Sujet Précédent Sujet Suivant

Je crois me faire prendre par un virus

Philboom Messages postés 46 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
voici mon HIJACKTHIS , je voudrais savoir quest qui se passe dans mon ordi
lorsque je click sur certain lien sa m'emmene dans d'autre site
et dans le bas de mon ordi jai 3 icones qui dit que mon automatique live update est fermer
que dois-je fixer dans HijaCKTHIS pour enlever se probleme

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:41, on 2008-12-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BellCanada\McciTrayApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.ca/?icid=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Igofafiyupadewiy] rundll32.exe "C:\WINDOWS\Oqelecilu.dll",e
O4 - HKLM\..\Run: [Qcufiforawumif] rundll32.exe "C:\WINDOWS\ugekitenimiqayoq.dll",e
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [6c49f006] rundll32.exe "C:\WINDOWS\system32\tloqgcqa.dll",b
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\HP_Administrator\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra 'Tools' menuitem: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28081/activebroadcast.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C2EEFC7-4599-4A57-8883-0848A90EF3DC}: NameServer = 85.255.112.189;85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: NameServer = 85.255.112.189;85.255.112.113
O20 - AppInit_DLLs: aeuoxl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
A voir également:

43 réponses

Réponse 1 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Seul Philboom peut suivre cette procédure /!\

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

Driver::
PsSdk30
XDva037
XDva134
XDva164
XDva167
XDva177
XDva189

File::
c:\windows\Tasks\mwafimpt.job
c:\windows\system32\mcrh.MSNFix

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
1
Réponse 2 / 43
Philboom Messages postés 46 Statut Membre 1
 
Deuxieme Rapport de Combofix avec CFScript

ComboFix 08-12-23.01 - HP_Administrator 2008-12-24 14:00:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.1891 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\mcrh.MSNFix
c:\windows\Tasks\mwafimpt.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mcrh.MSNFix
c:\windows\Tasks\mwafimpt.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PSSDK30
-------\Legacy_XDVA037
-------\Legacy_XDVA134
-------\Legacy_XDVA164
-------\Legacy_XDVA167
-------\Legacy_XDVA177
-------\Legacy_XDVA189
-------\Service_XDva037
-------\Service_XDva134
-------\Service_XDva164
-------\Service_XDva167
-------\Service_XDva177
-------\Service_XDva189

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-24 au 2008-12-24 ))))))))))))))))))))))))))))))))))))
.

2008-12-23 19:50 . 2008-12-23 19:56 1,393 --a------ c:\windows\imsins.BAK
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 17:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 17:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 15:34 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-23 11:36 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-23 11:33 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-23 11:33 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-23 11:33 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-12-23 11:33 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-23 11:33 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-12-23 11:33 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-23 11:33 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-12-22 18:03 . 2008-12-22 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Isotx
2008-12-22 18:01 . 2008-12-22 18:02 <DIR> d-------- c:\program files\CrosuS
2008-12-22 18:01 . 2008-10-30 08:15 573,473 --a------ c:\windows\system32\wbocx.ocx
2008-12-22 18:01 . 2008-10-30 08:15 56,496 --a------ c:\windows\system32\wbhelp2.dll
2008-12-22 18:00 . 2008-12-22 18:01 <DIR> d-------- c:\program files\IGWarlord
2008-12-22 12:56 . 2008-12-22 12:56 38,400 --a------ c:\windows\Oqelecilu.dll
2008-12-15 01:23 . 2008-12-15 01:23 <DIR> d-------- c:\program files\The Game Creators
2008-12-15 01:23 . 2008-03-13 17:05 390,432 --a------ c:\windows\system32\NxCooking.dll
2008-12-15 01:23 . 2008-03-13 17:05 124,192 --a------ c:\windows\system32\NxCharacter.dll
2008-12-15 01:23 . 2008-03-13 17:05 118,784 --a------ c:\windows\system32\NxExtensions.dll
2008-12-15 00:10 . 2008-12-15 00:10 <DIR> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-12-15 00:09 . 2008-12-24 14:03 200,904 --a------ c:\windows\system32\nvapps.xml
2008-12-14 23:53 . 2008-12-14 23:55 <DIR> d-------- c:\windows\NV19881964.TMP
2008-12-14 19:24 . 2008-12-14 19:32 <DIR> d-------- c:\windows\NV32641052.TMP
2008-12-14 17:03 . 2008-12-14 17:03 <DIR> d-------- c:\program files\2K Games
2008-12-13 00:07 . 2008-12-13 00:07 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Propellerhead Software
2008-12-13 00:07 . 2008-12-13 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Propellerhead Software
2008-12-13 00:07 . 2008-12-13 00:07 368,640 --a------ c:\windows\system32\ReWire.dll
2008-12-13 00:07 . 2008-12-13 00:07 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-12-13 00:06 . 2008-12-13 00:06 <DIR> d-------- c:\program files\Propellerhead
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-09 21:27 . 2008-12-09 21:36 <DIR> d-------- c:\program files\VirtualDJ
2008-12-08 20:35 . 2008-12-08 20:38 <DIR> d-------- c:\windows\NV19322328.TMP
2008-12-02 23:11 . 2008-12-02 23:11 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2008-11-27 01:53 . 2008-11-27 01:53 552 --a------ c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 18:59 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Xfire
2008-12-24 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-23 20:36 --------- d-----w c:\program files\Google
2008-12-23 17:12 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Bioshock
2008-12-22 22:00 --------- d-----w c:\program files\Steam
2008-12-22 19:04 --------- d-----w c:\program files\CAPCOM
2008-12-22 18:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 17:29 --------- d-----w c:\program files\eMule
2008-12-19 22:44 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-17 15:41 --------- d-s---w c:\program files\Xfire
2008-12-15 05:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 00:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Download Manager
2008-12-15 00:25 --------- d-----w c:\program files\AGEIA Technologies
2008-12-14 17:06 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2008-12-14 15:58 --------- d-----w c:\program files\AMD
2008-12-14 08:06 --------- d-----w c:\program files\Video Convert Master
2008-12-12 15:34 --------- d-----w c:\program files\KONAMI
2008-12-11 00:43 --------- d-----w c:\program files\Armagetron Advanced
2008-12-08 07:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-08 07:04 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
2008-12-08 06:39 --------- d-----w c:\program files\PicLensIE
2008-11-26 23:35 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\dvdcss
2008-11-26 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-22 05:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SPORE Creature Creator
2008-11-22 01:19 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-20 03:59 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Megaupload
2008-11-20 03:55 --------- d-----w c:\program files\Megaupload
2008-11-18 18:54 --------- d-----w c:\program files\SpeedFan
2008-11-17 01:43 --------- d-----w c:\program files\Alwil Software
2008-11-17 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-11-16 17:20 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\dyyno-vlc
2008-11-16 00:48 --------- d-----w c:\program files\Dyyno
2008-11-15 05:54 --------- d-----w c:\program files\Creative
2008-11-14 01:50 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 14:26 --------- d-----w c:\program files\Common Files\Futuremark Shared
2008-11-11 23:13 22,328 ----a-w c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2008-11-11 23:09 --------- d-----w c:\program files\Ubisoft
2008-11-07 03:43 210 -c--a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-11-03 05:21 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenArena
2008-10-25 06:39 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\GarageGames
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-08-18 03:05 81,920 ----a-w c:\documents and settings\HP_Administrator\Application Data\ezpinst.exe
2008-08-18 03:05 47,360 ----a-w c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2008-06-13 15:42 53,000 ----a-w c:\documents and settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-14 01:44 1,051,560 ----a-w c:\documents and settings\HP_Administrator\ki2.dat
2008-03-14 01:43 88 ----a-w c:\documents and settings\HP_Administrator\U64KeyMap.dat
2008-01-14 21:32 1 ----a-w c:\documents and settings\HP_Administrator\SI.bin
2006-11-18 07:21 251 -c--a-w c:\program files\wt3d.ini
2007-09-26 13:02 412,192 --sha-w c:\windows\fidbox.dat
2006-12-03 00:50 22 -csha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-24_13.37.11,34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-24 19:03:31 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1d8.dat
+ 2008-12-24 19:03:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5f0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-04-11 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-05-28 1468928]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD_Display]
--a------ 2008-05-05 08:37 1449984 c:\program files\AMD\AMD Power Monitor\AMD_PwrMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 10:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-04-13 11:05 90112 c:\program files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 23:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-16 00:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 01:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA System Monitor]
--a------ 2008-04-11 08:18 842272 c:\program files\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-23 00:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 c:\program files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"SAVScan"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"SNDSrvc"=3 (0x3)
"NSCService"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"TapiSrv"=3 (0x3)
"RPSUpdaterR"=3 (0x3)
"RP_FWS"=2 (0x2)
"ctm"=2 (0x2)
"seclogon"=2 (0x2)
"Fax"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"McciCMService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"dvpapi"=2 (0x2)
"FSGuard Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\ElectricSheep.scr"=
"c:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\nfsc.exe"=
"c:\\Program Files\\Steam\\steamapps\\rouxtang\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\source sdk base\\hl2.exe"=
"c:\\Program Files\\XBC\\neXBC.exe"=
"c:\\Program Files\\OGPlanet\\CABAL Online\\cabal.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\day of defeat source\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\GAMES SHORTCUTS\\ZSNES_V1.42_win\\zsnesw.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\source dedicated server\\srcds.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\MAME32\\next mame\\mameppk_bin_gcc-0.119-20070914\\kaillera\\kaillerasrv.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\MAME32\\next mame\\mame117\\kaillera\\kaillerasrv.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict - DEMO\\wic.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\6000\\install\\cyclomite.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\CrosuS\\CrosuSApp.exe"=
"c:\\Program Files\\IGWarlord\\igwarlord.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-16 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-16 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2008-07-17 34304]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; []
S4 ctm;Convar task manager;c:\program files\Convar\TaskManager\ctm.exe [2007-11-09 98304]
S4 FSGuard Service;FSGuard Service;c:\program files\Convar\FSGuard\FSGS.exe [2007-11-09 73728]
.
Contenu du dossier 'Tâches planifiées'

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-23 c:\windows\Tasks\User_Feed_Synchronization-{483741B0-A6DC-4EFD-B8C3-C62C31ADA0A8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 13:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = local
IE: {{449DB14A-F988-4fd8-9361-F212D7B6414B} - c:\program files\CoolIris\CoolIrisPreferences.exe
IE: {{449DB14A-F988-4fd8-9361-F212D7B6414B} - c:\program files\CoolIris\CoolIrisPreferences.exe -

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd

c:\windows\Downloaded Program Files\ActiveBroadcast.ocx - O16 -: {597F9140-0DC6-4657-A162-76EC0E7AEE81}
hxxp://www.meetstream.com/activex/28081/activebroadcast.cab
c:\windows\Downloaded Program Files\ActiveBroadcast.inf

c:\windows\Downloaded Program Files\plinstll.dll - O16 -: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9}
hxxp://affiliates.piclens.com/shared/plinstll.cab
c:\windows\Downloaded Program Files\plinstll.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\s9vokb05.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://gametrailers.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30226.2\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcnc32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 14:03:53
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2008-12-24 14:08:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-24 19:08:26
ComboFix2.txt 2008-12-24 18:37:50

Avant-CF: 26 891 587 584 bytes free
Après-CF: 26,791,636,992 bytes free

367 --- E O F --- 2008-12-24 00:56:49
1
Réponse 3 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

Ton PC est bourré d'infection.

- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée.

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.
0
Réponse 4 / 43
Philboom Messages postés 46 Statut Membre 1
 
Voici mon rapport de smitfraud ( en passant mon ordi que mon AUTOMATIC UPDATE est a OFF... et je ne peux pas le mettre en marche. et je ne peux terminer se prossesus: C:\WINDOWS\system32\wscntfy.exe.... c'est le bouclier avec un x dessus) merci

SmitFraudFix v2.387

Scan done at 14:41:03,54, 2008-12-23
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\resycled\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hamachi Network Interface - Radialpoint Miniport (x86)
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Redémarre ton ordinateur en mode sans échec :
https://blog.sosordi.net/

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée.

- Réponds O (Oui) à ces deux questions si elles te sont posées :

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le Bureau.

- Redémarre en mode normal.

- Poste le rapport SmitfraudFix.
0
Réponse 6 / 43
Philboom Messages postés 46 Statut Membre 1
 
ok voila mon deuxieme rapport apres mon nettoyage en safe mode

Merci

SmitFraudFix v2.387

Scan done at 15:34:48,68, 2008-12-23
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

C:\resycled\ Deleted
C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hamachi Network Interface - Radialpoint Miniport (x86)
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 7 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
A faire en mode normal :

---> Relance SmitfraudFix et choisis l'option 5.

---> Accepte si on te demande quelque chose puis poste le rapport.
0
Réponse 8 / 43
Philboom Messages postés 46 Statut Membre 1
 
Apres option 5 (Rapport)

SmitFraudFix v2.387

Scan done at 17:05:40,71, 2008-12-23
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Description: Hamachi Network Interface - Radialpoint Miniport (x86)
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Hamachi Network Interface - Radialpoint Miniport (x86)
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{302F9080-7EF7-41FE-928A-53DE04B189AB}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
0
Réponse 9 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge MSNFix.zip (de !aur3n7) sur ton Bureau:
http://sosvirus.changelog.fr/MSNFix.zip

- Décompresse-le (Clic droit >> Extraire ici).

- Double-clique sur le fichier MSNFix.bat.

- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.

Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur.

- Le rapport sera enregistré dans C:\Windows\ sous le nom de MSNFix, poste-le.
0
Réponse 10 / 43
Philboom Messages postés 46 Statut Membre 1
 
MSNFix 1.749

C:\Documents and Settings\HP_Administrator\Desktop\MSNFix\MSNFix
Fix exécuté le 2008-12-23 - 17:31:52,59 By HP_Administrator
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé

( le program a deja nettoyé les fichiers infectés )
0
Réponse 11 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Philboom Messages postés 46 Statut Membre 1
 
Mon malware MBAM log

je crois que sa fait le travail
Maintenant jai Acces a Window update

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1538
Windows 5.1.2600 Service Pack 2

2008-12-23 19:21:15
mbam-log-2008-12-23 (19-21-07).txt

Type de recherche: Examen rapide
Eléments examinés: 93962
Temps écoulé: 31 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ljJYsrpP.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnligaw (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5b069a0-c795-4388-bc69-fc33a3f97c96} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b5b069a0-c795-4388-bc69-fc33a3f97c96} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5b069a0-c795-4388-bc69-fc33a3f97c96} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b02534d7-8d91-49be-a864-97dfb8e0bab4} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE (Adware.OneStepSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjysrpp -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjysrpp -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntispyware2009) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\gadcom (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\nnnliGaW.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ljJYsrpP.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\PprsYJjl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\PprsYJjl.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tloqgcqa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aqcgqolt.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\qblwnncf.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\HP_Administrator\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ljJYQiJy.dll (Trojan.Vundo) -> No action taken.
0
Réponse 12 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu as supprimé les infections ?
0
Réponse 13 / 43
Philboom Messages postés 46 Statut Membre 1
 
Ouais
il y a plus rien qui se manifeste
0
Réponse 14 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Je te conseille vivement d'installer la Console de récupération.

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\Combofix.txt

Tutoriel officiel :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Philboom Messages postés 46 Statut Membre 1
 
la console de recuperation est dasn le program Combofix ???
0
Réponse 15 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Non regarde ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 16 / 43
Philboom Messages postés 46 Statut Membre 1
 
Voici mon rapport Combo fix

ComboFix 08-12-23.01 - HP_Administrator 2008-12-24 13:28:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.1857 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\.#
c:\program files\INSTALL.LOG
c:\windows\search_res.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\ATHPRXY(2).DLL
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
H:\resycled

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-24 au 2008-12-24 ))))))))))))))))))))))))))))))))))))
.

2008-12-23 19:50 . 2008-12-23 19:56 1,393 --a------ c:\windows\imsins.BAK
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-23 17:49 . 2008-12-23 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 17:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 17:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-23 15:34 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-23 11:36 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-23 11:33 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-23 11:33 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-23 11:33 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-12-23 11:33 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-23 11:33 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-12-23 11:33 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-23 11:33 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-12-23 07:07 . 2008-12-23 07:07 0 --a------ c:\windows\system32\mcrh.MSNFix
2008-12-22 18:03 . 2008-12-22 18:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Isotx
2008-12-22 18:01 . 2008-12-22 18:02 <DIR> d-------- c:\program files\CrosuS
2008-12-22 18:01 . 2008-10-30 08:15 573,473 --a------ c:\windows\system32\wbocx.ocx
2008-12-22 18:01 . 2008-10-30 08:15 56,496 --a------ c:\windows\system32\wbhelp2.dll
2008-12-22 18:00 . 2008-12-22 18:01 <DIR> d-------- c:\program files\IGWarlord
2008-12-22 12:56 . 2008-12-22 12:56 38,400 --a------ c:\windows\Oqelecilu.dll
2008-12-15 01:23 . 2008-12-15 01:23 <DIR> d-------- c:\program files\The Game Creators
2008-12-15 01:23 . 2008-03-13 17:05 390,432 --a------ c:\windows\system32\NxCooking.dll
2008-12-15 01:23 . 2008-03-13 17:05 124,192 --a------ c:\windows\system32\NxCharacter.dll
2008-12-15 01:23 . 2008-03-13 17:05 118,784 --a------ c:\windows\system32\NxExtensions.dll
2008-12-15 00:10 . 2008-12-15 00:10 <DIR> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-12-15 00:09 . 2008-12-23 19:59 200,904 --a------ c:\windows\system32\nvapps.xml
2008-12-14 23:53 . 2008-12-14 23:55 <DIR> d-------- c:\windows\NV19881964.TMP
2008-12-14 19:24 . 2008-12-14 19:32 <DIR> d-------- c:\windows\NV32641052.TMP
2008-12-14 17:03 . 2008-12-14 17:03 <DIR> d-------- c:\program files\2K Games
2008-12-13 00:07 . 2008-12-13 00:07 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Propellerhead Software
2008-12-13 00:07 . 2008-12-13 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Propellerhead Software
2008-12-13 00:07 . 2008-12-13 00:07 368,640 --a------ c:\windows\system32\ReWire.dll
2008-12-13 00:07 . 2008-12-13 00:07 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-12-13 00:06 . 2008-12-13 00:06 <DIR> d-------- c:\program files\Propellerhead
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-09 21:27 . 2008-12-09 21:36 <DIR> d-------- c:\program files\VirtualDJ
2008-12-08 20:35 . 2008-12-08 20:38 <DIR> d-------- c:\windows\NV19322328.TMP
2008-12-02 23:11 . 2008-12-02 23:11 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2008-11-27 01:53 . 2008-11-27 01:53 552 --a------ c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 20:36 --------- d-----w c:\program files\Google
2008-12-23 17:18 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Xfire
2008-12-23 17:12 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Bioshock
2008-12-23 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-22 22:00 --------- d-----w c:\program files\Steam
2008-12-22 19:04 --------- d-----w c:\program files\CAPCOM
2008-12-22 18:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 17:29 --------- d-----w c:\program files\eMule
2008-12-19 22:44 137,992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-19 22:42 201,816 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-17 15:41 --------- d-s---w c:\program files\Xfire
2008-12-15 05:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 00:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Download Manager
2008-12-15 00:25 --------- d-----w c:\program files\AGEIA Technologies
2008-12-14 17:06 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2008-12-14 15:58 --------- d-----w c:\program files\AMD
2008-12-14 08:06 --------- d-----w c:\program files\Video Convert Master
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 15:34 --------- d-----w c:\program files\KONAMI
2008-12-11 00:43 --------- d-----w c:\program files\Armagetron Advanced
2008-12-09 01:42 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-08 07:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-08 07:04 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
2008-12-08 06:39 --------- d-----w c:\program files\PicLensIE
2008-12-03 04:11 801,312 ----a-w c:\windows\system32\nvcplui.exe
2008-12-03 04:11 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-02 15:13 453,152 -c--a-w c:\windows\system32\NVUNINST.EXE
2008-11-26 23:35 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\dvdcss
2008-11-26 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-22 05:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SPORE Creature Creator
2008-11-22 01:19 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-11-20 03:59 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Megaupload
2008-11-20 03:55 --------- d-----w c:\program files\Megaupload
2008-11-18 18:54 --------- d-----w c:\program files\SpeedFan
2008-11-17 01:43 --------- d-----w c:\program files\Alwil Software
2008-11-17 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-11-16 17:20 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\dyyno-vlc
2008-11-16 00:48 --------- d-----w c:\program files\Dyyno
2008-11-15 05:54 --------- d-----w c:\program files\Creative
2008-11-14 01:50 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 14:26 --------- d-----w c:\program files\Common Files\Futuremark Shared
2008-11-11 23:13 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-11 23:13 22,328 ----a-w c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2008-11-11 23:13 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-11-11 23:09 --------- d-----w c:\program files\Ubisoft
2008-11-07 03:43 210 -c--a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-11-03 05:21 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenArena
2008-10-25 06:39 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\GarageGames
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:12 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-13 14:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-10-07 17:33 86,016 ----a-w c:\windows\system32\nvmctray(4).dll
2008-10-07 17:33 81,920 ----a-w c:\windows\system32\nvwddi(4).dll
2008-10-07 17:33 6,058,112 ----a-w c:\windows\system32\nv4_disp(4).dll
2008-10-07 17:33 475,136 ----a-w c:\windows\system32\nvapi(4).dll
2008-10-07 17:33 163,908 ----a-w c:\windows\system32\nvsvc32(4).exe
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
2008-10-07 14:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
2008-10-07 14:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-10-07 14:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 14:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-08-18 03:05 81,920 ----a-w c:\documents and settings\HP_Administrator\Application Data\ezpinst.exe
2008-08-18 03:05 47,360 ----a-w c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2008-06-13 15:42 53,000 ----a-w c:\documents and settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-14 01:44 1,051,560 ----a-w c:\documents and settings\HP_Administrator\ki2.dat
2008-03-14 01:43 88 ----a-w c:\documents and settings\HP_Administrator\U64KeyMap.dat
2007-09-26 13:02 412,192 --sha-w c:\windows\fidbox.dat
2006-12-03 00:50 22 -csha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-04-11 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2008-05-28 1468928]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD_Display]
--a------ 2008-05-05 08:37 1449984 c:\program files\AMD\AMD Power Monitor\AMD_PwrMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 10:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-04-13 11:05 90112 c:\program files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 23:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-16 00:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 01:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA System Monitor]
--a------ 2008-04-11 08:18 842272 c:\program files\NVIDIA Corporation\NVIDIA System Monitor\NVMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-23 00:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 11:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 c:\program files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"SAVScan"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"SNDSrvc"=3 (0x3)
"NSCService"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"TapiSrv"=3 (0x3)
"RPSUpdaterR"=3 (0x3)
"RP_FWS"=2 (0x2)
"ctm"=2 (0x2)
"seclogon"=2 (0x2)
"Fax"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"McciCMService"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"idsvc"=3 (0x3)
"dvpapi"=2 (0x2)
"FSGuard Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\ElectricSheep.scr"=
"c:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\nfsc.exe"=
"c:\\Program Files\\Steam\\steamapps\\rouxtang\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\source sdk base\\hl2.exe"=
"c:\\Program Files\\XBC\\neXBC.exe"=
"c:\\Program Files\\OGPlanet\\CABAL Online\\cabal.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\day of defeat source\\hl2.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\GAMES SHORTCUTS\\ZSNES_V1.42_win\\zsnesw.exe"=
"c:\\Program Files\\Steam\\steamapps\\shaolinnegga\\source dedicated server\\srcds.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\MAME32\\next mame\\mameppk_bin_gcc-0.119-20070914\\kaillera\\kaillerasrv.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\MAME32\\next mame\\mame117\\kaillera\\kaillerasrv.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict - DEMO\\wic.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\6000\\install\\cyclomite.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\CrosuS\\CrosuSApp.exe"=
"c:\\Program Files\\IGWarlord\\igwarlord.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-16 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-16 20560]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys [2008-07-17 34304]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; []
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv []
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys []
S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys []
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys []
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys []
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys []
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys []
S4 ctm;Convar task manager;c:\program files\Convar\TaskManager\ctm.exe [2007-11-09 98304]
S4 FSGuard Service;FSGuard Service;c:\program files\Convar\FSGuard\FSGS.exe [2007-11-09 73728]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-12-24 c:\windows\Tasks\mwafimpt.job
- c:\windows\system32\rundll32.exe [2004-08-09 23:00]

2008-12-23 c:\windows\Tasks\User_Feed_Synchronization-{483741B0-A6DC-4EFD-B8C3-C62C31ADA0A8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 13:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Qcufiforawumif - c:\windows\ugekitenimiqayoq.dll
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = local
IE: {{449DB14A-F988-4fd8-9361-F212D7B6414B} - c:\program files\CoolIris\CoolIrisPreferences.exe
IE: {{449DB14A-F988-4fd8-9361-F212D7B6414B} - c:\program files\CoolIris\CoolIrisPreferences.exe -

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd

c:\windows\Downloaded Program Files\ActiveBroadcast.ocx - O16 -: {597F9140-0DC6-4657-A162-76EC0E7AEE81}
hxxp://www.meetstream.com/activex/28081/activebroadcast.cab
c:\windows\Downloaded Program Files\ActiveBroadcast.inf

c:\windows\Downloaded Program Files\plinstll.dll - O16 -: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9}
hxxp://affiliates.piclens.com/shared/plinstll.cab
c:\windows\Downloaded Program Files\plinstll.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\s9vokb05.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://gametrailers.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30226.2\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcnc32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 13:36:37
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
Heure de fin: 2008-12-24 13:37:49
ComboFix-quarantined-files.txt 2008-12-24 18:37:35

Avant-CF: 25 415 229 440 bytes free
Après-CF: 26,912,030,720 bytes free

406 --- E O F --- 2008-12-24 00:56:49
0
Réponse 17 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
1/

---> Menu Démarrer > Exécuter > Tape combofix /u et valide.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 18 / 43
Philboom Messages postés 46 Statut Membre 1
 
apres sa, sa sera fini ??
0
Réponse 19 / 43
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Non, je ne pense pas.

Je m'absente.
0
Réponse 20 / 43
Philboom Messages postés 46 Statut Membre 1
 
bon ET voila encore

[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Administrator\Desktop\Rsit.exe: trouvé !
C:\Documents and Settings\HP_Administrator\Desktop\PROG SHORTCUT\HijackThis.lnk: trouvé !
C:\Documents and Settings\HP_Administrator\Desktop\PROG SHORTCUT\SmitFraudFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: trouvé !
C:\WINDOWS\system32\*.msnfix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Administrator\Desktop\PROG SHORTCUT\HijackThis.lnk: supprimé !
C:\Documents and Settings\HP_Administrator\Desktop\PROG SHORTCUT\SmitFraudFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\HP_Administrator\Desktop\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\WINDOWS\Downloaded Program Files\*.msnfix: ERREUR DE SUPPRESSION !!
C:\WINDOWS\system32\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Combofix: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!

Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
Point de restauration crée !

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2008-12-24 14:45:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 34 GB (15%) free of 229 GB
Total RAM: 2558 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:48, on 2008-12-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BellCanada\McciTrayApp.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: CoolIrisIEHelperObject.CoolIrisIEBHO - {AD0BAB4B-212D-45D7-9E5B-CB1579132715} - C:\Program Files\CoolIris\CoolIrisIEHelperObject.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra 'Tools' menuitem: CoolIris Preferences - {449DB14A-F988-4fd8-9361-F212D7B6414B} - C:\Program Files\CoolIris\CoolIrisPreferences.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28081/activebroadcast.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
PDF instantané impossible
Claudev -
PapyLuc51 -

1 réponse
comment copier dans word un instantané d'un pdf
Pichi -
Raymond PENTIER -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses