Sujet Précédent Sujet Suivant

J'ai peut-etre un virus! aidez moi svp

Fermé
angelnight03 Messages postés 3 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 18 janvier 2009 - 17 janv. 2009 à 16:31
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 18 janv. 2009 à 08:38
Bonjour,


je suis quasiment persuadé d'avoir un virus. Mon pc est plus lent ; des fonctions de mon ordinateurs sont bloqués ??
ma mémoire RAM sature rapidement alors meme que j'ai tres récemment installé deux barettes corsair 2*2go sur mon portable (vista premium dc limité à 3Go)

J'ai Mac caffee antivirus version entreprise que j'ai installé récemment à la place d'avast.


J'ai fait un scan avec combo fix, mais je ne suis pas capable de le déchiffrer. Si quelqu'un pouvait bien m'aider, ce serait vraiment gentil.

PS: SI VOUS DESIREZ QUE J'UTILISE UN AUTRE LOGICIEL OU FASSE D'AUTRES DEMARCHES, N'HESITEZ PAS ! :)


ComboFix 09-01-16.03 - Nicky Larson 2009-01-17 23:45:08.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3069.1365 [GMT 9:00]
Lancé depuis: c:\users\Nicky Larson\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))
.

2009-01-17 23:25 . 2009-01-17 23:25 <REP> d-------- c:\windows\BDOSCAN8
2009-01-17 20:50 . 2009-01-17 20:48 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-11 01:51 . 2009-01-11 01:51 <REP> d-------- c:\program files\SHARP
2009-01-10 04:36 . 2009-01-17 23:45 <REP> d-------- C:\QUARANTINE
2009-01-10 02:08 . 2009-01-10 02:09 <REP> d-------- c:\users\All Users\McAfee
2009-01-10 02:08 . 2009-01-10 02:09 <REP> d-------- c:\programdata\McAfee
2009-01-10 02:07 . 2008-01-24 20:50 171,400 --a------ c:\windows\System32\drivers\mfehidk.sys
2009-01-10 02:07 . 2008-01-24 20:50 72,936 --a------ c:\windows\System32\drivers\mfeavfk.sys
2009-01-10 02:07 . 2008-01-24 20:50 64,232 --a------ c:\windows\System32\drivers\mfeapfk.sys
2009-01-10 02:07 . 2008-01-24 20:50 52,104 --a------ c:\windows\System32\drivers\mfetdik.sys
2009-01-10 02:07 . 2008-01-24 20:50 33,960 --a------ c:\windows\System32\drivers\mfebopk.sys
2009-01-10 02:05 . 2009-01-10 02:08 <REP> d-------- c:\program files\McAfee
2009-01-10 02:05 . 2009-01-10 02:05 <REP> d-------- c:\program files\Common Files\McAfee
2009-01-09 04:27 . 2009-01-09 04:27 <REP> d-------- c:\program files\Common Files\Cisco Systems
2009-01-09 04:27 . 2007-10-25 15:06 1,495,552 --a------ c:\windows\System32\epoPGPsdk.dll
2009-01-09 04:27 . 2007-10-25 15:06 280 --a------ c:\windows\System32\epoPGPsdk.dll.sig
2009-01-06 23:53 . 2009-01-06 23:53 <REP> d-------- c:\users\Nicky Larson\AppData\Roaming\Ahead
2009-01-06 23:53 . 2009-01-06 23:53 <REP> d-------- c:\users\All Users\Ahead
2009-01-06 23:53 . 2009-01-06 23:53 <REP> d-------- c:\programdata\Ahead
2009-01-06 23:52 . 2009-01-06 23:52 <REP> d-------- c:\users\All Users\Nero
2009-01-06 23:52 . 2009-01-06 23:52 <REP> d-------- c:\programdata\Nero
2009-01-06 23:52 . 2009-01-06 23:52 <REP> d-------- c:\program files\Nero
2009-01-06 23:52 . 2009-01-06 23:52 <REP> d-------- c:\program files\Common Files\Ahead
2009-01-06 12:29 . 2009-01-06 12:29 56 --ah----- c:\users\All Users\ezsidmv.dat
2009-01-06 12:29 . 2009-01-06 12:29 56 --ah----- c:\programdata\ezsidmv.dat
2009-01-06 12:28 . 2009-01-06 12:28 <REP> d-------- c:\program files\Skype
2009-01-06 12:28 . 2009-01-06 12:28 <REP> d-------- c:\program files\Common Files\Skype
2009-01-04 23:56 . 2009-01-04 23:56 <REP> d-------- c:\program files\Common Files\Pinnacle
2009-01-04 23:55 . 2009-01-04 23:55 <REP> d-------- c:\users\All Users\Pinnacle Studio Ultimate
2009-01-04 23:55 . 2009-01-04 23:55 <REP> d-------- c:\programdata\Pinnacle Studio Ultimate
2009-01-04 23:54 . 2009-01-04 23:54 <REP> dr------- c:\users\Nicky Larson\Videos
2009-01-04 23:46 . 2009-01-04 23:46 <REP> d-------- c:\users\All Users\Studio 12
2009-01-04 23:46 . 2009-01-04 23:46 <REP> d-------- c:\users\All Users\Pinnacle Studio Plus
2009-01-04 23:46 . 2009-01-04 23:46 <REP> d-------- c:\programdata\Studio 12
2009-01-04 23:46 . 2009-01-04 23:46 <REP> d-------- c:\programdata\Pinnacle Studio Plus
2009-01-04 23:46 . 2009-01-04 23:46 <REP> d-------- c:\program files\Pinnacle
2009-01-04 23:46 . 2009-01-04 23:46 <REP> d-------- c:\program files\Common Files\Yahoo!
2009-01-04 23:41 . 2009-01-04 23:46 <REP> d-------- c:\users\All Users\Pinnacle
2009-01-04 23:41 . 2009-01-04 23:46 <REP> d-------- c:\programdata\Pinnacle
2008-12-19 20:43 . 2008-12-19 20:43 <REP> d-------- c:\users\Nicky Larson\AppData\Roaming\WildTangent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 14:41 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\Skype
2009-01-17 11:48 --------- d-----w c:\program files\Java
2009-01-17 11:19 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\skypePM
2009-01-16 15:34 207,732 ----a-w c:\users\Nicky Larson\AppData\Roaming\nvModes.dat
2009-01-16 14:17 --------- d-----w c:\program files\Starcraft
2009-01-15 16:24 --------- d-----w c:\program files\Common Files\Steam
2009-01-15 15:15 --------- d-----w c:\programdata\Microsoft Help
2009-01-13 16:38 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\uTorrent
2009-01-09 18:07 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\Hamachi
2009-01-09 16:28 --------- d-----w c:\program files\Pcsx2_0.9.4
2009-01-09 15:58 --------- d-----w c:\program files\Alwil Software
2009-01-06 03:28 --------- d-----w c:\programdata\Skype
2008-12-19 11:43 --------- d-----w c:\programdata\WildTangent
2008-12-14 09:57 --------- d-----w c:\program files\Smallvideosoft
2008-12-14 09:43 --------- d-----w c:\programdata\Video Converter Studio
2008-12-10 14:40 --------- d-----w c:\program files\Windows Mail
2008-12-05 05:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 05:47 --------- d-----w c:\program files\Common Files\snp2uvc
2008-12-05 05:01 --------- d-----w c:\program files\Apple Software Update
2008-12-05 05:00 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 05:00 --------- d-----w c:\program files\iTunes
2008-12-05 05:00 --------- d-----w c:\program files\iPod
2008-12-05 05:00 --------- d-----w c:\program files\Common Files\Apple
2008-12-05 04:58 --------- d-----w c:\program files\QuickTime
2008-12-05 04:50 --------- d-----w c:\program files\Bonjour
2008-12-05 04:24 --------- d-----w c:\program files\SP38886
2008-12-05 04:03 --------- d-----w c:\program files\HP 1.3MP Webcam
2008-12-05 03:46 --------- d---a-w c:\programdata\TEMP
2008-12-02 13:32 --------- d-----w c:\program files\Free Music Zilla
2008-12-02 13:03 --------- d-----w c:\program files\Freecorder
2008-12-02 13:03 --------- d-----w c:\program files\Conduit
2008-12-02 13:02 --------- d-----w c:\program files\Freecorder Toolbar
2008-12-02 12:42 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\Shareaza
2008-12-02 12:42 --------- d-----w c:\program files\Shareaza
2008-12-02 12:03 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\Sony
2008-12-02 11:59 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\Publish Providers
2008-12-02 11:40 --------- d-----w c:\program files\Vstplugins
2008-12-02 11:39 --------- d-----w c:\programdata\Sony
2008-12-02 11:38 --------- d-----w c:\program files\Sony
2008-12-02 11:35 --------- d-----w c:\program files\Sony Setup
2008-11-29 19:05 --------- d-----w c:\program files\KOEI
2008-11-28 10:34 --------- d-----w c:\program files\Hamachi
2008-11-28 10:32 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-26 15:50 --------- d-----w c:\program files\Warcraft III
2008-11-23 21:11 --------- d-----w c:\users\Nicky Larson\AppData\Roaming\GPass
2008-11-20 04:19 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-19 11:17 --------- d-----w c:\program files\PSL
2008-11-18 01:01 --------- d-----w c:\program files\Phoenix Crew
2008-11-17 03:49 --------- d-----w c:\program files\Common Files\Deterministic Networks
2008-11-17 03:49 --------- d-----w c:\program files\Cisco Systems
2008-11-13 23:24 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-11-13 23:24 466,944 ------w c:\windows\Setup1.exe
2008-11-04 13:44 377,331 ----a-w C:\dorpq5F7Ds_Vista-Ipx-dll.zip
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-05-31 00:55 174 --sha-w c:\program files\desktop.ini
2008-04-15 22:57 32 ----a-w c:\users\All Users\ezsid.dat
2008-04-15 22:57 32 ----a-w c:\programdata\ezsid.dat
2007-08-25 01:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-06-15 20:50 1571864 --a------ c:\program files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-02-01 2194744]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 221568]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-10-12 1410296]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-21 331776]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"Arucer"="c:\windows\system32\Arucer.dll" [2007-05-10 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872]
"JiWireBOTMapper"="c:\program files\JiWire\BOT Mapping\JiWireBOT.exe" [2007-05-29 657168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 c:\windows\System32\ICO.EXE]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 727592]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-05-20 49220]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-11-17 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC6548C4-FDAF-48EA-977B-FCE116D25F0F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{56A3121B-487C-4BCE-8C14-9153AA9A29EE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0EF0251F-191B-4473-ABF1-45F29CDAE69F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{258F2368-84A1-4DE3-8EB6-B048F343F125}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10C36541-2BBB-4167-BABD-DA4136E274D8}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9A6B9C8E-22BD-44DE-A398-A1F99F1C7583}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B08366E3-1F0F-48E4-96B2-ED60259E9A77}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D4702C1B-C7DF-4EA0-AC3A-086C0267332B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7D8C0980-3A58-4914-9F79-41A67F456996}"= Disabled:UDP:c:\program files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:Starship Troopers
"{CE758F4A-CF5E-46D0-93E2-85F8EBBFA362}"= Disabled:TCP:c:\program files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:Starship Troopers
"{72DCBDA0-C79C-41C5-9DED-C02AC8F28AD1}"= UDP:6112:starcraft
"{B97FEC5A-BAC5-4364-8940-2D8487A08A24}"= TCP:6112:starcraft
"{3DE411E4-A089-4197-89A6-4C95E57E151D}"= UDP:c:\program files\Starcraft\AdvLoader\AdvLoader.exe:AdvLoader v2.1
"{6DF1C2F5-2CCF-4562-A270-BF7F604FDD40}"= TCP:c:\program files\Starcraft\AdvLoader\AdvLoader.exe:AdvLoader v2.1
"{C84AD081-2E95-48AA-B7F2-7B652FDFC881}"= UDP:c:\program files\Starcraft\StarCraft.exe:StarCraft
"{E48E49DE-E938-4B69-A04A-F22F962686B3}"= TCP:c:\program files\Starcraft\StarCraft.exe:StarCraft
"{F71B76B8-A8E1-4F85-B47E-DD8070BD9CCD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C36A74D8-9D20-4AF0-B845-BEB6C0FCAF64}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D7502E3A-C287-4A6B-8018-287B10909ED6}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{B871D754-24CF-4019-B6F2-6ACEBE04E04C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{73D31590-9A5B-4BA4-935C-ED3CF3C02A37}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{9C417717-6066-4089-AE0D-E61023AF046A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{95E9A0C5-C666-4EFA-AA06-E7C36930DDE9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{DCAB9E85-4F7D-428D-B770-97A97B6A28EC}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9DB023C3-8EAB-49BD-A736-CAC5DC0A70E4}"= c:\program files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:Rosetta Stone V3 Application
"{36AFB8AD-DD0A-47AF-A6AB-3C6A02838D59}"= c:\program files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"TCP Query User{73368040-D902-4A0F-BC2E-D48B46A6F3E6}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{C1B0F2C3-112A-4193-BCDA-DF32B4BBD95D}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{FEF4EB0F-88EF-4BCE-9A01-49E878ACA8A1}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{312859B2-EA12-49BB-8814-0F561D973A40}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{1E54A106-3033-4B5C-B37D-BCBB789D8155}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{84CEB5B5-073F-472D-9D6D-2D84500CB580}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{77BB401E-1C1F-47DA-A479-B8E750B06D32}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{15943EA6-A082-4A02-80EF-BB920232E561}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{173110E9-5D89-4D53-BD1B-ABACA2D864F0}c:\\windows\\system32\\rundll32.exe"= UDP:c:\windows\system32\rundll32.exe:Processus hôte Windows (Rundll32)
"UDP Query User{7535550E-F206-4E3D-AE00-2C2D9439D5E1}c:\\windows\\system32\\rundll32.exe"= TCP:c:\windows\system32\rundll32.exe:Processus hôte Windows (Rundll32)
"TCP Query User{37F20158-CC53-4454-A1B0-E02BEB586189}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A7AEC1EC-9ED9-498E-BBE9-327EA4F124D0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3600D0A2-746A-4CFF-985B-6B76403692E1}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{12D9FE05-191A-4165-BDEF-467889C55B0B}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{B0AE52C0-F5F3-4AB8-82E8-8BA03A3811EE}"= UDP:c:\program files\Starcraft\chaos launcher\Chaoslauncher.exe:Chaoslauncher
"{BA8F459C-498E-431C-885C-42CD8A8EA8AA}"= TCP:c:\program files\Starcraft\chaos launcher\Chaoslauncher.exe:Chaoslauncher
"{FFFB6E47-DF4C-47EA-AC93-F90BECD8132E}"= UDP:6114:starcraft
"TCP Query User{64156ADA-A2FF-4B8B-B7B8-7C60699051C0}c:\\windows\\system32\\rundll32.exe"= UDP:c:\windows\system32\rundll32.exe:Processus hôte Windows (Rundll32)
"UDP Query User{A83DDF16-FF45-4636-8751-53D7E125C5CA}c:\\windows\\system32\\rundll32.exe"= TCP:c:\windows\system32\rundll32.exe:Processus hôte Windows (Rundll32)
"TCP Query User{24129713-9D4F-4B90-923C-0ABC7E8F09F5}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{CF72B6AF-C11A-4A17-A015-D10BF074D9D5}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{4EC22903-A6CB-4A6E-A29B-99FEE6EBB64C}c:\\users\\nicky larson\\downloads\\downloader_starcraft_combo_engb.exe"= UDP:c:\users\nicky larson\downloads\downloader_starcraft_combo_engb.exe:downloader_starcraft_combo_engb.exe
"UDP Query User{C908162F-3DFD-4B61-94A9-EC82650DBABA}c:\\users\\nicky larson\\downloads\\downloader_starcraft_combo_engb.exe"= TCP:c:\users\nicky larson\downloads\downloader_starcraft_combo_engb.exe:downloader_starcraft_combo_engb.exe
"TCP Query User{2CA7BDD2-C6B7-476F-9011-E7258DC1317F}c:\\users\\nicky larson\\downloads\\downloader_starcraft_combo_enus.exe"= UDP:c:\users\nicky larson\downloads\downloader_starcraft_combo_enus.exe:downloader_starcraft_combo_enus.exe
"UDP Query User{A770BD67-ED73-4A3F-B9AD-CDB48D365AA3}c:\\users\\nicky larson\\downloads\\downloader_starcraft_combo_enus.exe"= TCP:c:\users\nicky larson\downloads\downloader_starcraft_combo_enus.exe:downloader_starcraft_combo_enus.exe
"{8548131A-F896-4062-936D-CFA58F584CA2}"= UDP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"{266614D8-5856-4AE1-BB1E-EF43DA62D83F}"= TCP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"{C0270276-13A0-4304-AABD-D5B57E16694B}"= TCP:1234:vlc streaming port distant
"{0F56CE57-337F-491E-B043-B71A216D4642}"= UDP:8080:vlc streaming protocole TCP
"TCP Query User{1E6CDA4F-4E90-4AB9-8722-1BBAE791A840}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{46FE92A8-3224-4F4E-BD30-07AED911EA8C}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{1F174BE4-F6FA-4A13-BBBA-F019E0BD6A64}"= UDP:6346:shareaza
"{33E564E3-D3DE-43BB-A4D6-8600EA040345}"= TCP:6346:shareaza
"{993BDA88-3DF3-4E42-92D0-F4C9E70A413B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C11B620E-C46A-41EB-A75C-7ABB7ABFF65B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D8ED4CD9-2055-4ADA-9123-D3CBD076790F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{97CB3018-1A1B-4493-B4A9-71051DC5AB4E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AE0857EA-FF4B-4E8C-960C-17CA8DA02A07}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{F3700FC5-961E-4A72-8134-C8AE7B065FDF}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{A3FB214E-BE1A-40DB-8524-21747B183FBB}"= UDP:57002:Skype
"{9C9F06D4-4514-471A-AE4E-218AD6FE3631}"= UDP:80:Skype 2
"{69E578AA-B65C-4FFA-B7CC-D7CDD367DEC3}"= UDP:443:Skype 3
"TCP Query User{1B11D882-787C-4262-886C-685C2FF6AED2}c:\\users\\nicky larson\\downloads\\sc2-battlereport-1_pegi-downloader.exe"= UDP:c:\users\nicky larson\downloads\sc2-battlereport-1_pegi-downloader.exe:sc2-battlereport-1_pegi-downloader.exe
"UDP Query User{DAEA0B3A-83E2-46EB-B27C-043D39E55289}c:\\users\\nicky larson\\downloads\\sc2-battlereport-1_pegi-downloader.exe"= TCP:c:\users\nicky larson\downloads\sc2-battlereport-1_pegi-downloader.exe:sc2-battlereport-1_pegi-downloader.exe
"{D5B406FE-5C02-473E-8442-E36E48F79CB1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{8925F0B8-B16B-43D6-8134-7CDCA22D21CE}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{B46B8533-B176-4FAF-898A-4B0C5B08B318}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{1C143585-A3CD-47B9-A1F9-636CF0F28232}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{B3FA9635-4BF0-4164-A3FF-BAF4C2B40995}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{248658DF-FCF0-497B-A2CF-29F15AFBB2BC}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{08AC9ED8-18EC-4CE6-8464-FC84D6325CA7}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{A4D993C7-9FDC-444D-A234-EF65E056647A}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [2008-10-02 482176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-07 34064]
S3 UCharger;Usb Charger Driver;c:\windows\System32\drivers\UCharger.sys [2008-10-21 13765]
S3 wsvad_driver;WS Audio Device;c:\windows\System32\drivers\VirtualAudio.sys [2008-11-07 16896]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b58047-4a92-11dd-be5f-001e37723552}]
\shell\AutoRun\command - ocbqsqj.bat
\shell\explore\Command - ocbqsqj.bat
\shell\open\Command - ocbqsqj.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b58060-4a92-11dd-be5f-001e37723552}]
\shell\AutoRun\command - H:\EmDesk.exe
\shell\EmDesk\command - H:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f7b9e1f-e27e-11dc-9923-001e37723552}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d163475-e248-11dc-b2bb-806e6f6e6963}]
\shell\AutoRun\command - E:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0eeb9f-ef63-11dc-afd0-001e37723552}]
\shell\AutoRun\command - H:\mvxm.cmd
\shell\explore\Command - H:\mvxm.cmd
\shell\open\Command - H:\mvxm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba74f9a7-e34a-11dc-ab44-001e37723552}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c828b336-0b45-11dd-a2d3-001e37723552}]
\shell\AutoRun\command - pa39xth.cmd
\shell\explore\Command - pa39xth.cmd
\shell\open\Command - pa39xth.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db0bc93f-2057-11dd-b97d-001e37723552}]
\shell\Auto\command - H:\UFO.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\UFO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-01-12 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Nicky Larson.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-01-17 c:\windows\Tasks\User_Feed_Synchronization-{7BDDBF82-88E8-4925-AF97-8AA3656BAAE3}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 06:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: www3.tellmemorecampus.com
Trusted Zone: www3.tellmemorecampus.com

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
FF - ProfilePath - c:\users\Nicky Larson\AppData\Roaming\Mozilla\Firefox\Profiles\zanevjts.default\
FF - prefs.js: browser.search.selectedEngine - Wikipédia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Nicky Larson\AppData\Roaming\Mozilla\Firefox\Profiles\zanevjts.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 00:00:47
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP00000024386D5BEBEFF654EF 524288 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5408)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\conime.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\System32\sdclt.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Heure de fin: 2009-01-18 0:15:19 - La machine a redémarré [Nicky Larson]
ComboFix-quarantined-files.txt 2009-01-17 15:15:09

Avant-CF: 2 998 640 640 octets libres
Après-CF: 2,384,064,512 octets libres

429 --- E O F --- 2008-12-18 06:29:39




4 réponses

Réponse 1 / 4
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
17 janv. 2009 à 17:23
bonjour,

Telecharge UsbFix sur ton bureau http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
clic sur le raccourci UsbFix sur ton bureau
choisi l option 1 (nettoyage)
Le pc va redémarer
Apres redémarrage post le rapport UsbFix.txt dans C
le logiciel est detecté par certains antivirus si c'est le cas ignore l'alerte et desactive tes defense le temps du scan
0
Réponse 2 / 4
angelnight03 Messages postés 3 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 18 janvier 2009
17 janv. 2009 à 19:51
merci bcp de m'aider !


voici le rapport usbfix:




-------------- UsbFix V2.414.3 ---------------

* User : Nicky Larson - MOKORI-NO-PC
* Outils mis a jours le 15/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 3:42:44 le 18/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe
H: - Lecteur fixe
J: - Lecteur amovible

+- Contenu de l'autorun : J:\autorun.inf

;woqafKlwq1LAsaCd0fS01qK4siAddAisiiwdK0ak0e0iwD4JSjiarw2e3Ams3rX28FlksDwDkl2lalajl3jZJ5i2Ao34Jw9Dooa30
[AutoRun]
;0aqk52sw0Kj04D04a
open=ocbqsqj.bat
;ilaaqlkskaawr20w1w2Xsnf3ZraoDaksjfKk0sZS1ijkd2k3aoK5aLjAKp
shell\open\Command=ocbqsqj.bat
;lpdk4ZDsi272aLl2AfSkj5o9A4r43J
shell\open\Default=1
;2r9LAddlX3qppqs175
shell\explore\Command=ocbqsqj.bat
;aqoasHiKej3swe5ojADJCw2DAswa94mKD33iflsqsiaAL43ks84d13Lk


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[10/11/2007 08:18][--a------] C:\autoexec.bat
[19/11/2008 17:50][--a------] C:\BnetLog.txt
[19/11/2008 17:50][--a------] C:\ComboFix.txt
[19/11/2008 17:50][--a------] C:\UsbFix.txt
[19/09/2006 06:43][--a------] C:\config.sys
[19/09/2006 06:43][--a------] C:\hiberfil.sys
[19/09/2006 06:43][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

[06/09/2008 20:19][---hs----] D:\Desktop.ini
[11/09/2002 01:14][---hs----] D:\Folder.htt

--------------- [ Lecteur H ] ----------------

H: - Lecteur fixe

+- Listing des fichiers présents :


--------------- [ Lecteur J ] ----------------

J: - Lecteur amovible

+- Listing des fichiers présents :

[30/09/2007 21:37][--a------] J:\EmDesk.exe
[15/12/2008 13:16][-r-hs----] J:\autorun.inf

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
LightScribe Control Panel=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
BitComet="C:\Program Files\BitComet\BitComet.exe" /tray
AlcoholAutomount="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
Steam="c:\program files\valve\steam\steam.exe" -silent
Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Apoint=C:\Program Files\Apoint2K\Apoint.exe
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
QPService="C:\Program Files\HP\QuickPlay\QPService.exe"
QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
OnScreenDisplay=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
DpAgent=C:\Program Files\DigitalPersona\Bin\dpagent.exe
HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
WAWifiMessage=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Mouse Suite 98 Daemon=ICO.EXE
AGEIA PhysX SysTray=C:\Program Files\AGEIA Technologies\TrayIcon.exe
PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Arucer=rundll32 C:\Windows\system32\Arucer.dll,Arucer
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
JiWireBOTMapper="C:\Program Files\JiWire\BOT Mapping\JiWireBOT.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
UCam_Menu="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
NBKeyScan="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
ShStatEXE="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47b58047-4a92-11dd-be5f-001e37723552}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47b58047-4a92-11dd-be5f-001e37723552}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47b58047-4a92-11dd-be5f-001e37723552}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47b58060-4a92-11dd-be5f-001e37723552}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f7b9e1f-e27e-11dc-9923-001e37723552}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d163475-e248-11dc-b2bb-806e6f6e6963}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0eeb9f-ef63-11dc-afd0-001e37723552}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0eeb9f-ef63-11dc-afd0-001e37723552}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0eeb9f-ef63-11dc-afd0-001e37723552}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba74f9a7-e34a-11dc-ab44-001e37723552}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c828b336-0b45-11dd-a2d3-001e37723552}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c828b336-0b45-11dd-a2d3-001e37723552}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c828b336-0b45-11dd-a2d3-001e37723552}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db0bc93f-2057-11dd-b97d-001e37723552}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

J:\autorun.inf ~> fichier appelé : "J:\ocbqsqj.bat" ( absent ! )
Supprimé ! - [11/09/2002 01:14][---hs----] D:\Folder.htt
Supprimé ! - [15/12/2008 13:16][-r-hs----] J:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[10/11/2007 08:18][--a------] C:\autoexec.bat
[06/09/2008 20:19][---hs----] D:\Desktop.ini
[30/09/2007 21:37][--a------] J:\EmDesk.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
H:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
J:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
Réponse 3 / 4
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
17 janv. 2009 à 20:56
telecharge hijackthis ici

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

choisit "do a scan and save the log et poste le rapport stp
0
angelnight03 Messages postés 3 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 18 janvier 2009
18 janv. 2009 à 06:33
rapport de Hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28:27, on 18/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\ICO.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\JiWire\BOT Mapping\jiwirebot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\Nicky Larson\Desktop\HiJackThis(2).exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Arucer] rundll32 C:\Windows\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [JiWireBOTMapper] "C:\Program Files\JiWire\BOT Mapping\JiWireBOT.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www3.tellmemorecampus.com
O15 - Trusted Zone: http://www3.tellmemorecampus.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 4 / 4
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
18 janv. 2009 à 08:38
sa à l'air bien, tu as encore des problemes ?

relance hijackthis choisit do a scan only et coche les cases a gauches des lignes :

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

puis clic sur fix checked.


ensuite pour faire un controle telecharge et installe malwarebyte, met le a jour

http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware

et fais un scan rapide et poste le rapport
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses