6 réponses
Voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:43, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Opera\opera.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [msupdate] msupdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFFFE4B-69FA-4681-A2A8-DDDFF4901639}: NameServer = 213.154.64.13 213.154.95.126
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - Unknown owner - C:\WINDOWS\system32\oodag.exe (file missing)
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:43, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Opera\opera.exe
C:\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunServices: [msupdate] msupdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BFFFE4B-69FA-4681-A2A8-DDDFF4901639}: NameServer = 213.154.64.13 213.154.95.126
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - Unknown owner - C:\WINDOWS\system32\oodag.exe (file missing)
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
ComboFix 08-09-24.12 - SARR 2008-09-25 13:25:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.77 [GMT 0:00]
Lancé depuis: C:\Documents and Settings\SARR\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msupdate.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:09 . 2008-09-25 13:15 <REP> d-------- C:\hIKACKIS
2008-09-25 13:08 . 2008-09-25 13:08 396,288 --a------ C:\HijackThis.exe
2008-09-25 12:32 . 2008-09-25 12:40 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-25 12:32 . 2008-09-25 12:32 <REP> d-------- C:\Program Files\AVG
2008-09-25 12:32 . 2008-09-25 12:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-25 12:32 . 2008-09-25 12:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-25 12:32 . 2008-09-25 12:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-25 12:21 . 2008-09-25 12:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 12:21 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 12:21 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 13:50 . 2008-09-24 13:50 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
2008-09-24 13:47 . 2008-09-24 13:51 <REP> d-------- C:\Program Files\CyberLink
2008-09-24 10:41 . 2008-09-25 11:32 <REP> d-------- C:\Program Files\Speeditup Free
2008-09-23 17:23 . 2008-09-24 10:21 <REP> d-------- C:\Program Files\Orbitdownloader
2008-09-23 17:21 . 2008-09-23 17:22 <REP> d-------- C:\Program Files\Opera
2008-09-22 19:06 . 2008-09-22 19:06 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-09-22 18:53 . 2008-09-23 16:58 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Notepad++
2008-09-22 18:27 . 2008-09-22 18:27 <REP> d-------- C:\Documents and Settings\SARR\Application Data\KompoZer
2008-09-22 11:09 . 2008-09-22 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-22 11:01 . 2008-09-22 11:07 <REP> d-------- C:\WINDOWS\nview
2008-09-22 11:01 . 2004-04-13 15:25 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-22 11:01 . 2004-04-13 15:25 12,196 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-22 09:55 . 2008-09-22 09:55 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-09-22 09:55 . 2008-09-22 09:55 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-09-21 17:53 . 2008-09-21 17:53 0 --a------ C:\WINDOWS\oodcnt.INI
2008-09-21 17:52 . 2008-09-21 19:18 <REP> d-------- C:\WINDOWS\system32\oodag
2008-09-21 17:30 . 2008-09-21 17:31 <REP> d-------- C:\Program Files\Winamp
2008-09-21 17:30 . 2008-09-21 18:39 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Winamp
2008-09-21 15:56 . 2008-09-21 15:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\CyberLink
2008-09-21 15:54 . 2008-09-24 13:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-21 15:51 . 2008-09-24 13:45 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-21 11:48 . 2008-09-21 11:55 <REP> d-------- C:\Program Files\Microsoft Encarta
2008-09-18 19:01 . 2008-09-25 12:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-17 15:07 . 2008-09-17 15:07 <REP> d-------- C:\Documents and Settings\SARR\Application Data\BitSpirit
2008-09-17 14:47 . 2008-09-17 14:47 <REP> d-------- C:\Program Files\PowerISO
2008-09-16 21:58 . 2008-09-16 21:58 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-16 21:58 . 2008-09-16 21:58 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-16 21:52 . 2008-09-16 21:52 <REP> d-------- C:\WINDOWS\system32\logs
2008-09-16 21:48 . 2008-09-16 21:48 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-16 12:08 . 2008-09-16 12:08 <REP> d-------- C:\Program Files\CCleaner
2008-09-15 21:39 . 2008-09-15 21:39 <REP> d-------- C:\WINDOWS\Speeditup Free
2008-09-15 21:30 . 2008-09-23 16:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 21:29 . 2008-09-23 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 21:27 . 2008-09-15 21:27 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-15 21:27 . 2008-09-15 21:27 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-15 21:27 . 2008-09-15 21:27 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-15 14:09 . 2008-09-16 16:12 <REP> d-------- C:\Documents and Settings\SARR\Application Data\ESTsoft
2008-09-15 13:55 . 2008-09-15 15:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\vlc
2008-09-15 13:53 . 2008-09-15 13:53 <REP> d-------- C:\Program Files\VideoLAN
2008-09-14 12:38 . 2008-09-14 12:38 <REP> d-------- C:\Program Files\SuperCopier2
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Malwarebytes
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 09:29 . 2008-09-14 09:29 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Auslogics
2008-09-14 09:13 . 2008-09-14 10:01 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-13 10:37 . 2008-09-13 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-13 10:27 . 2008-09-13 10:36 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\SARR\Application Data\GrabPro
2008-09-11 21:19 . 2008-09-24 21:04 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Orbit
2008-09-10 11:14 . 2008-09-10 11:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-09-06 23:14 . 2008-09-06 23:23 769,782 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-09-04 05:58 . 2008-09-04 05:58 894,208 --a------ C:\WINDOWS\system32\oodtrrs.dll
2008-09-03 14:15 . 2003-07-17 09:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-03 14:15 . 2005-01-01 00:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-03 12:57 . 2008-09-24 13:50 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-02 19:43 . <REP> C:\WINDOWS\Mafia
2008-09-01 20:34 . 2008-09-01 20:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\DMCache
2008-09-01 20:06 . 2008-09-20 16:16 <REP> d-------- C:\Documents and Settings\SARR\Application Data\OpenOffice.org2
2008-09-01 17:52 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-01 17:50 . 2008-09-01 17:51 <REP> d-------- C:\Program Files\Paint.NET
2008-09-01 16:50 . 2008-09-01 17:20 <REP> d-------- C:\WINDOWS\BricoPacks
2008-08-30 19:18 . 2008-08-30 19:20 <REP> d-------- C:\Program Files\Unlocker
2008-08-30 17:20 . 2008-09-06 12:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\dvdcss
2008-08-29 17:35 . 2008-08-29 17:35 9 --a------ C:\WINDOWS\system32\client.sid
2008-08-29 17:32 . 2008-08-29 17:32 <REP> d-------- C:\WINDOWS\MaxTV
2008-08-28 23:00 . 2008-08-28 23:00 <REP> d-------- C:\Program Files\Fichiers communs\NSV
2008-08-27 18:37 . 2008-09-11 21:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Free Download Manager
2008-08-27 18:21 . 2008-09-25 09:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\uTorrent
2008-08-27 17:25 . 2008-09-16 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 13:08 . 2004-08-04 00:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-08-26 20:11 . 2008-08-26 20:12 11,356 --a------ C:\temp.wav
2008-08-26 20:05 . 2008-08-26 20:04 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:00 --------- d-----w C:\Documents and Settings\SARR\Application Data\Desktopicon
2008-09-24 13:45 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-24 13:45 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-22 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-20 21:33 --------- d-----w C:\Documents and Settings\SARR\Application Data\FrostWire
2008-09-10 16:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-01 16:02 --------- d-----w C:\Program Files\directx
2008-08-25 16:21 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-25 16:18 --------- d-----w C:\Documents and Settings\SARR\Application Data\SystemRequirementsLab
2008-08-24 14:33 --------- d-----w C:\Program Files\Common Files
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\SARR\Application Data\JAM Software
2008-08-17 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-17 18:51 --------- d-----w C:\Documents and Settings\SARR\Application Data\DAEMON Tools
2008-08-17 12:33 --------- d-----w C:\Program Files\Java
2008-08-16 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-14 21:32 --------- d-----w C:\Documents and Settings\SARR\Application Data\MSNInstaller
2008-08-13 16:09 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-13 12:00 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-13 11:58 40,320 ----a-w C:\WINDOWS\system32\drivers\steth.sys
2008-08-13 11:58 30,464 ----a-w C:\WINDOWS\system32\drivers\st330.sys
2008-08-13 11:58 16,128 ----a-w C:\WINDOWS\system32\drivers\lpwdm.sys
2008-08-13 11:58 12,672 ----a-w C:\WINDOWS\system32\drivers\stbus.sys
2008-08-13 11:57 --------- d-----w C:\Program Files\Thomson
2008-08-12 22:29 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-12 22:26 --------- d-----w C:\Program Files\Services en ligne
.
------- Sigcheck -------
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\wuauclt.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-04-13 46080]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-25 1235736]
"nwiz"="nwiz.exe" [2004-04-13 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^SARR^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\SARR\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-03-21 10:21 91432 C:\Program Files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
--a------ 2008-08-13 11:57 557149 C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_2575609]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_421671]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"F:\\uTorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-25 97928]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-25 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-25 76040]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-08-13 30464]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-08-13 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [2008-08-13 40320]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
S3 dump_wmimmc;dump_wmimmc;F:\kart\GameGuard\dump_wmimmc.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - MBAMDRVSERVICE
*Newly Created Service* - MBAMSERVICE
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PC-Checkup - C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
MSConfigStartUp-SpeedItUpEX - C:\Program Files\Speeditup Free\SpeedItUp.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://search.orbitdownloader.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 -: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 13:29:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SARR\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
Heure de fin: 2008-09-25 13:32:33
ComboFix-quarantined-files.txt 2008-09-25 13:32:27
Avant-CF: 3ÿ259ÿ375ÿ616 octets libres
Après-CF: 3,390,660,608 octets libres
245
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.77 [GMT 0:00]
Lancé depuis: C:\Documents and Settings\SARR\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msupdate.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:09 . 2008-09-25 13:15 <REP> d-------- C:\hIKACKIS
2008-09-25 13:08 . 2008-09-25 13:08 396,288 --a------ C:\HijackThis.exe
2008-09-25 12:32 . 2008-09-25 12:40 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-25 12:32 . 2008-09-25 12:32 <REP> d-------- C:\Program Files\AVG
2008-09-25 12:32 . 2008-09-25 12:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-25 12:32 . 2008-09-25 12:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-25 12:32 . 2008-09-25 12:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-25 12:21 . 2008-09-25 12:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 12:21 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 12:21 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 13:50 . 2008-09-24 13:50 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
2008-09-24 13:47 . 2008-09-24 13:51 <REP> d-------- C:\Program Files\CyberLink
2008-09-24 10:41 . 2008-09-25 11:32 <REP> d-------- C:\Program Files\Speeditup Free
2008-09-23 17:23 . 2008-09-24 10:21 <REP> d-------- C:\Program Files\Orbitdownloader
2008-09-23 17:21 . 2008-09-23 17:22 <REP> d-------- C:\Program Files\Opera
2008-09-22 19:06 . 2008-09-22 19:06 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-09-22 18:53 . 2008-09-23 16:58 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Notepad++
2008-09-22 18:27 . 2008-09-22 18:27 <REP> d-------- C:\Documents and Settings\SARR\Application Data\KompoZer
2008-09-22 11:09 . 2008-09-22 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-22 11:01 . 2008-09-22 11:07 <REP> d-------- C:\WINDOWS\nview
2008-09-22 11:01 . 2004-04-13 15:25 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-22 11:01 . 2004-04-13 15:25 12,196 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-22 09:55 . 2008-09-22 09:55 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-09-22 09:55 . 2008-09-22 09:55 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-09-21 17:53 . 2008-09-21 17:53 0 --a------ C:\WINDOWS\oodcnt.INI
2008-09-21 17:52 . 2008-09-21 19:18 <REP> d-------- C:\WINDOWS\system32\oodag
2008-09-21 17:30 . 2008-09-21 17:31 <REP> d-------- C:\Program Files\Winamp
2008-09-21 17:30 . 2008-09-21 18:39 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Winamp
2008-09-21 15:56 . 2008-09-21 15:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\CyberLink
2008-09-21 15:54 . 2008-09-24 13:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-21 15:51 . 2008-09-24 13:45 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-21 11:48 . 2008-09-21 11:55 <REP> d-------- C:\Program Files\Microsoft Encarta
2008-09-18 19:01 . 2008-09-25 12:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-17 15:07 . 2008-09-17 15:07 <REP> d-------- C:\Documents and Settings\SARR\Application Data\BitSpirit
2008-09-17 14:47 . 2008-09-17 14:47 <REP> d-------- C:\Program Files\PowerISO
2008-09-16 21:58 . 2008-09-16 21:58 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-16 21:58 . 2008-09-16 21:58 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-16 21:52 . 2008-09-16 21:52 <REP> d-------- C:\WINDOWS\system32\logs
2008-09-16 21:48 . 2008-09-16 21:48 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-16 12:08 . 2008-09-16 12:08 <REP> d-------- C:\Program Files\CCleaner
2008-09-15 21:39 . 2008-09-15 21:39 <REP> d-------- C:\WINDOWS\Speeditup Free
2008-09-15 21:30 . 2008-09-23 16:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 21:29 . 2008-09-23 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 21:27 . 2008-09-15 21:27 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-15 21:27 . 2008-09-15 21:27 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-15 21:27 . 2008-09-15 21:27 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-15 14:09 . 2008-09-16 16:12 <REP> d-------- C:\Documents and Settings\SARR\Application Data\ESTsoft
2008-09-15 13:55 . 2008-09-15 15:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\vlc
2008-09-15 13:53 . 2008-09-15 13:53 <REP> d-------- C:\Program Files\VideoLAN
2008-09-14 12:38 . 2008-09-14 12:38 <REP> d-------- C:\Program Files\SuperCopier2
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Malwarebytes
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 09:29 . 2008-09-14 09:29 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Auslogics
2008-09-14 09:13 . 2008-09-14 10:01 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-13 10:37 . 2008-09-13 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-13 10:27 . 2008-09-13 10:36 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\SARR\Application Data\GrabPro
2008-09-11 21:19 . 2008-09-24 21:04 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Orbit
2008-09-10 11:14 . 2008-09-10 11:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-09-06 23:14 . 2008-09-06 23:23 769,782 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-09-04 05:58 . 2008-09-04 05:58 894,208 --a------ C:\WINDOWS\system32\oodtrrs.dll
2008-09-03 14:15 . 2003-07-17 09:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-03 14:15 . 2005-01-01 00:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-03 12:57 . 2008-09-24 13:50 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-02 19:43 . <REP> C:\WINDOWS\Mafia
2008-09-01 20:34 . 2008-09-01 20:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\DMCache
2008-09-01 20:06 . 2008-09-20 16:16 <REP> d-------- C:\Documents and Settings\SARR\Application Data\OpenOffice.org2
2008-09-01 17:52 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-01 17:50 . 2008-09-01 17:51 <REP> d-------- C:\Program Files\Paint.NET
2008-09-01 16:50 . 2008-09-01 17:20 <REP> d-------- C:\WINDOWS\BricoPacks
2008-08-30 19:18 . 2008-08-30 19:20 <REP> d-------- C:\Program Files\Unlocker
2008-08-30 17:20 . 2008-09-06 12:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\dvdcss
2008-08-29 17:35 . 2008-08-29 17:35 9 --a------ C:\WINDOWS\system32\client.sid
2008-08-29 17:32 . 2008-08-29 17:32 <REP> d-------- C:\WINDOWS\MaxTV
2008-08-28 23:00 . 2008-08-28 23:00 <REP> d-------- C:\Program Files\Fichiers communs\NSV
2008-08-27 18:37 . 2008-09-11 21:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Free Download Manager
2008-08-27 18:21 . 2008-09-25 09:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\uTorrent
2008-08-27 17:25 . 2008-09-16 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 13:08 . 2004-08-04 00:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-08-26 20:11 . 2008-08-26 20:12 11,356 --a------ C:\temp.wav
2008-08-26 20:05 . 2008-08-26 20:04 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:00 --------- d-----w C:\Documents and Settings\SARR\Application Data\Desktopicon
2008-09-24 13:45 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-24 13:45 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-22 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-20 21:33 --------- d-----w C:\Documents and Settings\SARR\Application Data\FrostWire
2008-09-10 16:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-01 16:02 --------- d-----w C:\Program Files\directx
2008-08-25 16:21 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-25 16:18 --------- d-----w C:\Documents and Settings\SARR\Application Data\SystemRequirementsLab
2008-08-24 14:33 --------- d-----w C:\Program Files\Common Files
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\SARR\Application Data\JAM Software
2008-08-17 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-17 18:51 --------- d-----w C:\Documents and Settings\SARR\Application Data\DAEMON Tools
2008-08-17 12:33 --------- d-----w C:\Program Files\Java
2008-08-16 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-14 21:32 --------- d-----w C:\Documents and Settings\SARR\Application Data\MSNInstaller
2008-08-13 16:09 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-13 12:00 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-13 11:58 40,320 ----a-w C:\WINDOWS\system32\drivers\steth.sys
2008-08-13 11:58 30,464 ----a-w C:\WINDOWS\system32\drivers\st330.sys
2008-08-13 11:58 16,128 ----a-w C:\WINDOWS\system32\drivers\lpwdm.sys
2008-08-13 11:58 12,672 ----a-w C:\WINDOWS\system32\drivers\stbus.sys
2008-08-13 11:57 --------- d-----w C:\Program Files\Thomson
2008-08-12 22:29 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-12 22:26 --------- d-----w C:\Program Files\Services en ligne
.
------- Sigcheck -------
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\wuauclt.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-04-13 46080]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-25 1235736]
"nwiz"="nwiz.exe" [2004-04-13 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^SARR^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\SARR\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-03-21 10:21 91432 C:\Program Files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
--a------ 2008-08-13 11:57 557149 C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_2575609]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_421671]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"F:\\uTorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-25 97928]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-25 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-25 76040]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-08-13 30464]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-08-13 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [2008-08-13 40320]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
S3 dump_wmimmc;dump_wmimmc;F:\kart\GameGuard\dump_wmimmc.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - MBAMDRVSERVICE
*Newly Created Service* - MBAMSERVICE
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PC-Checkup - C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
MSConfigStartUp-SpeedItUpEX - C:\Program Files\Speeditup Free\SpeedItUp.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://search.orbitdownloader.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 -: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 13:29:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SARR\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
Heure de fin: 2008-09-25 13:32:33
ComboFix-quarantined-files.txt 2008-09-25 13:32:27
Avant-CF: 3ÿ259ÿ375ÿ616 octets libres
Après-CF: 3,390,660,608 octets libres
245
ComboFix 08-09-24.12 - SARR 2008-09-25 13:25:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.77 [GMT 0:00]
Lancé depuis: C:\Documents and Settings\SARR\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msupdate.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:09 . 2008-09-25 13:15 <REP> d-------- C:\hIKACKIS
2008-09-25 13:08 . 2008-09-25 13:08 396,288 --a------ C:\HijackThis.exe
2008-09-25 12:32 . 2008-09-25 12:40 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-25 12:32 . 2008-09-25 12:32 <REP> d-------- C:\Program Files\AVG
2008-09-25 12:32 . 2008-09-25 12:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-25 12:32 . 2008-09-25 12:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-25 12:32 . 2008-09-25 12:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-25 12:21 . 2008-09-25 12:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 12:21 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 12:21 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 13:50 . 2008-09-24 13:50 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
2008-09-24 13:47 . 2008-09-24 13:51 <REP> d-------- C:\Program Files\CyberLink
2008-09-24 10:41 . 2008-09-25 11:32 <REP> d-------- C:\Program Files\Speeditup Free
2008-09-23 17:23 . 2008-09-24 10:21 <REP> d-------- C:\Program Files\Orbitdownloader
2008-09-23 17:21 . 2008-09-23 17:22 <REP> d-------- C:\Program Files\Opera
2008-09-22 19:06 . 2008-09-22 19:06 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-09-22 18:53 . 2008-09-23 16:58 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Notepad++
2008-09-22 18:27 . 2008-09-22 18:27 <REP> d-------- C:\Documents and Settings\SARR\Application Data\KompoZer
2008-09-22 11:09 . 2008-09-22 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-22 11:01 . 2008-09-22 11:07 <REP> d-------- C:\WINDOWS\nview
2008-09-22 11:01 . 2004-04-13 15:25 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-22 11:01 . 2004-04-13 15:25 12,196 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-22 09:55 . 2008-09-22 09:55 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-09-22 09:55 . 2008-09-22 09:55 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-09-21 17:53 . 2008-09-21 17:53 0 --a------ C:\WINDOWS\oodcnt.INI
2008-09-21 17:52 . 2008-09-21 19:18 <REP> d-------- C:\WINDOWS\system32\oodag
2008-09-21 17:30 . 2008-09-21 17:31 <REP> d-------- C:\Program Files\Winamp
2008-09-21 17:30 . 2008-09-21 18:39 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Winamp
2008-09-21 15:56 . 2008-09-21 15:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\CyberLink
2008-09-21 15:54 . 2008-09-24 13:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-21 15:51 . 2008-09-24 13:45 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-21 11:48 . 2008-09-21 11:55 <REP> d-------- C:\Program Files\Microsoft Encarta
2008-09-18 19:01 . 2008-09-25 12:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-17 15:07 . 2008-09-17 15:07 <REP> d-------- C:\Documents and Settings\SARR\Application Data\BitSpirit
2008-09-17 14:47 . 2008-09-17 14:47 <REP> d-------- C:\Program Files\PowerISO
2008-09-16 21:58 . 2008-09-16 21:58 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-16 21:58 . 2008-09-16 21:58 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-16 21:52 . 2008-09-16 21:52 <REP> d-------- C:\WINDOWS\system32\logs
2008-09-16 21:48 . 2008-09-16 21:48 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-16 12:08 . 2008-09-16 12:08 <REP> d-------- C:\Program Files\CCleaner
2008-09-15 21:39 . 2008-09-15 21:39 <REP> d-------- C:\WINDOWS\Speeditup Free
2008-09-15 21:30 . 2008-09-23 16:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 21:29 . 2008-09-23 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 21:27 . 2008-09-15 21:27 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-15 21:27 . 2008-09-15 21:27 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-15 21:27 . 2008-09-15 21:27 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-15 14:09 . 2008-09-16 16:12 <REP> d-------- C:\Documents and Settings\SARR\Application Data\ESTsoft
2008-09-15 13:55 . 2008-09-15 15:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\vlc
2008-09-15 13:53 . 2008-09-15 13:53 <REP> d-------- C:\Program Files\VideoLAN
2008-09-14 12:38 . 2008-09-14 12:38 <REP> d-------- C:\Program Files\SuperCopier2
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Malwarebytes
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 09:29 . 2008-09-14 09:29 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Auslogics
2008-09-14 09:13 . 2008-09-14 10:01 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-13 10:37 . 2008-09-13 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-13 10:27 . 2008-09-13 10:36 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\SARR\Application Data\GrabPro
2008-09-11 21:19 . 2008-09-24 21:04 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Orbit
2008-09-10 11:14 . 2008-09-10 11:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-09-06 23:14 . 2008-09-06 23:23 769,782 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-09-04 05:58 . 2008-09-04 05:58 894,208 --a------ C:\WINDOWS\system32\oodtrrs.dll
2008-09-03 14:15 . 2003-07-17 09:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-03 14:15 . 2005-01-01 00:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-03 12:57 . 2008-09-24 13:50 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-02 19:43 . <REP> C:\WINDOWS\Mafia
2008-09-01 20:34 . 2008-09-01 20:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\DMCache
2008-09-01 20:06 . 2008-09-20 16:16 <REP> d-------- C:\Documents and Settings\SARR\Application Data\OpenOffice.org2
2008-09-01 17:52 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-01 17:50 . 2008-09-01 17:51 <REP> d-------- C:\Program Files\Paint.NET
2008-09-01 16:50 . 2008-09-01 17:20 <REP> d-------- C:\WINDOWS\BricoPacks
2008-08-30 19:18 . 2008-08-30 19:20 <REP> d-------- C:\Program Files\Unlocker
2008-08-30 17:20 . 2008-09-06 12:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\dvdcss
2008-08-29 17:35 . 2008-08-29 17:35 9 --a------ C:\WINDOWS\system32\client.sid
2008-08-29 17:32 . 2008-08-29 17:32 <REP> d-------- C:\WINDOWS\MaxTV
2008-08-28 23:00 . 2008-08-28 23:00 <REP> d-------- C:\Program Files\Fichiers communs\NSV
2008-08-27 18:37 . 2008-09-11 21:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Free Download Manager
2008-08-27 18:21 . 2008-09-25 09:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\uTorrent
2008-08-27 17:25 . 2008-09-16 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 13:08 . 2004-08-04 00:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-08-26 20:11 . 2008-08-26 20:12 11,356 --a------ C:\temp.wav
2008-08-26 20:05 . 2008-08-26 20:04 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:00 --------- d-----w C:\Documents and Settings\SARR\Application Data\Desktopicon
2008-09-24 13:45 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-24 13:45 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-22 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-20 21:33 --------- d-----w C:\Documents and Settings\SARR\Application Data\FrostWire
2008-09-10 16:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-01 16:02 --------- d-----w C:\Program Files\directx
2008-08-25 16:21 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-25 16:18 --------- d-----w C:\Documents and Settings\SARR\Application Data\SystemRequirementsLab
2008-08-24 14:33 --------- d-----w C:\Program Files\Common Files
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\SARR\Application Data\JAM Software
2008-08-17 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-17 18:51 --------- d-----w C:\Documents and Settings\SARR\Application Data\DAEMON Tools
2008-08-17 12:33 --------- d-----w C:\Program Files\Java
2008-08-16 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-14 21:32 --------- d-----w C:\Documents and Settings\SARR\Application Data\MSNInstaller
2008-08-13 16:09 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-13 12:00 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-13 11:58 40,320 ----a-w C:\WINDOWS\system32\drivers\steth.sys
2008-08-13 11:58 30,464 ----a-w C:\WINDOWS\system32\drivers\st330.sys
2008-08-13 11:58 16,128 ----a-w C:\WINDOWS\system32\drivers\lpwdm.sys
2008-08-13 11:58 12,672 ----a-w C:\WINDOWS\system32\drivers\stbus.sys
2008-08-13 11:57 --------- d-----w C:\Program Files\Thomson
2008-08-12 22:29 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-12 22:26 --------- d-----w C:\Program Files\Services en ligne
.
------- Sigcheck -------
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\wuauclt.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-04-13 46080]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-25 1235736]
"nwiz"="nwiz.exe" [2004-04-13 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^SARR^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\SARR\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-03-21 10:21 91432 C:\Program Files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
--a------ 2008-08-13 11:57 557149 C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_2575609]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_421671]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"F:\\uTorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-25 97928]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-25 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-25 76040]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-08-13 30464]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-08-13 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [2008-08-13 40320]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
S3 dump_wmimmc;dump_wmimmc;F:\kart\GameGuard\dump_wmimmc.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - MBAMDRVSERVICE
*Newly Created Service* - MBAMSERVICE
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PC-Checkup - C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
MSConfigStartUp-SpeedItUpEX - C:\Program Files\Speeditup Free\SpeedItUp.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://search.orbitdownloader.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 -: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 13:29:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SARR\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
Heure de fin: 2008-09-25 13:32:33
ComboFix-quarantined-files.txt 2008-09-25 13:32:27
Avant-CF: 3ÿ259ÿ375ÿ616 octets libres
Après-CF: 3,390,660,608 octets libres
245
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.77 [GMT 0:00]
Lancé depuis: C:\Documents and Settings\SARR\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\msupdate.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-25 au 2008-09-25 ))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:09 . 2008-09-25 13:15 <REP> d-------- C:\hIKACKIS
2008-09-25 13:08 . 2008-09-25 13:08 396,288 --a------ C:\HijackThis.exe
2008-09-25 12:32 . 2008-09-25 12:40 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-25 12:32 . 2008-09-25 12:32 <REP> d-------- C:\Program Files\AVG
2008-09-25 12:32 . 2008-09-25 12:32 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-25 12:32 . 2008-09-25 12:32 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-25 12:32 . 2008-09-25 12:32 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-25 12:21 . 2008-09-25 12:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 12:21 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-25 12:21 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-24 13:50 . 2008-09-24 13:50 <REP> d-------- C:\Program Files\Fichiers communs\CyberLink
2008-09-24 13:47 . 2008-09-24 13:51 <REP> d-------- C:\Program Files\CyberLink
2008-09-24 10:41 . 2008-09-25 11:32 <REP> d-------- C:\Program Files\Speeditup Free
2008-09-23 17:23 . 2008-09-24 10:21 <REP> d-------- C:\Program Files\Orbitdownloader
2008-09-23 17:21 . 2008-09-23 17:22 <REP> d-------- C:\Program Files\Opera
2008-09-22 19:06 . 2008-09-22 19:06 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-09-22 18:53 . 2008-09-23 16:58 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Notepad++
2008-09-22 18:27 . 2008-09-22 18:27 <REP> d-------- C:\Documents and Settings\SARR\Application Data\KompoZer
2008-09-22 11:09 . 2008-09-22 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-22 11:01 . 2008-09-22 11:07 <REP> d-------- C:\WINDOWS\nview
2008-09-22 11:01 . 2004-04-13 15:25 110,592 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-22 11:01 . 2004-04-13 15:25 12,196 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-22 09:55 . 2008-09-22 09:55 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-09-22 09:55 . 2008-09-22 09:55 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-09-21 17:53 . 2008-09-21 17:53 0 --a------ C:\WINDOWS\oodcnt.INI
2008-09-21 17:52 . 2008-09-21 19:18 <REP> d-------- C:\WINDOWS\system32\oodag
2008-09-21 17:30 . 2008-09-21 17:31 <REP> d-------- C:\Program Files\Winamp
2008-09-21 17:30 . 2008-09-21 18:39 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Winamp
2008-09-21 15:56 . 2008-09-21 15:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\CyberLink
2008-09-21 15:54 . 2008-09-24 13:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-21 15:51 . 2008-09-24 13:45 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-09-21 11:48 . 2008-09-21 11:55 <REP> d-------- C:\Program Files\Microsoft Encarta
2008-09-18 19:01 . 2008-09-25 12:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-17 15:07 . 2008-09-17 15:07 <REP> d-------- C:\Documents and Settings\SARR\Application Data\BitSpirit
2008-09-17 14:47 . 2008-09-17 14:47 <REP> d-------- C:\Program Files\PowerISO
2008-09-16 21:58 . 2008-09-16 21:58 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-16 21:58 . 2008-09-16 21:58 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-16 21:52 . 2008-09-16 21:52 <REP> d-------- C:\WINDOWS\system32\logs
2008-09-16 21:48 . 2008-09-16 21:48 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-09-16 12:08 . 2008-09-16 12:08 <REP> d-------- C:\Program Files\CCleaner
2008-09-15 21:39 . 2008-09-15 21:39 <REP> d-------- C:\WINDOWS\Speeditup Free
2008-09-15 21:30 . 2008-09-23 16:59 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-15 21:29 . 2008-09-23 16:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-15 21:27 . 2008-09-15 21:27 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-15 21:27 . 2008-09-15 21:27 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-15 21:27 . 2008-09-15 21:27 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-15 14:09 . 2008-09-16 16:12 <REP> d-------- C:\Documents and Settings\SARR\Application Data\ESTsoft
2008-09-15 13:55 . 2008-09-15 15:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\vlc
2008-09-15 13:53 . 2008-09-15 13:53 <REP> d-------- C:\Program Files\VideoLAN
2008-09-14 12:38 . 2008-09-14 12:38 <REP> d-------- C:\Program Files\SuperCopier2
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Malwarebytes
2008-09-14 12:22 . 2008-09-14 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 09:29 . 2008-09-14 09:29 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Auslogics
2008-09-14 09:13 . 2008-09-14 10:01 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-13 10:37 . 2008-09-13 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-13 10:27 . 2008-09-13 10:36 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\SARR\Application Data\GrabPro
2008-09-11 21:19 . 2008-09-24 21:04 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Orbit
2008-09-10 11:14 . 2008-09-10 11:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-09-06 23:14 . 2008-09-06 23:23 769,782 --a------ C:\WINDOWS\GOM_Wallpaper.bmp
2008-09-04 05:58 . 2008-09-04 05:58 894,208 --a------ C:\WINDOWS\system32\oodtrrs.dll
2008-09-03 14:15 . 2003-07-17 09:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-03 14:15 . 2005-01-01 00:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-09-03 12:57 . 2008-09-24 13:50 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-02 19:43 . <REP> C:\WINDOWS\Mafia
2008-09-01 20:34 . 2008-09-01 20:46 <REP> d-------- C:\Documents and Settings\SARR\Application Data\DMCache
2008-09-01 20:06 . 2008-09-20 16:16 <REP> d-------- C:\Documents and Settings\SARR\Application Data\OpenOffice.org2
2008-09-01 17:52 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-01 17:50 . 2008-09-01 17:51 <REP> d-------- C:\Program Files\Paint.NET
2008-09-01 16:50 . 2008-09-01 17:20 <REP> d-------- C:\WINDOWS\BricoPacks
2008-08-30 19:18 . 2008-08-30 19:20 <REP> d-------- C:\Program Files\Unlocker
2008-08-30 17:20 . 2008-09-06 12:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\dvdcss
2008-08-29 17:35 . 2008-08-29 17:35 9 --a------ C:\WINDOWS\system32\client.sid
2008-08-29 17:32 . 2008-08-29 17:32 <REP> d-------- C:\WINDOWS\MaxTV
2008-08-28 23:00 . 2008-08-28 23:00 <REP> d-------- C:\Program Files\Fichiers communs\NSV
2008-08-27 18:37 . 2008-09-11 21:05 <REP> d-------- C:\Documents and Settings\SARR\Application Data\Free Download Manager
2008-08-27 18:21 . 2008-09-25 09:56 <REP> d-------- C:\Documents and Settings\SARR\Application Data\uTorrent
2008-08-27 17:25 . 2008-09-16 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 13:08 . 2004-08-04 00:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-08-26 20:11 . 2008-08-26 20:12 11,356 --a------ C:\temp.wav
2008-08-26 20:05 . 2008-08-26 20:04 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 13:00 --------- d-----w C:\Documents and Settings\SARR\Application Data\Desktopicon
2008-09-24 13:45 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-24 13:45 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-09-22 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-20 21:33 --------- d-----w C:\Documents and Settings\SARR\Application Data\FrostWire
2008-09-10 16:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-01 16:02 --------- d-----w C:\Program Files\directx
2008-08-25 16:21 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-08-25 16:18 --------- d-----w C:\Documents and Settings\SARR\Application Data\SystemRequirementsLab
2008-08-24 14:33 --------- d-----w C:\Program Files\Common Files
2008-08-23 09:36 --------- d-----w C:\Documents and Settings\SARR\Application Data\JAM Software
2008-08-17 18:51 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-17 18:51 --------- d-----w C:\Documents and Settings\SARR\Application Data\DAEMON Tools
2008-08-17 12:33 --------- d-----w C:\Program Files\Java
2008-08-16 15:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-14 21:32 --------- d-----w C:\Documents and Settings\SARR\Application Data\MSNInstaller
2008-08-13 16:09 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-13 12:00 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-08-13 11:58 40,320 ----a-w C:\WINDOWS\system32\drivers\steth.sys
2008-08-13 11:58 30,464 ----a-w C:\WINDOWS\system32\drivers\st330.sys
2008-08-13 11:58 16,128 ----a-w C:\WINDOWS\system32\drivers\lpwdm.sys
2008-08-13 11:58 12,672 ----a-w C:\WINDOWS\system32\drivers\stbus.sys
2008-08-13 11:57 --------- d-----w C:\Program Files\Thomson
2008-08-12 22:29 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-12 22:26 --------- d-----w C:\Program Files\Services en ligne
.
------- Sigcheck -------
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 00:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
2004-08-19 17:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\wuauclt.exe
2004-08-19 17:10 102400 ffbbefb47652a140cdd7bab1e5b915ab C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-13 3309568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-04-13 46080]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-25 1235736]
"nwiz"="nwiz.exe" [2004-04-13 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^SARR^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\SARR\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-03-21 10:21 91432 C:\Program Files\CyberLink\Shared Files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
--a------ 2008-08-13 11:57 557149 C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_2575609]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E09FXLRD_421671]
--a------ 2008-05-28 10:34 351000 C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"F:\\uTorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-25 97928]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-25 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-25 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-25 76040]
R3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-08-13 30464]
R3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-08-13 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\steth.sys [2008-08-13 40320]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
S3 dump_wmimmc;dump_wmimmc;F:\kart\GameGuard\dump_wmimmc.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - MBAMDRVSERVICE
*Newly Created Service* - MBAMSERVICE
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PC-Checkup - C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
MSConfigStartUp-SpeedItUpEX - C:\Program Files\Speeditup Free\SpeedItUp.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://search.orbitdownloader.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.searchgateway.net/search-Google-Gateway.php?sa=Search+Here&client=pub-4642981363251965&forid=1&ie=ISO-8859-1&oe=ISO-8859-1&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A11&q=%s
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 -: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 -: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 -: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 -: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 13:29:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\SARR\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
Heure de fin: 2008-09-25 13:32:33
ComboFix-quarantined-files.txt 2008-09-25 13:32:27
Avant-CF: 3ÿ259ÿ375ÿ616 octets libres
Après-CF: 3,390,660,608 octets libres
245
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 sept. 2008 à 15:03
25 sept. 2008 à 15:03
slt,
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 sept. 2008 à 15:14
25 sept. 2008 à 15:14
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 sept. 2008 à 17:09
25 sept. 2008 à 17:09
ok combofix l'a viré
malwarebyte et avg ne trouvent plus rien?
encore des soucis?
recolle un hijakchtis
a plus
malwarebyte et avg ne trouvent plus rien?
encore des soucis?
recolle un hijakchtis
a plus
