Koffie

Alors le rapport MBAM : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3449 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/12/2009 16:30:01 mbam-log-2009-12-29 (16-30-01).txt Type de recherche: Examen complet (C:\|H:\|) Eléments examinés: 254050 Temps écoulé: 1 hour(s), 29 minute(s), 47 second(s) Processus mémoire infecté(s): 5 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 22 Valeur(s) du Registre infectée(s): 12 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 71 Processus mémoire infecté(s): C:\Documents and Settings\Mactail60\Local Settings\Temp\tzy6jb6kr.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\n41k40nl.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\c.exe (Trojan.Downloader) -> Unloaded process successfully. C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\WINDOWS\system32\notepad.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\m9z5gkahi0.dll (Trojan.Downloader) -> Delete on reboot. c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Downloader) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fffc57db-1de3-4303-b24d-cee6dcdd3d86} (Adware.MyCentria) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{805db24c-e271-9190-b403-ce326bd33162} (Adware.BHO.AR) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\LEO0WTUNO7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\J8RPLTROBQ (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ygua8e7yhuiesfha876yfauy8fe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j8rpltrobq (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\m9z5gkahi0.dll (Trojan.Zlob.H) -> Delete on reboot. C:\Documents and Settings\Mactail60\Local Settings\Application Data\dadax_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Application Data\dadax_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Application Data\dadax.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\notepad.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Mactail60\Local Settings\Temp\tzy6jb6kr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\n41k40nl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\c.exe (Trojan.Downloader) -> Delete on reboot. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp\update.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\qwghr.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\t22s264fz.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vzfbt.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\g14uqp.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gtxnta7ss.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NzNXzxv-LGiDJ2.dll (Adware.BHO.AR) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ja6zi45c2.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jgmojuzg3.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ye7f9t.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxjgcs.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\i2h7mis5o.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lx4m0j.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fiu8oz8ku7.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\ktski.sys (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\Web\Wallpaper\Wallpaper23.jpg (Backdoor.Core) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2467126251-0698277724-314666923-8075\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot. C:\Documents and Settings\Mactail60\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\ume9t4m.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\v18ltm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\vgr8mmir.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\gskyc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\i.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\qubndt.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\rnvghtfy.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\rvp94i1h.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\ji6uxnt4xz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\l9q6g.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\vyd99.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\xiyfo.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\yfsuc4.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\yyz6zubsce.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\z4wz3r.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\ou3rh1og.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\oxz01.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\ozh0asuqbq.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\cxjvdsz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\t3zz7.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Local Settings\Temp\IXP001.TMP\dmc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Menu Démarrer\Programmes\Démarrage\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Menu Démarrer\Programmes\Démarrage\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vhosts.exe (Rootkit.Agent) -> Delete on reboot. C:\Documents and Settings\Mactail60\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Mactail60\Local Settings\Temp]®6-pOæ] (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mactail60\Application Data\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully. C:\ntldrs (Pwned.Zbot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\Mactail60\Local Settings\Temp\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully. Et le nouveau log hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:36:37, on 29/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [Calc32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\MACTAI~1\ntload.dll,_IWMPEvents@0 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: FSL Launcher.lnk = C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe O8 - Extra context menu item: Download All by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetAllUrl.htm O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetUrl.htm O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- End of file - 5425 bytes Merci.

Je suis en train de faire l'analyse Malwarebytes je post le log hijackthis quand c'est fini, merci

Bonjour j'ai un problème avec mon pc, je penses a un virus mais pour na pas m'avancer je post mon rapport HijeckThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:23:01, on 29/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\c.exe C:\WINDOWS\msa.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\tzy6jb6kr.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\reader_s.exe C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\n41k40nl.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: C:\WINDOWS\system32\m9z5gkahi0.dll - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\m9z5gkahi0.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file) O4 - HKLM\..\Run: [Calc32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0 O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\MACTAI~1\LOCALS~1\Temp\n41k40nl.exe O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Mactail60\reader_s.exe O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: FSL Launcher.lnk = C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe O8 - Extra context menu item: Download All by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetAllUrl.htm O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Mactail60\Application Data\FlashGetBHO\GetUrl.htm O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O22 - SharedTaskScheduler: ujhsf879fiosdfhgs98fudifmnddfdfd - {A5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\m9z5gkahi0.dll O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- End of file - 6633 bytes Voila j'ai plusieurs zone rouge et impossible a supprimer... Merci de votre aide. Koffie.