|
|
Auteur
|
Message
|
1
|
|
|
|
Salut  ,
Mon ordinateur est infecté, je sens qu'il a du mal en ce moment a charger Windows, et j'ai récemment été infecté par Malwarrior 2008 et Privacy Control, j'ai donc installé Antivir mais bon je pense qu'il reste encore des virus et des trojans.
En espérant que vous pourriez m'aider, j'aimerais éviter le formatage 
Merci.
|
|
|
|
|
Salut,
Télécharge HijackThis (Trend Micro)
Ferme toutes les applications, lance-le et poste le rapport.
Aide : Comment utiliser HijackThis.
|
|
|
|
|
Voilà le rapport de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:10, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\TOOLBAND.DLL (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll (file missing)
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [2c04b89c] rundll32.exe "C:\WINDOWS\system32\qwefkbxe.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [InetChk] C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\ms1210528432.exe work
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKCU\..\RunOnce: [SpybotDeletingB3097] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD342] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4297] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9228] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2963] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5934] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7367] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6294] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6645] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1799] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6952] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8349] command /c del "C:\WINDOWS\system32\khfEVPHy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD101] cmd /c del "C:\WINDOWS\system32\khfEVPHy.dll_old"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_7_14\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_7_14\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O21 - SSODL: mpfanvqg - {962F2770-1287-4514-BCB0-520DB7EF5C71} - C:\WINDOWS\mpfanvqg.dll (file missing)
O21 - SSODL: OsDsYI - {2C04B834-86AE-129E-E7C7-82A85F985EEC} - C:\WINDOWS\system32\dm.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 11263 bytes
|
|
|
|
|
Pfiu ! Pas fameux tout ça ...
Télécharge Combofix (by sUbs)
NOTE : Sauvegarde-le sur le bureau - pas ailleurs / Désactive tes protections résidentes durant son utilisation.
Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec
~~ Privilège la méthode avec F8 ~~
Double Clic sur Combofix. Quand une question te sera posée, réponds par la touche 1 et valide par Entrée.
...Laisse toi guider...
Lorsque l'analyse est terminée, un rapport sera créé. Redémarre en mode normal et poste-le (C:\Combofix.txt).
@+
|
|
|
|
|
Merci de ton aide tout d'abord,
Voila le rapport de Combofix :
ComboFix 08-05-11.1 - KENTIN DOUTEAU 2008-05-13 18:58:16.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.354 [GMT 2:00]
Endroit: C:\Documents and Settings\KENTIN DOUTEAU\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\KENTIN DOUTEAU\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\KENTINOMG\Bureau\Privacy Protector.url
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\update.exe
C:\WINDOWS\system32\bjwemyjn.ini
C:\WINDOWS\system32\chavbjdr.ini
C:\WINDOWS\system32\exbkfewq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pfomtara.ini
C:\WINDOWS\system32\rYHiOXbc.ini
C:\WINDOWS\system32\rYHiOXbc.ini2
C:\WINDOWS\system32\shnolova.ini
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\yHPVEfhk.ini
C:\WINDOWS\system32\yHPVEfhk.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TCPSR
-------\Service_tcpsr
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
.
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2050-08-09 17:53 . 2008-04-23 18:45 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2009-04-06 19:32 . 2007-04-06 20:50 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\SlipStream
2008-05-13 18:44 . 2008-05-13 18:44 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 18:21 . 2008-05-13 18:21 91,264 --a------ C:\WINDOWS\system32\qwefkbxe.dll
2008-05-12 15:50 . 2008-05-12 15:50 320,640 --a------ C:\WINDOWS\system32\cbXOiHYr.dll
2008-05-12 14:57 . 2008-05-12 14:57 <REP> d-------- C:\Program Files\Avira
2008-05-12 14:57 . 2008-05-12 14:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-12 12:45 . 2008-05-12 12:45 91,264 --a------ C:\WINDOWS\system32\avolonhs.dll
2008-05-12 00:45 . 2008-05-12 00:45 91,776 --a------ C:\WINDOWS\system32\aratmofp.dll
2008-05-12 00:38 . 2008-05-12 14:51 473 --a------ C:\WINDOWS\wininit.ini
2008-05-11 23:46 . 2008-05-11 23:46 <REP> d-------- C:\Program Files\Lavasoft
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\Voisinage r‚seau
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\Voisinage d'impression
2008-05-11 23:08 . 2006-08-08 19:17 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\ModŠles
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Mes documents
2008-05-11 23:08 . 2006-08-08 20:13 <REP> dr------- C:\Documents and Settings\Administrateur.KENTIN\Menu D‚marrer
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Favoris
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Bureau
2008-05-11 23:08 . 2008-05-11 23:08 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN
2008-05-11 23:08 . 2008-05-13 19:07 1,024 --ah----- C:\Documents and Settings\Administrateur.KENTIN\NTUSER.DAT.LOG
2008-05-11 23:03 . 2008-05-11 23:03 <REP> d-------- C:\Documents and Settings\KENTINOMG\Application Data\TmpRecentIcons
2008-05-11 23:03 . 2008-05-11 23:03 <REP> d-------- C:\Documents and Settings\KENTINOMG\Application Data\Babylon
2008-05-11 21:51 . 2008-05-11 21:51 <REP> d-------- C:\Program Files\CableRouting
2008-05-11 21:43 . 2008-05-12 14:52 1,754 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-11 21:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-11 21:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-11 21:42 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-11 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-11 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-11 21:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-11 21:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-11 21:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-11 21:17 . 2008-05-11 21:17 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\TmpRecentIcons
2008-05-11 19:55 . 2008-05-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-11 19:54 . 2008-05-13 18:54 72,626 --a------ C:\WINDOWS\system32\yzbgqap.sys
2008-05-11 19:54 . 2008-05-11 19:54 2 --a------ C:\738506803
2008-05-11 19:53 . 2008-05-11 19:53 29,824 --a------ C:\WINDOWS\system32\byXpNEWP.dll
2008-05-11 19:53 . 2008-05-11 19:53 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 19:52 . 2008-05-10 02:14 94,208 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-11 19:06 . 2008-05-11 19:29 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Download Manager
2008-05-10 01:04 . 2008-05-10 01:04 <REP> d--h----- C:\WINDOWS\PIF
2008-04-23 19:02 . 2008-04-23 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-23 18:47 . 2008-04-23 18:47 <REP> d-------- C:\Program Files\Bonjour
2008-04-23 18:37 . 2008-04-23 18:37 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-23 18:15 . 2008-04-23 18:15 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-23 18:06 . 2008-04-23 18:06 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
2008-04-23 17:55 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-23 17:51 . 2008-04-23 17:51 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-23 17:48 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002133_.tmp
2008-04-23 17:45 . 2008-04-23 17:45 <REP> d-------- C:\WINDOWS\EHome
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-22 22:54 . 2008-04-22 22:54 <REP> d-------- C:\WINDOWS\Logo Design Studio Pro
2008-04-22 22:54 . 2008-04-22 22:54 <REP> d-------- C:\Program Files\Summitsoft
2008-04-18 12:48 . 2008-04-22 12:29 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\DMCache
2008-04-17 21:36 . 2008-04-17 21:36 <REP> d-------- C:\Program Files\Rockstar Games
2008-04-16 20:51 . 2008-05-08 12:22 <REP> d-------- C:\Program Files\EA SPORTS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 16:52 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-05-13 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-05-13 16:21 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Xfire
2008-05-13 16:21 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\OpenOffice.org2
2008-05-12 13:34 --------- d-----w C:\Program Files\themexp
2008-05-11 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 21:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-11 21:44 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 10:25 --------- d-s---w C:\Program Files\Xfire
2008-05-05 18:19 --------- d-----w C:\Program Files\MSN Messenger
2008-04-23 16:34 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Babylon
2008-04-22 12:10 --------- d-----w C:\Program Files\PokerStars
2008-04-22 08:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 13:40 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\MegauploadToolbar
2008-03-16 15:41 --------- d-----w C:\Program Files\NewsLeecher
2008-03-14 21:54 --------- d-----w C:\Program Files\Sega
2008-03-14 19:27 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Switchball
2008-03-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
.
------- Sigcheck -------
2003-04-24 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
2003-04-24 14:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2003-04-24 14:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2003-04-24 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
2003-04-24 14:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b}]
2008-03-27 15:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]
2008-05-11 19:53 29824 --a------ C:\WINDOWS\system32\byXpNEWP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EA8E18A-109F-4DA8-9DE4-B652ADA56AEC}]
2008-05-12 15:50 320640 --a------ C:\WINDOWS\system32\cbXOiHYr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5a47d73-05b1-4396-9b07-a33774958001}]
C:\WINDOWS\system32\khfEVPHy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}]
C:\WINDOWS\fvowketqsoq.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2007-10-10 17:05 264416]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-10-10 17:05 264416]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-05-05 20:19 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-24 04:55 533944]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 15:01 1200128]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [ ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB3097"="command /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingD342"="cmd /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingB4297"="command /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingD9228"="cmd /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingB2963"="command /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingD5"="cmd /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingB5934"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingD7367"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingB6294"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]
"SpybotDeletingD6645"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]
"SpybotDeletingB1799"="command /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" [ ]
"SpybotDeletingD6952"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" [ ]
"SpybotDeletingB8349"="command /c del C:\WINDOWS\system32\khfEVPHy.dll_old" [ ]
"SpybotDeletingD101"="cmd /c del C:\WINDOWS\system32\khfEVPHy.dll_old" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]
"C-Media Mixer"="Mixer.exe" [2002-07-13 00:33 1581056 C:\WINDOWS\mixer.exe]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-11-28 22:38 2997984]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"2c04b89c"="C:\WINDOWS\system32\qwefkbxe.dll" [2008-05-13 18:21 91264]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88EBBE0B-5FF8-4B84-B043-71A216374A5B}"= C:\WINDOWS\system32\byXpNEWP.dll [2008-05-11 19:53 29824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {962F2770-1287-4514-BCB0-520DB7EF5C71} - C:\WINDOWS\mpfanvqg.dll [ ]
"OsDsYI"= {2C04B834-86AE-129E-E7C7-82A85F985EEC} - C:\WINDOWS\system32\dm.dll [2004-08-19 16:09 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXpNEWP]
byXpNEWP.dll 2008-05-11 19:53 29824 C:\WINDOWS\system32\byXpNEWP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"msacm.avis"= ff_acm.acm
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fnl13.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
S0 Fnl13;Fnl13;C:\WINDOWS\system32\Drivers\Fnl13.sys []
S1 yzbgqap;yzbgqap;C:\WINDOWS\system32\yzbgqap.sys [2008-05-13 18:54]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-08-13 15:38]
S3 nenum13E;nenum13E;C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\nenum13E.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 12:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 19:08:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
folder error: C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXpNEWP.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-13 19:12:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 17:11:57
Pre-Run: 8,629,653,504 octets libres
Post-Run: 9,503,248,384 octets libres
264
|
|
|
|
|
Re,
Il est carrément infecté ton PC 
Copie le texte se situant dans le cadre ci-dessous (CTRL + C)
Driver::
Fnl13
yzbgqap
nenum13E
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EA8E18A-109F-4DA8-9DE4-B652ADA56AEC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5a47d73-05b1-4396-9b07-a33774958001}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalWarrior"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB3097"=-
"SpybotDeletingD342"=-
"SpybotDeletingB4297"=-
"SpybotDeletingD9228"=-
"SpybotDeletingB2963"=-
"SpybotDeletingD5"=-
"SpybotDeletingB5934"=-
"SpybotDeletingD7367"=-
"SpybotDeletingB6294"=-
"SpybotDeletingD6645"=-
"SpybotDeletingB1799"=-
"SpybotDeletingD6952"=-
"SpybotDeletingB8349"=-
"SpybotDeletingD101"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2c04b89c"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88EBBE0B-5FF8-4B84-B043-71A216374A5B}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"=-
"OsDsYI"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXpNEWP]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fnl13.sys]
Folder::
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008
C:\Program Files\Everest Poker
C:\Program Files\Fichiers communs\BOONTY Shared
File::
C:\WINDOWS\system32\byXpNEWP.dll
C:\WINDOWS\system32\cbXOiHYr.dll
C:\WINDOWS\system32\khfEVPHy.dll
C:\WINDOWS\fvowketqsoq.dll
C:\WINDOWS\system32\avolonhs.dll
C:\WINDOWS\system32\aratmofp.dll
C:\WINDOWS\system32\qwefkbxe.dll
C:\WINDOWS\system32\khfEVPHy.dll_old
C:\WINDOWS\system32\khfEVPHy.dll_old
C:\WINDOWS\system32\qwefkbxe.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\system32\dm.dll
C:\WINDOWS\system32\Drivers\Fnl13.sys
C:\WINDOWS\system32\yzbgqap.sys
C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\nenum13E.sys
NOTE : Désactive tes protections résidentes durant la procédure.
=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
* Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
@+
-->Message édité par Elfen Lied le 13/05/2008 20:01:13<--
|
|
|
|
|
Voilà le rapport :
ComboFix 08-05-11.1 - KENTIN DOUTEAU 2008-05-13 20:59:41.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.127 [GMT 2:00]
Endroit: C:\Documents and Settings\KENTIN DOUTEAU\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\KENTIN DOUTEAU\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\nenum13E.sys
C:\WINDOWS\fvowketqsoq.dll
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\system32\aratmofp.dll
C:\WINDOWS\system32\avolonhs.dll
C:\WINDOWS\system32\byXpNEWP.dll
C:\WINDOWS\system32\cbXOiHYr.dll
C:\WINDOWS\system32\dm.dll
C:\WINDOWS\system32\Drivers\Fnl13.sys
C:\WINDOWS\system32\khfEVPHy.dll
C:\WINDOWS\system32\khfEVPHy.dll_old
C:\WINDOWS\system32\qwefkbxe.dll
C:\WINDOWS\system32\yzbgqap.sys
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\system32\aratmofp.dll
C:\WINDOWS\system32\avolonhs.dll
C:\WINDOWS\system32\byXpNEWP.dll
C:\WINDOWS\system32\cbXOiHYr.dll
C:\WINDOWS\system32\dm.dll
C:\WINDOWS\system32\NoWvvyay.ini
C:\WINDOWS\system32\NoWvvyay.ini2
C:\WINDOWS\system32\qwefkbxe.dll
C:\WINDOWS\system32\yzbgqap.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FNL13
-------\Legacy_NENUM13E
-------\Service_Fnl13
-------\Service_nenum13E
-------\Service_yzbgqap
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
.
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2050-08-09 17:53 . 2008-04-23 18:45 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2009-04-06 19:32 . 2007-04-06 20:50 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\SlipStream
2008-05-13 19:19 . 2008-05-13 19:19 318,080 --a------ C:\WINDOWS\system32\yayvvWoN.dll
2008-05-13 19:14 . 2008-05-13 21:00 354 ---hs---- C:\WINDOWS\system32\exbkfewq.ini
2008-05-13 19:12 . 2008-05-13 19:12 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-05-13 19:12 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-13 18:44 . 2008-05-13 18:44 <REP> d-------- C:\Program Files\Trend Micro
2008-05-12 14:57 . 2008-05-12 14:57 <REP> d-------- C:\Program Files\Avira
2008-05-12 14:57 . 2008-05-12 14:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-12 00:38 . 2008-05-12 14:51 473 --a------ C:\WINDOWS\wininit.ini
2008-05-11 23:46 . 2008-05-11 23:46 <REP> d-------- C:\Program Files\Lavasoft
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\Voisinage r‚seau
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\Voisinage d'impression
2008-05-11 23:08 . 2006-08-08 19:17 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\ModŠles
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Mes documents
2008-05-11 23:08 . 2006-08-08 20:13 <REP> dr------- C:\Documents and Settings\Administrateur.KENTIN\Menu D‚marrer
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Favoris
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Bureau
2008-05-11 23:08 . 2008-05-11 23:08 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN
2008-05-11 23:08 . 2008-05-13 19:07 1,024 --ah----- C:\Documents and Settings\Administrateur.KENTIN\NTUSER.DAT.LOG
2008-05-11 23:03 . 2008-05-11 23:03 <REP> d-------- C:\Documents and Settings\KENTINOMG\Application Data\TmpRecentIcons
2008-05-11 23:03 . 2008-05-11 23:03 <REP> d-------- C:\Documents and Settings\KENTINOMG\Application Data\Babylon
2008-05-11 21:51 . 2008-05-11 21:51 <REP> d-------- C:\Program Files\CableRouting
2008-05-11 21:43 . 2008-05-12 14:52 1,754 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-11 21:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-11 21:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-11 21:42 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-11 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-11 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-11 21:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-11 21:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-11 21:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-11 21:17 . 2008-05-11 21:17 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\TmpRecentIcons
2008-05-11 19:55 . 2008-05-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-11 19:54 . 2008-05-11 19:54 2 --a------ C:\738506803
2008-05-11 19:53 . 2008-05-11 19:53 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 19:52 . 2008-05-10 02:14 94,208 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-11 19:06 . 2008-05-11 19:29 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Download Manager
2008-05-10 01:04 . 2008-05-10 01:04 <REP> d--h----- C:\WINDOWS\PIF
2008-04-23 19:02 . 2008-04-23 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-23 18:47 . 2008-04-23 18:47 <REP> d-------- C:\Program Files\Bonjour
2008-04-23 18:37 . 2008-04-23 18:37 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-23 18:15 . 2008-04-23 18:15 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-23 18:06 . 2008-04-23 18:06 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
2008-04-23 17:55 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-23 17:52 . 2004-08-19 16:09 5,120 --------- C:\WINDOWS\system32\sfc.dll
2008-04-23 17:52 . 2004-08-19 16:09 5,120 --a--c--- C:\WINDOWS\system32\dllcache\sfc.dll
2008-04-23 17:51 . 2008-04-23 17:51 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-23 17:48 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002133_.tmp
2008-04-23 17:45 . 2008-04-23 17:45 <REP> d-------- C:\WINDOWS\EHome
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-22 22:54 . 2008-04-22 22:54 <REP> d-------- C:\WINDOWS\Logo Design Studio Pro
2008-04-22 22:54 . 2008-04-22 22:54 <REP> d-------- C:\Program Files\Summitsoft
2008-04-18 12:48 . 2008-04-22 12:29 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\DMCache
2008-04-17 21:36 . 2008-04-17 21:36 <REP> d-------- C:\Program Files\Rockstar Games
2008-04-16 20:51 . 2008-05-08 12:22 <REP> d-------- C:\Program Files\EA SPORTS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-05-13 17:16 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-05-13 17:15 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Xfire
2008-05-13 17:15 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\OpenOffice.org2
2008-05-12 13:34 --------- d-----w C:\Program Files\themexp
2008-05-11 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 21:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-11 21:44 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 10:25 --------- d-s---w C:\Program Files\Xfire
2008-05-05 18:19 --------- d-----w C:\Program Files\MSN Messenger
2008-04-23 16:34 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Babylon
2008-04-22 12:10 --------- d-----w C:\Program Files\PokerStars
2008-04-22 08:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 13:40 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\MegauploadToolbar
2008-03-16 15:41 --------- d-----w C:\Program Files\NewsLeecher
2008-03-14 21:54 --------- d-----w C:\Program Files\Sega
2008-03-14 19:27 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Switchball
2008-03-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
.
------- Sigcheck -------
2003-04-24 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-19 16:10 17408 d4212000f6b2f3649c84f9d6241c251e C:\WINDOWS\system32\svchost.exe
2003-04-24 14:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-19 16:10 510464 7522a5c0c2ea57926df6ef045b7092ad C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:09 1038848 0b586c07652b27268c951a127374abdf C:\WINDOWS\explorer.exe
2003-04-24 14:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2003-04-24 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-19 16:10 110592 db874903522db6010e47ca273946436a C:\WINDOWS\system32\services.exe
2003-04-24 14:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-19 16:09 14848 8e1186dcc84d809d1f12adb27fd8471a C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-13_19.11.18.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 17:07:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 19:07:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07c7581a-9e54-4ec0-bf7a-e7c2b0a639e1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b}]
2008-03-27 15:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{339f3bd2-6c56-46d6-b1e9-48e2be48a3d5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5c450f22-0c17-46aa-b766-ccc4c1506ba2}]
2008-05-13 19:19 318080 --a------ C:\WINDOWS\system32\yayvvWoN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5a47d73-05b1-4396-9b07-a33774958001}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2007-10-10 17:05 264416]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-10-10 17:05 264416]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-05-05 20:19 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-24 04:55 533944]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 15:01 1200128]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [ ]
"InetChk"="C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\ms1210528432.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]
"C-Media Mixer"="Mixer.exe" [2002-07-13 00:33 1581056 C:\WINDOWS\mixer.exe]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-11-28 22:38 2997984]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXpNEWP]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnt32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"msacm.avis"= ff_acm.acm
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fnl13.sys]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 12:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 21:08:08
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-13 21:11:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 19:11:30
ComboFix2.txt 2008-05-13 17:12:06
Pre-Run: 9,509,269,504 octets libres
Post-Run: 9,524,695,040 octets libres
259
|
|
|
|
|
Re,
Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec
~~ Privilège la méthode avec F8 ~~
Copie le texte se situant dans le cadre ci-dessous (CTRL + C)
Driver::
Boonty Games
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07c7581a-9e54-4ec0-bf7a-e7c2b0a639e1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{339f3bd2-6c56-46d6-b1e9-48e2be48a3d5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5c450f22-0c17-46aa-b766-ccc4c1506ba2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5a47d73-05b1-4396-9b07-a33774958001}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalWarrior"=-
"InetChk"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXpNEWP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnt32]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fnl13.sys]
File::
C:\WINDOWS\system32\yayvvWoN.dll
C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\ms1210528432.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\exbkfewq.ini
C:\WINDOWS\wininit.ini
Folder::
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008
C:\Program Files\Fichiers communs\BOONTY Shared
C:\WINDOWS\system32\kr_done1de
C:\738506803
NOTE : Désactive tes protections résidentes durant la procédure.
=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
* Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
@+
-->Message édité par Elfen Lied le 14/05/2008 19:27:09<--
|
|
Modérateur/Helper
|
|
|
Bonsoir,
Je m'incruste dans le sujet juste pour vérifier quelque chose 
KENTINOI, peux-tu faire la manip' suivante ?
[~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
Tu recocheras après.
[~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
**
Ensuite, suis le chemin d'accès suivant pour arriver sur ce fichier : C:\WINDOWS\wininit.ini
Fais un clic droit dessus, et choisis l'option "ouvrir avec...", choisis ouvrir avec le bloc note ( notepad ).
Fais un copier/coller du contenu du bloc note qui va s'ouvrir et poste-moi ça sur le forum
Attention de ne rien modifier dans ce fichier ! Une fois cela fait, ferme ce fichier. Si on te demande d'enregistrer des changements, réponds NON !
Bonne soirée
|
|
|
|
|
Tu m'as devancé l'ami 
KENTINOI, fais ce qu'il dit ensuite
|
|
|
|
|
Salut,
voila le rapport de Combofix :
ComboFix 08-05-11.1 - KENTIN DOUTEAU 2008-05-14 15:35:39.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.361 [GMT 2:00]
Endroit: C:\Documents and Settings\KENTIN DOUTEAU\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\KENTIN DOUTEAU\Bureau\CFScript.txt
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\ms1210528432.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\exbkfewq.ini
C:\WINDOWS\system32\yayvvWoN.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\738506803\
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\exbkfewq.ini
C:\WINDOWS\system32\kr_done1de\
C:\WINDOWS\system32\yayvvWoN.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2050-08-09 17:53 . 2008-04-23 18:45 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2009-04-06 19:32 . 2007-04-06 20:50 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\SlipStream
2008-05-13 19:12 . 2008-05-13 19:12 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-05-13 19:12 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-13 18:44 . 2008-05-13 18:44 <REP> d-------- C:\Program Files\Trend Micro
2008-05-12 14:57 . 2008-05-12 14:57 <REP> d-------- C:\Program Files\Avira
2008-05-12 14:57 . 2008-05-12 14:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-12 00:38 . 2008-05-12 14:51 473 --a------ C:\WINDOWS\wininit.ini
2008-05-11 23:46 . 2008-05-11 23:46 <REP> d-------- C:\Program Files\Lavasoft
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\Voisinage r‚seau
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\Voisinage d'impression
2008-05-11 23:08 . 2006-08-08 19:17 <REP> d--h----- C:\Documents and Settings\Administrateur.KENTIN\ModŠles
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Mes documents
2008-05-11 23:08 . 2006-08-08 20:13 <REP> dr------- C:\Documents and Settings\Administrateur.KENTIN\Menu D‚marrer
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Favoris
2008-05-11 23:08 . 2006-08-08 20:13 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN\Bureau
2008-05-11 23:08 . 2008-05-11 23:08 <REP> d-------- C:\Documents and Settings\Administrateur.KENTIN
2008-05-11 23:08 . 2008-05-14 15:34 1,024 --ah----- C:\Documents and Settings\Administrateur.KENTIN\NTUSER.DAT.LOG
2008-05-11 23:03 . 2008-05-11 23:03 <REP> d-------- C:\Documents and Settings\KENTINOMG\Application Data\TmpRecentIcons
2008-05-11 23:03 . 2008-05-11 23:03 <REP> d-------- C:\Documents and Settings\KENTINOMG\Application Data\Babylon
2008-05-11 21:51 . 2008-05-11 21:51 <REP> d-------- C:\Program Files\CableRouting
2008-05-11 21:43 . 2008-05-12 14:52 1,754 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-11 21:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-11 21:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-11 21:42 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-11 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-11 21:42 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-11 21:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-11 21:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-11 21:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-11 21:17 . 2008-05-11 21:17 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\TmpRecentIcons
2008-05-11 19:55 . 2008-05-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-05-11 19:54 . 2008-05-11 19:54 2 --a------ C:\738506803
2008-05-11 19:53 . 2008-05-11 19:53 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 19:06 . 2008-05-11 19:29 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Download Manager
2008-05-10 01:04 . 2008-05-10 01:04 <REP> d--h----- C:\WINDOWS\PIF
2008-04-23 19:02 . 2008-04-23 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-23 18:47 . 2008-04-23 18:47 <REP> d-------- C:\Program Files\Bonjour
2008-04-23 18:37 . 2008-04-23 18:37 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-04-23 18:15 . 2008-04-23 18:15 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-23 18:06 . 2008-04-23 18:06 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
2008-04-23 17:55 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-23 17:52 . 2004-08-19 16:09 5,120 --------- C:\WINDOWS\system32\sfc.dll
2008-04-23 17:52 . 2004-08-19 16:09 5,120 --a--c--- C:\WINDOWS\system32\dllcache\sfc.dll
2008-04-23 17:51 . 2008-04-23 17:51 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-23 17:48 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002133_.tmp
2008-04-23 17:45 . 2008-04-23 17:45 <REP> d-------- C:\WINDOWS\EHome
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-22 22:54 . 2008-04-22 22:54 <REP> d-------- C:\WINDOWS\Logo Design Studio Pro
2008-04-22 22:54 . 2008-04-22 22:54 <REP> d-------- C:\Program Files\Summitsoft
2008-04-18 12:48 . 2008-04-22 12:29 <REP> d-------- C:\Documents and Settings\KENTIN DOUTEAU\Application Data\DMCache
2008-04-17 21:36 . 2008-04-17 21:36 <REP> d-------- C:\Program Files\Rockstar Games
2008-04-16 20:51 . 2008-05-08 12:22 <REP> d-------- C:\Program Files\EA SPORTS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 13:43 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Xfire
2008-05-14 13:43 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\OpenOffice.org2
2008-05-14 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-05-14 13:24 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-05-12 13:34 --------- d-----w C:\Program Files\themexp
2008-05-11 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 21:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-11 21:44 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 10:25 --------- d-s---w C:\Program Files\Xfire
2008-05-05 18:19 --------- d-----w C:\Program Files\MSN Messenger
2008-04-23 16:34 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Babylon
2008-04-22 12:10 --------- d-----w C:\Program Files\PokerStars
2008-04-22 08:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 13:40 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\MegauploadToolbar
2008-03-16 15:41 --------- d-----w C:\Program Files\NewsLeecher
2008-03-14 21:54 --------- d-----w C:\Program Files\Sega
2008-03-14 19:27 --------- d-----w C:\Documents and Settings\KENTIN DOUTEAU\Application Data\Switchball
2008-03-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
.
------- Sigcheck -------
2003-04-24 14:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 16:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-19 16:10 17408 d4212000f6b2f3649c84f9d6241c251e C:\WINDOWS\system32\svchost.exe
2003-04-24 14:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 16:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-19 16:10 510464 7522a5c0c2ea57926df6ef045b7092ad C:\WINDOWS\system32\winlogon.exe
2004-08-19 16:09 1038848 0b586c07652b27268c951a127374abdf C:\WINDOWS\explorer.exe
2003-04-24 14:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2003-04-24 14:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 16:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-19 16:10 110592 db874903522db6010e47ca273946436a C:\WINDOWS\system32\services.exe
2003-04-24 14:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 16:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-19 16:09 14848 8e1186dcc84d809d1f12adb27fd8471a C:\WINDOWS\system32\lsass.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-13_19.11.18.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 17:07:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-14 13:41:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07c7581a-9e54-4ec0-bf7a-e7c2b0a639e1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b}]
2008-03-27 15:43 247296 --a------ C:\Program Files\CableRouting\CableRouting.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{339f3bd2-6c56-46d6-b1e9-48e2be48a3d5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a5a47d73-05b1-4396-9b07-a33774958001}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF47FCFB-AA32-4ECC-9F32-C99E30385AF3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2007-10-10 17:05 264416]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-10-10 17:05 264416]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2008-05-05 20:19 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 12:28 139264]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Gestionnaire Antidote.exe"="C:\PROGRA~1\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-24 04:55 533944]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-08-05 15:01 1200128]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [ ]
"InetChk"="C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\ms1210528432.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 19:14 35328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]
"C-Media Mixer"="Mixer.exe" [2002-07-13 00:33 1581056 C:\WINDOWS\mixer.exe]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-11-28 22:38 2997984]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXpNEWP]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnt32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"msacm.avis"= ff_acm.acm
"vidc.yv12"= yv12vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fnl13.sys]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 12:52:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 15:42:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-14 15:45:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 13:45:40
ComboFix2.txt 2008-05-13 19:11:36
ComboFix3.txt 2008-05-13 17:12:06
Pre-Run: 9,523,449,856 octets libres
Post-Run: 9,531,445,248 octets libres
235
Et le contenu du fichier wininit.ini :
[rename]
c:\tempjunk2875.tmp=C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
nul=c:\tempjunk6368.tmp
c:\tempjunk7461.tmp=C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
c:\tempjunk9084.tmp=C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
c:\tempjunk6432.tmp=C:\WINDOWS\system32\khfEVPHy.dll
c:\tempjunk6952.tmp=C:\WINDOWS\system32\khfEVPHy.dll_old
c:\tempjunk6368.tmp=C:\WINDOWS\system32\khfEVPHy.dll_old
Bonne journée
|
|
|
|
|
Bonjour,
Supprime le dernier CFScript et refais un en suivant la procédure ci dessus (j'ai modifié quelque chose).
@+
|
|
|
|
|
Voilà le nouveau rapport :
ComboFix 08-05-11.1 - KENTIN DOUTEAU 2008-05-14 19:36:36.4 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.364 [GMT 2:00]
Endroit: C:\Documents and Settings\KENTIN DOUTEAU\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\KENTIN DOUTEAU\Bureau\CFScript.txt
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\DOCUME~1\KENTIN~1\LOCALS~1\Temp\ms1210528432.exe
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\exbkfewq.ini
C:\WINDOWS\system32\yayvvWoN.dll
C:\WINDOWS\wininit.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\738506803\
C:\WINDOWS\system32\kr_done1de\
C:\WINDOWS\wininit.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2050-08-09 17:54 . 2050-08-09 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2050-08-09 17:53 . 2008-04-23 18:45 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2009-04-06 19:32 . 2007-04-06 20:5 | | |
