Sujet Précédent Sujet Suivant

Virus:Pub A repetition

GoGo -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Voila mon soucis .

Ce matin j allume mon pc , et il y as plusieur page internet qui s ouvre a intervalle de 5 secondes +- avec une pub me demandant d apprendre une langue en 5 min enfin bref...

J'ai demarer mon pc en mode sans echec et scanner tout avec CCleaner et avast , et rien du tout .

Personne peut me donner un coup de main svp ?

merci a vous . GoGo
A voir également:

8 réponses

Réponse 1 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 2 / 8
GoGo
 
Search Navipromo version 3.7.1 commencé le jeu. 15/01/2009 à 10:53:57,26

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Gontrand ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090114-0] 4.8.1296 (Activated)
Firewall : NVIDIA Firewall 1.0 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:27 Go (Free:13 Go)
E:\ (CD or DVD)
F:\ (USB)

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Gontrand\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Jerome\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\marc\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Sylvain\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Gontrand\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Jerome\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\marc\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Sylvain\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Gontrand\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Jerome\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\marc\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Sylvain\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Gontrand\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Jerome\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\marc\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Sylvain\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\Gontrand\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Jerome\locals~1\applic~1" :

* Dans "C:\DOCUME~1\marc\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Sylvain\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le jeu. 15/01/2009 à 11:33:32,43 ***
0
Réponse 3 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 4 / 8
GoGo
 
Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Gontrand at 2009-01-15 11:45:02
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (14%) free of 50 GB
Total RAM: 1535 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:12, on 15/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\windows.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Mumble\bin\dbus-daemon.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gontrand\Bureau\RSIT.exe
C:\Program Files\trend micro\Gontrand.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Windows] "C:\Windows\System32\windows.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Audio Windows AudioSrvTrkWks (AudioSrvTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Journal des événements EventlogDhcp (EventlogDhcp) - Unknown owner - C:\WINDOWS\
O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityodserv (FastUserSwitchingCompatibilityodserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityodserv FastUserSwitchingCompatibilityodservRSVP (FastUserSwitchingCompatibilityodservRSVP) - Unknown owner - C:\WINDOWS\
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) ForceWaredmadmin (ForceWaredmadmin) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcMSSQL$SONY_MEDIAMGR (gusvcMSSQL$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: HID Input Service HidServWebClient (HidServWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: HID Input Service HidServWebClient HidServWebClient Antivirus (HidServWebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: HID Input Service HidServWebClient HidServWebClientMessenger (HidServWebClientMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Service COM de gravage de CD IMAPI ImapiServiceW32Time (ImapiServiceW32Time) - Unknown owner - C:\WINDOWS\
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSysmonLog (LmHostsSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: DDE réseau NetDDENetman (NetDDENetman) - Unknown owner - C:\WINDOWS\
O23 - Service: DDE réseau NetDDENetman NetDDENetmangusvcMSSQL$SONY_MEDIAMGR (NetDDENetmangusvcMSSQL$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrA PnkBstrAwinmgmt (PnkBstrAwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: Services IPSEC PolicyAgentERSvc (PolicyAgentERSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Emplacement protégé ProtectedStorageSharedAccess (ProtectedStorageSharedAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessAppMgmt (SharedAccessAppMgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: Spouleur d'impression SpoolerALG (SpoolerALG) - Unknown owner - C:\WINDOWS\
O23 - Service: Acquisition d'image Windows (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Acquisition d'image Windows (WIA) stisvcMessenger (stisvcMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Journaux et alertes de performance SysmonLogMSSQLServerADHelper (SysmonLogMSSQLServerADHelper) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvwscsvc (WmiApSrvwscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Configuration automatique sans fil WZCSVCProtectedStorageSharedAccess (WZCSVCProtectedStorageSharedAccess) - Unknown owner - C:\WINDOWS\
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
GoGo
 
Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Gontrand at 2009-01-15 11:45:02
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (14%) free of 50 GB
Total RAM: 1535 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:12, on 15/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\windows.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Mumble\bin\dbus-daemon.exe
C:\Program Files\windows media player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gontrand\Bureau\RSIT.exe
C:\Program Files\trend micro\Gontrand.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Windows] "C:\Windows\System32\windows.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Audio Windows AudioSrvTrkWks (AudioSrvTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Journal des événements EventlogDhcp (EventlogDhcp) - Unknown owner - C:\WINDOWS\
O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityodserv (FastUserSwitchingCompatibilityodserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityodserv FastUserSwitchingCompatibilityodservRSVP (FastUserSwitchingCompatibilityodservRSVP) - Unknown owner - C:\WINDOWS\
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) ForceWaredmadmin (ForceWaredmadmin) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcMSSQL$SONY_MEDIAMGR (gusvcMSSQL$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: HID Input Service HidServWebClient (HidServWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: HID Input Service HidServWebClient HidServWebClient Antivirus (HidServWebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: HID Input Service HidServWebClient HidServWebClientMessenger (HidServWebClientMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Service COM de gravage de CD IMAPI ImapiServiceW32Time (ImapiServiceW32Time) - Unknown owner - C:\WINDOWS\
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSysmonLog (LmHostsSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: DDE réseau NetDDENetman (NetDDENetman) - Unknown owner - C:\WINDOWS\
O23 - Service: DDE réseau NetDDENetman NetDDENetmangusvcMSSQL$SONY_MEDIAMGR (NetDDENetmangusvcMSSQL$SONY_MEDIAMGR) - Unknown owner - C:\WINDOWS\
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrA PnkBstrAwinmgmt (PnkBstrAwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: Services IPSEC PolicyAgentERSvc (PolicyAgentERSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Emplacement protégé ProtectedStorageSharedAccess (ProtectedStorageSharedAccess) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessAppMgmt (SharedAccessAppMgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: Spouleur d'impression SpoolerALG (SpoolerALG) - Unknown owner - C:\WINDOWS\
O23 - Service: Acquisition d'image Windows (WIA) stisvcBITS (stisvcBITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Acquisition d'image Windows (WIA) stisvcMessenger (stisvcMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Journaux et alertes de performance SysmonLogMSSQLServerADHelper (SysmonLogMSSQLServerADHelper) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvwscsvc (WmiApSrvwscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Configuration automatique sans fil WZCSVCProtectedStorageSharedAccess (WZCSVCProtectedStorageSharedAccess) - Unknown owner - C:\WINDOWS\
0
Réponse 6 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 7 / 8
GoGo
 
ComboFix 09-01-13.04 - Gontrand 2009-01-15 11:57:04.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1535.1130 [GMT 1:00]
Lancé depuis: c:\documents and settings\Gontrand\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090114-0] *On-access scanning disabled* (Outdated)
FW: NVIDIA Firewall *disabled*
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\install.exe
c:\windows\system32\windows.exe
D:\install.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-15 au 2009-01-15 ))))))))))))))))))))))))))))))))))))
.

2009-01-15 11:45 . 2009-01-15 11:45 <REP> d-------- C:\rsit
2009-01-15 11:45 . 2009-01-15 11:45 <REP> d-------- c:\program files\trend micro
2009-01-15 10:52 . 2009-01-15 11:33 <REP> d-------- c:\program files\Navilog1
2009-01-15 10:15 . 2009-01-15 10:15 <REP> d-------- c:\program files\CCleaner
2009-01-14 17:04 . 2009-01-14 17:04 <REP> dr-h----- c:\documents and settings\Gontrand\Application Data\SecuROM
2009-01-11 17:41 . 2009-01-14 19:07 <REP> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2009-01-08 17:05 . 2009-01-08 20:22 <REP> d-------- c:\documents and settings\Gontrand\Application Data\DMCache
2009-01-07 18:31 . 2009-01-09 20:09 <REP> d-------- c:\program files\mIRC
2009-01-06 16:56 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2009-01-06 16:55 . 2009-01-06 16:56 <REP> d-------- c:\program files\Fichiers communs\Logishrd
2009-01-06 16:55 . 2009-01-06 16:55 <REP> d-------- c:\documents and settings\Gontrand\Application Data\InstallShield
2008-12-31 16:43 . 2008-12-31 16:44 <REP> d-------- c:\program files\AV Vcs 6.0 DIAMOND
2008-12-18 12:56 . 2008-12-18 12:57 <REP> d-------- c:\program files\PhotoFiltre

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 10:37 --------- d-----w c:\program files\Steam
2009-01-15 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-14 16:04 --------- d-----w c:\documents and settings\Gontrand\Application Data\BitTorrent
2009-01-14 13:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-14 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-12 19:13 --------- d-----w c:\documents and settings\Gontrand\Application Data\LimeWire
2009-01-09 20:03 --------- d-----w c:\documents and settings\Gontrand\Application Data\mIRC
2009-01-06 15:56 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-01-06 15:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 21:43 --------- d-----w c:\documents and settings\Gontrand\Application Data\Mumble
2009-01-03 15:02 --------- d-----w c:\program files\VentriloMix
2008-12-30 17:32 --------- d-----w c:\documents and settings\Sylvain\Application Data\BearShare
2008-12-30 17:12 --------- d-----w c:\program files\Google
2008-12-26 08:33 --------- d-----w c:\program files\Java
2008-12-14 18:34 --------- d-----w c:\program files\VideoMach-5.1.1
2008-12-14 12:28 --------- d-----w c:\program files\Vstplugins
2008-12-14 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-14 11:59 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 17:31 --------- d-----w c:\program files\PartyGaming
2008-12-09 14:00 --------- d-----w c:\documents and settings\Gontrand\Application Data\teamspeak2
2008-12-08 18:43 --------- d-----w c:\documents and settings\Gontrand\Application Data\gtk-2.0
2008-12-08 12:47 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-12-08 12:47 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-07 10:09 --------- d-----w c:\program files\Xfire
2008-12-06 17:08 --------- d-----w c:\documents and settings\Gontrand\Application Data\Xfire
2008-12-06 11:35 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-30 19:18 --------- d-----w c:\documents and settings\Gontrand\Application Data\PacificPoker
2008-11-29 19:02 --------- d-----w c:\program files\BitTorrent
2008-11-29 19:01 --------- d-----w c:\documents and settings\Gontrand\Application Data\Azureus
2008-11-29 18:46 --------- d-----w c:\documents and settings\Gontrand\Application Data\uTorrent
2008-11-28 15:46 --------- d-----w c:\documents and settings\Jerome\Application Data\uTorrent
2008-11-27 19:23 --------- d-----w c:\program files\Realtek AC97
2008-11-27 17:28 --------- d-----w c:\documents and settings\Jerome\Application Data\vlc
2008-11-26 17:36 --------- d-----w c:\program files\DivX
2008-11-26 08:31 --------- d-----w c:\documents and settings\marc\Application Data\Sony Corporation
2008-11-23 12:35 --------- d-----w c:\documents and settings\Jerome\Application Data\Sony Corporation
2008-11-23 12:24 --------- d-----w c:\program files\Sony
2008-11-20 20:44 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-11-20 16:35 --------- d-----w c:\program files\PokerStars
2008-11-20 16:13 --------- d-----w c:\program files\Everest Poker.net
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-02-24 15:29 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-19 16:21 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 16:21 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 16:21 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 16:21 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 16:21 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-04-20 12:38 340480 b8158e2a6112c0a5ca67bc158fc70218 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2002-08-29 02:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2004-08-04 07:14 359040 1745b00fc1141404b28f4b94f69a8871 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-12-09 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"InstantAccess"="c:\progra~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 37376]
"RegisterDropHandler"="c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 22528]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-08 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2005-12-09 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

c:\documents and settings\Jerome\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-23 344064]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-29 805392]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoLowDiskSpaceCheck"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\fouduroller92\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\fouduroller\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S4 AudioSrvTrkWks;Audio Windows AudioSrvTrkWks;ð%€|x srv --> ð%€|x srv [?]
S4 EventlogDhcp;Journal des événements EventlogDhcp;ð%€|x srv --> ð%€|x srv [?]
S4 FastUserSwitchingCompatibilityodserv;Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityodserv;ð%€|x srv --> ð%€|x srv [?]
S4 FastUserSwitchingCompatibilityodservRSVP;Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityodserv FastUserSwitchingCompatibilityodservRSVP;ð%€|x srv --> ð%€|x srv [?]
S4 ForceWaredmadmin;ForceWare Intelligent Application Manager (IAM) ForceWaredmadmin;ð%€|x srv --> ð%€|x srv [?]
S4 gusvcMSSQL$SONY_MEDIAMGR;Google Updater Service gusvcMSSQL$SONY_MEDIAMGR;ð%€|x srv --> ð%€|x srv [?]
S4 HidServWebClient Antivirus;HID Input Service HidServWebClient HidServWebClient Antivirus;ð%€|x srv --> ð%€|x srv [?]
S4 HidServWebClient;HID Input Service HidServWebClient;ð%€|x srv --> ð%€|x srv [?]
S4 HidServWebClientMessenger;HID Input Service HidServWebClient HidServWebClientMessenger;ð%€|x srv --> ð%€|x srv [?]
S4 ImapiServiceW32Time;Service COM de gravage de CD IMAPI ImapiServiceW32Time;ð%€|x srv --> ð%€|x srv [?]
S4 LmHostsSysmonLog;Assistance TCP/IP NetBIOS LmHostsSysmonLog;ð%€|x srv --> ð%€|x srv [?]
S4 NetDDENetman;DDE réseau NetDDENetman;ð%€|x srv --> ð%€|x srv [?]
S4 NetDDENetmangusvcMSSQL$SONY_MEDIAMGR;DDE réseau NetDDENetman NetDDENetmangusvcMSSQL$SONY_MEDIAMGR;ð%€|x srv --> ð%€|x srv [?]
S4 PnkBstrAwinmgmt;PnkBstrA PnkBstrAwinmgmt;ð%€|x srv --> ð%€|x srv [?]
S4 PolicyAgentERSvc;Services IPSEC PolicyAgentERSvc;ð%€|x srv --> ð%€|x srv [?]
S4 ProtectedStorageSharedAccess;Emplacement protégé ProtectedStorageSharedAccess;ð%€|x srv --> ð%€|x srv [?]
S4 SharedAccessAppMgmt;Pare-feu Windows / Partage de connexion Internet SharedAccessAppMgmt;ð%€|x srv --> ð%€|x srv [?]
S4 SpoolerALG;Spouleur d'impression SpoolerALG;ð%€|x srv --> ð%€|x srv [?]
S4 stisvcBITS;Acquisition d'image Windows (WIA) stisvcBITS;ð%€|x srv --> ð%€|x srv [?]
S4 stisvcMessenger;Acquisition d'image Windows (WIA) stisvcMessenger;ð%€|x srv --> ð%€|x srv [?]
S4 SysmonLogMSSQLServerADHelper;Journaux et alertes de performance SysmonLogMSSQLServerADHelper;ð%€|x srv --> ð%€|x srv [?]
S4 WmiApSrvwscsvc;Carte de performance WMI WmiApSrvwscsvc;ð%€|x srv --> ð%€|x srv [?]
S4 WZCSVCProtectedStorageSharedAccess;Configuration automatique sans fil WZCSVCProtectedStorageSharedAccess;ð%€|x srv --> ð%€|x srv [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0472e2ec-3476-11dd-9b63-001731b6b844}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0472e2f0-3476-11dd-9b63-001731b6b844}]
\Shell\AutoRun\command - t.com
\Shell\explore\Command - t.com
\Shell\open\Command - t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c25d04-5a87-11dd-9bb3-001731b6b844}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Sys.exe
.
Contenu du dossier 'Tâches planifiées'

2008-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\Winampa.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.new2.foto.com/ImageUploader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf
FF - ProfilePath - c:\documents and settings\Gontrand\Application Data\Mozilla\Firefox\Profiles\em1o2p4e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- Associations de fichier -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 12:02:16
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvTrkWks]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventlogDhcp]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityodserv]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityodservRSVP]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForceWaredmadmin]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcMSSQL$SONY_MEDIAMGR]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServWebClient]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServWebClient Antivirus]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServWebClientMessenger]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiServiceW32Time]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsSysmonLog]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDENetman]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDENetmangusvcMSSQL$SONY_MEDIAMGR]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrAwinmgmt]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentERSvc]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorageSharedAccess]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessAppMgmt]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SpoolerALG]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcBITS]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMessenger]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLogMSSQLServerADHelper]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvwscsvc]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCProtectedStorageSharedAccess]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1078081533-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:90,22,92,31,22,45,4d,2c,12,fe,9a,3e,58,11,87,70,05,b9,2f,76,ba,
69,22,fc,69,9e,bb,2b,9a,56,20,4b,8a,75,aa,48,4e,5b,20,be,11,65,fe,be,c2,4d,\
"rkeysecu"=hex:9e,6c,64,c6,6d,05,cb,3e,44,05,79,66,6e,de,29,e6
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\nvappfilter.dll
.
Heure de fin: 2009-01-15 12:05:04
ComboFix-quarantined-files.txt 2009-01-15 11:04:19

Avant-CF: 7.442.878.464 octets libres
Après-CF: 11,893,530,624 octets libres

326 --- E O F --- 2009-01-15 08:18:54
0
Réponse 8 / 8
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau
(choisir l'option nettoyage)
--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses