-w c:\program files\191.MCO
2009-04-15 14:29 . 2009-04-15 14:29 62148 ----a-w c:\program files\168.MCO
2009-04-15 14:29 . 2009-04-15 14:29 36035 ----a-w c:\program files\179.MCO
2009-04-15 14:29 . 2009-04-15 14:29 180464 ----a-w c:\program files\175.MCO
2009-04-15 14:29 . 2009-04-15 14:29 59266 ----a-w c:\program files\173.MCO
2009-04-15 14:29 . 2009-04-15 14:29 75581 ----a-w c:\program files\167.MCO
2009-04-15 14:29 . 2009-04-15 14:29 25669 ----a-w c:\program files\169.MCO
2009-04-15 14:28 . 2009-04-15 14:28 37167 ----a-w c:\program files\165.MCO
2009-04-15 14:28 . 2009-04-15 14:28 67235 ----a-w c:\program files\147.MCO
2009-04-15 14:28 . 2009-04-15 14:28 34826 ----a-w c:\program files\145.MCO
2009-04-15 14:28 . 2009-04-15 14:28 45198 ----a-w c:\program files\136.MCO
2009-04-15 14:28 . 2009-04-15 14:28 41448 ----a-w c:\program files\127.MCO
2009-04-15 14:27 . 2009-04-15 14:27 89424 ----a-w c:\program files\128.MCO
2009-04-15 14:27 . 2009-04-15 14:27 29127 ----a-w c:\program files\129.MCO
2009-04-15 14:27 . 2009-04-15 14:27 125430 ----a-w c:\program files\114.MCO
2009-04-15 14:27 . 2009-04-15 14:27 62992 ----a-w c:\program files\120.MCO
2009-04-15 14:27 . 2009-04-15 14:27 75996 ----a-w c:\program files\112.MCO
2009-04-15 14:26 . 2009-04-15 14:26 31249 ----a-w c:\program files\073.MCO
2009-04-15 14:26 . 2009-04-15 14:26 179892 ----a-w c:\program files\068.MCO
2009-04-15 14:26 . 2009-04-15 14:26 30264 ----a-w c:\program files\066.MCO
2009-04-15 14:25 . 2009-04-15 14:25 22639 ----a-w c:\program files\054.MCO
2009-04-15 14:24 . 2009-04-15 14:24 42957 ----a-w c:\program files\039.MCO
2009-04-15 14:21 . 2009-04-15 14:21 181888 ----a-w c:\program files\336.exe
2009-04-15 14:20 . 2009-04-15 14:20 202611 ----a-w c:\program files\337.exe
2009-04-15 14:19 . 2009-04-15 14:19 111434 ----a-w c:\program files\404.exe
2009-04-15 14:17 . 2009-04-15 14:17 132182 ----a-w c:\program files\clin258.exe
2009-04-15 14:16 . 2009-04-15 14:16 65466 ----a-w c:\program files\clin169.exe
2009-04-15 14:15 . 2009-04-15 14:15 124019 ----a-w c:\program files\clin123.exe
2009-04-15 14:13 . 2009-04-15 14:14 77260 ----a-w c:\program files\clin0051.exe
2009-04-15 14:13 . 2009-04-15 14:13 77260 ----a-w c:\program files\clin005.exe
2009-04-15 14:13 . 2009-04-15 14:13 136157 ----a-w c:\program files\clin028.exe
2009-04-15 13:49 . 2009-04-15 13:49 233127 ----a-w c:\program files\content11.mco
2009-04-15 13:49 . 2009-04-15 13:49 50011 ----a-w c:\program files\content10.mco
2009-04-15 13:49 . 2009-04-15 13:49 209819 ----a-w c:\program files\content9.mco
2009-04-15 13:48 . 2009-04-15 13:48 209819 ----a-w c:\program files\content8.mco
2009-04-15 13:48 . 2009-04-15 13:48 26633 ----a-w c:\program files\content7.mco
2009-04-15 13:48 . 2009-04-15 13:48 61795 ----a-w c:\program files\content6.mco
2009-04-15 19:2008-09-24 18:08 25:40 . c:\program files\mozilla firefox\components\jar50.dll
2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\myspell.dll
2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\spellchk.dll
2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2006-03-09 08:25 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\system32\user32.dll
[-] 2006-04-12 18:13 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\system32\wininet.dll
[-] 2006-02-14 19:56 359808 667192A11DB19F36624119C0DD4DE4F2 c:\windows\system32\drivers\tcpip.sys
[-] 2006-05-09 08:11 2017280 50B3A210B6FA8D3089A36A32E7D8B21F c:\windows\system32\ntkrnlpa.exe
[-] 2006-03-09 08:25 2137600 E75F7AA5A33479F29C636FD0890F5762 c:\windows\system32\ntoskrnl.exe
[-] 2006-03-09 08:25 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-04-15_21.59.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-16 14:42 . 2005-10-20 18:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-15 22:32 . 2009-04-15 22:32 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\542de0d1b6e269c35169bb0ebe60158e\WindowsLiveLocal.WriterPlugin.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\542de0d1b6e269c35169bb0ebe60158e\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7763f69f454e8d98998951f805eed06\WindowsLive.Writer.FileDestinations.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7763f69f454e8d98998951f805eed06\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 348160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e606ee5c083456b61f01863dca1a33ed\WindowsLive.Writer.Interop.SHDocVw.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 348160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e606ee5c083456b61f01863dca1a33ed\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 131072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2ba25e018ed3ecdac82978053eae744\WindowsLive.Writer.Passport.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 131072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2ba25e018ed3ecdac82978053eae744\WindowsLive.Writer.Passport.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df877561c9bfcef447d163451d1e9faf\WindowsLive.Writer.Instrumentation.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\df877561c9bfcef447d163451d1e9faf\WindowsLive.Writer.Instrumentation.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 376832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5a8a22065837bde5abaddca1bd1210e\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 376832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d5a8a22065837bde5abaddca1bd1210e\WindowsLive.Writer.SpellChecker.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c25e8c74456a5b7340589a5457c22e35\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c25e8c74456a5b7340589a5457c22e35\WindowsLive.Writer.Interop.Mshtml.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 200704 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3217fa87ed1f8e3d8c5da5971eb51ed\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 200704 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3217fa87ed1f8e3d8c5da5971eb51ed\WindowsLive.Writer.BrowserControl.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\acc3759bf6558b7b3f1f07960b9db27d\WindowsLive.Writer.Interop.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\acc3759bf6558b7b3f1f07960b9db27d\WindowsLive.Writer.Interop.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 143360 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a82a16758b71291ebf35c64216f1546b\WindowsLive.Writer.Extensibility.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 143360 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a82a16758b71291ebf35c64216f1546b\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 475136 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8af8a8ba37744d09a028566829f9e964\WindowsLive.Writer.Localization.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 475136 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8af8a8ba37744d09a028566829f9e964\WindowsLive.Writer.Localization.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70714e6d0c656df3792d9c44c214adaf\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 282624 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70714e6d0c656df3792d9c44c214adaf\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43bc7d79650bc43f9a143dfeeebf4549\WindowsLive.Writer.HtmlParser.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\43bc7d79650bc43f9a143dfeeebf4549\WindowsLive.Writer.HtmlParser.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f11652952fd2f51b7506879343f7289\WindowsLive.Writer.Api.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f11652952fd2f51b7506879343f7289\WindowsLive.Writer.Api.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 921600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b2a6aa0a2758d21b155fea5a498d9c3\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 921600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b2a6aa0a2758d21b155fea5a498d9c3\WindowsLive.Writer.BlogClient.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30e26e6fc391e51fcf4ad24d0097aebb\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 634880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30e26e6fc391e51fcf4ad24d0097aebb\WindowsLive.Writer.HtmlEditor.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 868352 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21bf88d832fad106823d5e3fb7715cdb\WindowsLive.Writer.Controls.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 868352 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\21bf88d832fad106823d5e3fb7715cdb\WindowsLive.Writer.Controls.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\0024607ccdb9930d0e82f4289d386489\WindowsLive.Client.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\0024607ccdb9930d0e82f4289d386489\WindowsLive.Client.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 2080768 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a39ca3f05b95dfca526e39353ba86c48\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 2080768 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a39ca3f05b95dfca526e39353ba86c48\WindowsLive.Writer.CoreServices.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 1155072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25879a16bea29a61420a05639017bd3e\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 1155072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\25879a16bea29a61420a05639017bd3e\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-04-15 22:32 . 2009-04-15 22:32 6492160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d92e2974417f7e8a81827e43479f0dd\WindowsLive.Writer.PostEditor.ni.dll
- 2009-03-18 17:11 . 2009-03-18 17:11 6492160 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d92e2974417f7e8a81827e43479f0dd\WindowsLive.Writer.PostEditor.ni.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-04-15 81000]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-01 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646]
InstantTimeZone.lnk - c:\program files\InstantTimeZone\InstantTimeZone.exe [2008-12-27 1687738]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-11 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
.
Contenu du dossier 'Tâches planifiées'
2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-04-07 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2100 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745231344240.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {4B565FC8-4023-49DB-B4F4-65F6A2430ED3} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nogues\Application Data\Mozilla\Firefox\Profiles\oszksumd.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 16:43
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2948)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Heure de fin: 2009-04-16 16:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-16 14:44
ComboFix2.txt 2009-04-15 22:00
Avant-CF: 100 649 484 288 octets libres
Après-CF: 100 594 147 328 octets libres
317
-
Ce n'est pas Bagle, mais ça ne vaut guère mieux, ou alors, tu as déjà utilisé findikill, sans prévenir (je le vois affiché). Ca ne rend pas les choses faciles et ça faire prendre des risques, mais bon.
Avast est mort, et je vais l'achever pour qu'on puisse avoir un nouvel antivirus opérationnel.
Tu as installé des winks pour MSN/WLM ?
Tu as désactivé la mémoire virtuelle (fihcier d'échange : pagefile) ?
Mes enfants ont en effet installé des winks pour msn....
Quand à la mémoire virtuelle... je suis un peu larguée là.... suis vraiment pas une pro de l'informatique....
-
Tu as attrapé Bagle (sans doute via des cracks). On va régler ça.
Avast n'est pas bon, et il faudra certainement changer d'antivirus après tout ça.
Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
Ne pas utiliser en dehors de ce cas de figure : dangereux.
Attention à bien suivre ces instructions en détail, ne pas oublier de renommer combofix.exe AVANT qu'il ne soit téléchargé, quand on peut encore changer le nom du fichier et dire au navigateur où le télécharger.
Télécharge combofix.exe de sUBs et renomme-le TRALALA.exe avant de le sauvegarder sur ton bureau (et pas ailleurs).
- Assure toi que tous les programmes sont fermés avant de commencer.
- Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
- Double-clique combo-fix.exe afin de l'exécuter.
- Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
- Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
-
Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
- Lorsque l'analyse sera terminée, un rapport apparaîtra.
- Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais).
Voici le rapport :
ComboFix 09-04-15.08 - Nogues 15/04/2009 23:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1023.647 [GMT 2:00]
Lancé depuis: c:\documents and settings\Nogues\Bureau\tralala.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\msnimport.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-15 au 2009-04-15 ))))))))))))))))))))))))))))))))))))
.
2009-04-15 21:56 . 2009-04-15 21:56 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-15 20:53 . 2009-04-15 20:53 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-15 20:53 . 2009-04-15 20:53 -------- d-----w c:\windows\LastGood
2009-04-15 19:59 . 2009-04-15 20:06 -------- d-----w C:\FindyKill
2009-04-15 19:19 . 2009-04-15 19:19 360580 ----a-w c:\windows\eSellerateEngine.dll
2009-03-18 16:40 . 2009-03-25 21:01 -------- d-----w c:\documents and settings\Nogues\Application Data\Nero
2009-03-18 16:22 . 2009-03-18 16:22 4767 ----a-w c:\windows\Irremote.ini
2009-03-18 15:47 . 2009-04-15 20:17 -------- d-----w c:\documents and settings\Nogues\Tracing
2009-03-18 15:47 . 2009-02-06 16:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\Nogues\Application Data\Babylon
2009-03-17 19:31 . 2009-03-17 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 21:04 . 2009-04-15 21:04 -------- d-----w c:\program files\ToniArts
2009-04-15 21:04 . 2008-09-24 16:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-15 21:04 . 2009-04-15 21:04 2951802 ----a-w c:\program files\easycleaner_easycleaner_2.0.6.381_francais_11170.exe
2009-04-15 21:01 . 2009-04-15 21:01 1346784 ----a-w c:\program files\EClea2_0.zip
2009-04-15 21:00 . 2009-04-15 21:00 -------- d-----w c:\program files\CCleaner
2009-04-15 21:00 . 2009-04-15 21:00 3190688 ----a-w c:\program files\ccsetup218.exe
2009-04-15 20:26 . 2009-04-15 20:26 904048 ----a-w c:\program files\fsbl.exe
2009-04-15 20:17 . 2009-01-14 09:11 -------- d-----w c:\documents and settings\Nogues\Application Data\Skype
2009-04-15 20:07 . 2001-08-24 12:00 81148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-15 20:07 . 2001-08-24 12:00 501226 ----a-w c:\windows\system32\perfh00C.dat
2009-04-15 19:59 . 2009-04-15 19:59 1699447 ----a-w c:\program files\FindyKill.exe
2009-04-15 19:49 . 2008-09-24 14:30 65312 ----a-w c:\documents and settings\Nogues\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 19:44 . 2009-04-15 19:44 1161576 ----a-w c:\program files\wlsetup-custom.exe
2009-04-15 19:43 . 2009-04-15 19:43 128280 ----a-w c:\program files\install_wlsetup-web(2).exe
2009-04-15 19:38 . 2009-04-15 19:36 32911528 ----a-w c:\program files\setupfre.exe
2009-04-15 19:35 . 2008-09-24 18:10 -------- d-----w c:\program files\eMule
2009-04-15 19:15 . 2009-04-15 19:15 -------- d-----w c:\program files\MSNContentPlus
2009-04-15 19:14 . 2009-04-15 19:13 4227899 ----a-w c:\program files\WinksSetup.exe
2009-04-15 17:35 . 2009-04-15 17:35 -------- d-----w c:\program files\MSN BackUp
2009-04-15 17:34 . 2009-04-15 17:34 3301375 ----a-w c:\program files\mcoinstaller.zip
2009-04-15 17:33 . 2009-04-15 17:33 22903 ----a-w c:\program files\AddEmoticons47w.zip
2009-04-15 17:27 . 2009-04-15 17:27 42823 ----a-w c:\program files\23.MCO
2009-04-15 17:27 . 2009-04-15 17:27 107321 ----a-w c:\program files\44.MCO
2009-04-15 17:27 . 2009-04-15 17:27 50264 ----a-w c:\program files\67.MCO
2009-04-15 17:27 . 2009-04-15 17:27 96345 ----a-w c:\program files\64.MCO
2009-04-15 17:27 . 2009-04-15 17:27 21915 ----a-w c:\program files\60.MCO
2009-04-15 17:27 . 2009-04-15 17:27 58916 ----a-w c:\program files\66.MCO
2009-04-15 17:27 . 2009-04-15 17:27 15554 ----a-w c:\program files\29.MCO
2009-04-15 17:25 . 2009-04-15 17:25 38645 ----a-w c:\program files\18.MCO
2009-04-15 17:18 . 2009-04-15 17:18 89760 ----a-w c:\program files\121.mco
2009-04-15 17:08 . 2009-04-15 17:08 26115 ----a-w c:\program files\123.mco
2009-04-15 17:06 . 2009-04-15 17:06 93791 ----a-w c:\program files\474.exe
2009-04-15 17:05 . 2009-04-15 17:05 72660 ----a-w c:\program files\amour011.MCO
2009-04-15 17:05 . 2009-04-15 17:05 132826 ----a-w c:\program files\amour010.MCO
2009-04-15 17:05 . 2009-04-15 17:05 160618 ----a-w c:\program files\amour014.MCO
2009-04-15 17:05 . 2009-04-15 17:05 106750 ----a-w c:\program files\amour016.MCO
2009-04-15 17:04 . 2009-04-15 17:04 156759 ----a-w c:\program files\amour013.MCO
2009-04-15 16:57 . 2009-04-15 16:57 105571 ----a-w c:\program files\a078.MCO
2009-04-15 16:57 . 2009-04-15 16:57 40224 ----a-w c:\program files\a072.MCO
2009-04-15 16:57 . 2009-04-15 16:57 66648 ----a-w c:\program files\a064.MCO
2009-04-15 16:56 . 2009-04-15 16:56 19758 ----a-w c:\program files\a061.MCO
2009-04-15 16:56 . 2009-04-15 16:56 37632 ----a-w c:\program files\a059.MCO
2009-04-15 16:56 . 2009-04-15 16:56 54297 ----a-w c:\program files\a058.MCO
2009-04-15 16:56 . 2009-04-15 16:56 32732 ----a-w c:\program files\a051.MCO
2009-04-15 16:56 . 2009-04-15 16:56 98610 ----a-w c:\program files\a050.MCO
2009-04-15 16:56 . 2009-04-15 16:56 8581 ----a-w c:\program files\a048.MCO
2009-04-15 16:55 . 2009-04-15 16:55 9777 ----a-w c:\program files\a042.MCO
2009-04-15 16:55 . 2009-04-15 16:55 10012 ----a-w c:\program files\a041.MCO
2009-04-15 14:37 . 2009-04-15 14:37 72011 ----a-w c:\program files\a007.MCO
2009-04-15 14:36 . 2009-04-15 14:36 48304 ----a-w c:\program files\385.MCO
2009-04-15 14:35 . 2009-04-15 14:35 178377 ----a-w c:\program files\343.MCO
2009-04-15 14:35 . 2009-04-15 14:35 162822 ----a-w c:\program files\337.MCO
2009-04-15 14:35 . 2009-04-15 14:35 142099 ----a-w c:\program files\336.MCO
2009-04-15 14:34 . 2009-04-15 14:34 152316 ----a-w c:\program files\297.MCO
2009-04-15 14:33 . 2009-04-15 14:33 149946 ----a-w c:\program files\287.MCO
2009-04-15 14:33 . 2009-04-15 14:33 138693 ----a-w c:\program files\286.MCO
2009-04-15 14:33 . 2009-04-15 14:33 134139 ----a-w c:\program files\285.MCO
2009-04-15 14:33 . 2009-04-15 14:33 111769 ----a-w c:\program files\283.MCO
2009-04-15 14:33 . 2009-04-15 14:33 106383 ----a-w c:\program files\281.MCO
2009-04-15 14:33 . 2009-04-15 14:33 89553 ----a-w c:\program files\280.MCO
2009-04-15 14:32 . 2009-04-15 14:32 98795 ----a-w c:\program files\255.MCO
2009-04-15 14:32 . 2009-04-15 14:32 184364 ----a-w c:\program files\256.MCO
2009-04-15 14:32 . 2009-04-15 14:32 92370 ----a-w c:\program files\258.MCO
2009-04-15 14:32 . 2009-04-15 14:32 57730 ----a-w c:\program files\191.MCO
2009-04-15 14:29 . 2009-04-15 14:29 62148 ----a-w c:\program files\168.MCO
2009-04-15 14:29 . 2009-04-15 14:29 36035 ----a-w c:\program files\179.MCO
2009-04-15 14:29 . 2009-04-15 14:29 180464 ----a-w c:\program files\175.MCO
2009-04-15 14:29 . 2009-04-15 14:29 59266 ----a-w c:\program files\173.MCO
2009-04-15 14:29 . 2009-04-15 14:29 75581 ----a-w c:\program files\167.MCO
2009-04-15 14:29 . 2009-04-15 14:29 25669 ----a-w c:\program files\169.MCO
2009-04-15 14:28 . 2009-04-15 14:28 37167 ----a-w c:\program files\165.MCO
2009-04-15 14:28 . 2009-04-15 14:28 67235 ----a-w c:\program files\147.MCO
2009-04-15 14:28 . 2009-04-15 14:28 34826 ----a-w c:\program files\145.MCO
2009-04-15 14:28 . 2009-04-15 14:28 45198 ----a-w c:\program files\136.MCO
2009-04-15 14:28 . 2009-04-15 14:28 41448 ----a-w c:\program files\127.MCO
2009-04-15 14:27 . 2009-04-15 14:27 89424 ----a-w c:\program files\128.MCO
2009-04-15 14:27 . 2009-04-15 14:27 29127 ----a-w c:\program files\129.MCO
2009-04-15 14:27 . 2009-04-15 14:27 125430 ----a-w c:\program files\114.MCO
2009-04-15 14:27 . 2009-04-15 14:27 62992 ----a-w c:\program files\120.MCO
2009-04-15 14:27 . 2009-04-15 14:27 75996 ----a-w c:\program files\112.MCO
2009-04-15 14:26 . 2009-04-15 14:26 31249 ----a-w c:\program files\073.MCO
2009-04-15 14:26 . 2009-04-15 14:26 179892 ----a-w c:\program files\068.MCO
2009-04-15 14:26 . 2009-04-15 14:26 30264 ----a-w c:\program files\066.MCO
2009-04-15 14:25 . 2009-04-15 14:25 22639 ----a-w c:\program files\054.MCO
2009-04-15 14:24 . 2009-04-15 14:24 42957 ----a-w c:\program files\039.MCO
2009-04-15 14:21 . 2009-04-15 14:21 181888 ----a-w c:\program files\336.exe
2009-04-15 14:20 . 2009-04-15 14:20 202611 ----a-w c:\program files\337.exe
2009-04-15 14:19 . 2009-04-15 14:19 111434 ----a-w c:\program files\404.exe
2009-04-15 14:17 . 2009-04-15 14:17 132182 ----a-w c:\program files\clin258.exe
2009-04-15 14:16 . 2009-04-15 14:16 65466 ----a-w c:\program files\clin169.exe
2009-04-15 14:15 . 2009-04-15 14:15 124019 ----a-w c:\program files\clin123.exe
2009-04-15 14:13 . 2009-04-15 14:14 77260 ----a-w c:\program files\clin0051.exe
2009-04-15 14:13 . 2009-04-15 14:13 77260 ----a-w c:\program files\clin005.exe
2009-04-15 14:13 . 2009-04-15 14:13 136157 ----a-w c:\program files\clin028.exe
2009-04-15 13:49 . 2009-04-15 13:49 233127 ----a-w c:\program files\content11.mco
2009-04-15 13:49 . 2009-04-15 13:49 50011 ----a-w c:\program files\content10.mco
2009-04-15 13:49 . 2009-04-15 13:49 209819 ----a-w c:\program files\content9.mco
2009-04-15 13:48 . 2009-04-15 13:48 209819 ----a-w c:\program files\content8.mco
2009-04-15 13:48 . 2009-04-15 13:48 26633 ----a-w c:\program files\content7.mco
2009-04-15 13:48 . 2009-04-15 13:48 61795 ----a-w c:\program files\content6.mco
2009-04-15 19:2008-09-24 18:08 25:40 . c:\program files\mozilla firefox\components\jar50.dll
2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-15 19:2008-09-24 18:08 25:41 . c:\program files\mozilla firefox\components\myspell.dll
2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\spellchk.dll
2009-04-15 19:2008-09-24 18:08 25:42 . c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2006-03-09 08:25 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\system32\user32.dll
[-] 2006-04-12 18:13 667648 241DBC4C2714B2F39AFDED49459ED420 c:\windows\system32\wininet.dll
[-] 2006-02-14 19:56 359808 667192A11DB19F36624119C0DD4DE4F2 c:\windows\system32\drivers\tcpip.sys
[-] 2006-05-09 08:11 2017280 50B3A210B6FA8D3089A36A32E7D8B21F c:\windows\system32\ntkrnlpa.exe
[-] 2006-03-09 08:25 2137600 E75F7AA5A33479F29C636FD0890F5762 c:\windows\system32\ntoskrnl.exe
[-] 2006-03-09 08:25 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-04-15 81000]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-08-01 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-09 16851968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646]
InstantTimeZone.lnk - c:\program files\InstantTimeZone\InstantTimeZone.exe [2008-12-27 1687738]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-11 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection; [x]
R2 aswFsBlk;aswFsBlk; [x]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]
R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-08-04 33808]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
.
Contenu du dossier 'Tâches planifiées'
2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-04-07 c:\windows\Tasks\FRU Task 2002-06-11 17:56ewlett-Packard2002-06-11 17:56p psc 2100 series0873DBB30DAF953F7DCEA1BDCC4F78BFDB130745231344240.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 09:56]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {4B565FC8-4023-49DB-B4F4-65F6A2430ED3} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nogues\Application Data\Mozilla\Firefox\Profiles\oszksumd.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 23:59
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-04-15 0:00
ComboFix-quarantined-files.txt 2009-04-15 22:00
Avant-CF: 100 603 146 240 octets libres
Après-CF: 100 627 603 456 octets libres
242
- Assure toi que tous les programmes sont fermés avant de commencer.
-
Bonsoir, ça le bloque comment ? Ca donne un message d'erreur (impossible... application win32... valide ?)
En fait, je n'ai plus le petit logo avast dans la barre de taches en bas de l'écran et si je fais "ouvrir" avast antivirus j'ai ce message : C:\Program Files\Alwil Software\Avast4\ashAvast.exe n'est pas une application Win32 valide.
-
Bonsoir, voici mon problème :
J'ai chopé une saloperie qui bloque avast.. je ne suis pas experte en informatique, c pour cette raison que je vous demande votre aide...
Merci par avance pour vos précieux conseils...
Sophie
Virus bloque avast
dans Analyses et éradication malwares
Posté(e)
C bon, j'ai désinstallé avast et installé antivir et tout à l'air de très bien fonctionner... c super, je te remercie beaucoup pour ton aide Falkra.
J'ai lancé un controle du système avec antivir.
Je n'ai plus qu'à faire une bonne leçon de moral à mes enfants pour qu'ils ne téléchargent pas tout et n'importe quoi !!!
Merci encore.
Sophie