A voir également:
- Trojan horse win 32
- 32 bits - Guide
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Poweriso 32 bit - Télécharger - Gravure
- Win setup from usb - Télécharger - Utilitaires
- Telecharger win rar - Télécharger - Compression & Décompression
90 réponses
ComboFix 09-02-08.02 - Compaq_Propriétaire 2009-02-09 22:21:21.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.654 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire.LAURENT\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire.LAURENT\Bureau\CFScript.txt
AV: Avira Premium Security Suite *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
FW: Norton Internet Worm Protection *disabled*
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\securenet.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\securenet.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.
2009-02-09 20:32 . 2009-02-09 20:32 <REP> d-------- c:\program files\Avira
2009-02-09 20:32 . 2008-05-07 13:20 71,592 --a------ c:\windows\system32\drivers\avfwot.sys
2009-02-09 20:32 . 2008-05-07 09:51 71,464 --a------ c:\windows\system32\drivers\avfwim.sys
2009-02-06 12:05 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-06 12:05 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
2009-02-04 21:26 . 2009-02-09 20:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-02 21:45 . 2009-02-02 21:56 <REP> d-------- c:\program files\Ghost Navigator2_8_2
2009-02-01 00:12 . 2009-02-01 00:13 <REP> d-------- c:\program files\Change Extension
2009-02-01 00:12 . 2009-02-01 00:13 88,064 --a------ c:\windows\AMUninst01c.exe
2009-01-25 00:47 . 2009-01-25 00:47 <REP> d-------- c:\windows\BDOSCAN8
2009-01-25 00:33 . 2009-01-25 00:40 <REP> d-------- c:\program files\Easy-Hide-IP
2009-01-25 00:33 . 2009-01-25 00:33 62 --a------ c:\windows\MyProg.ini
2009-01-22 19:36 . 2009-01-22 19:36 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-21 18:59 . 2009-01-21 18:59 <REP> d-------- c:\program files\Sunbelt Software
2009-01-20 23:56 . 2009-01-20 23:56 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Malwarebytes
2009-01-20 23:55 . 2009-01-20 23:55 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 23:55 . 2009-01-20 23:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-20 23:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 23:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-20 21:48 . 2009-01-20 21:48 <REP> d-------- c:\program files\Trend Micro
2009-01-20 18:09 . 2009-01-20 21:39 <REP> d-------- c:\program files\FindyKill
2009-01-19 12:03 . 2009-01-19 12:08 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\MyProxy
2009-01-19 11:51 . 2009-01-19 11:52 <REP> d-------- c:\program files\TigerCreep
2009-01-19 11:51 . 2009-01-19 11:52 125 --a------ C:\ioSpecial.ini
2009-01-18 19:08 . 2009-01-18 19:08 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Anonymizer
2009-01-18 19:08 . 2009-01-18 19:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Anonymizer
2009-01-17 12:28 . 2009-01-17 12:35 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Hide IP NG
2009-01-17 12:24 . 2009-01-17 12:25 <REP> d-------- c:\program files\Max2k
2009-01-17 12:11 . 2009-01-18 19:37 <REP> d-------- c:\program files\FreeNinjaSurfing
2009-01-16 21:47 . 2009-01-16 21:47 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-16 21:47 . 2009-01-16 21:47 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 20:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 20:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-09 16:02 2,342 -c--a-w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\wklnhst.dat
2009-02-04 22:09 --------- d-----w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Azureus
2009-02-04 13:15 --------- d-----w c:\program files\Azureus
2009-02-02 22:28 --------- d-----w c:\program files\Norton AntiVirus
2009-02-02 22:27 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-02 22:27 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-27 17:15 --------- d-----w c:\program files\Google
2009-01-26 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-06 14:40 --------- d-----w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\HPQ
2009-01-04 10:03 --------- d-----w c:\program files\GordianKnot
2009-01-02 21:11 36,734 ----a-w c:\windows\system32\OggDSuninst.exe
2009-01-02 21:11 33,533 ----a-w c:\windows\system32\CoreVorbis-uninstall.exe
2009-01-02 21:11 --------- d-----w c:\program files\Morgan
2009-01-02 21:11 --------- d-----w c:\program files\ffdshow
2009-01-02 21:10 --------- d-----w c:\program files\XviD
2009-01-02 21:10 --------- d-----w c:\program files\DivX
2009-01-02 21:10 --------- d-----w c:\program files\AC3Filter
2009-01-02 21:09 --------- d-----w c:\program files\Gabest
2009-01-02 21:09 --------- d-----w c:\program files\AviSynth 2.5
2008-12-29 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-24 20:05 --------- d-----w c:\program files\Windows Live
2008-12-24 18:09 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-12 17:02 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:45 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-21 21:45 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-11-21 21:45 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-11-21 21:45 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-11-21 21:45 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-21 21:45 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-01 09:29 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\pcouffin.sys
2008-09-24 19:11 6,532 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2008-09-15 22:51 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\pcouffin.sys
2007-10-31 15:29 81,920 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\ezpinst.exe
2007-10-30 15:56 870,400 -c--a-w c:\documents and settings\Compaq_Propriétaire\autorun.dat
2006-10-25 12:17 258 -c--a-w c:\documents and settings\Compaq_Propriétaire\dat.bin
2008-10-11 12:58 56 --sh--r c:\windows\system32\7147340448.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_19.57.09.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-12 10:29:14 94,465 ----a-w c:\windows\system32\avsda.dll
+ 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-19 7557120]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 180269]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-04-19 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-02-09 71592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-06 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-02-09 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2009-02-09 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-02-09 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2009-02-09 41217]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-02-09 71464]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-06 65576]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator2_8_2\Ghost
LSP: avsda.dll
TCP: {808186BC-6144-45EF-BFE3-D11F4337EC02} = 208.67.220.220,208.67.222.222
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Mozilla\Firefox\Profiles\g7t84lkf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 22:28:30
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1200)
c:\windows\system32\avsda.dll
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-02-09 22:31:48 - La machine a redémarré [Compaq_Propriétaire]
ComboFix-quarantined-files.txt 2009-02-09 21:31:41
ComboFix2.txt 2009-02-09 18:59:00
Avant-CF: 101 251 375 104 octets libres
Après-CF: 101,241,786,368 octets libres
224 --- E O F --- 2009-01-13 19:16:04
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.654 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire.LAURENT\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Compaq_Propriétaire.LAURENT\Bureau\CFScript.txt
AV: Avira Premium Security Suite *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
FW: Norton Internet Worm Protection *disabled*
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\system32\securenet.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\securenet.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.
2009-02-09 20:32 . 2009-02-09 20:32 <REP> d-------- c:\program files\Avira
2009-02-09 20:32 . 2008-05-07 13:20 71,592 --a------ c:\windows\system32\drivers\avfwot.sys
2009-02-09 20:32 . 2008-05-07 09:51 71,464 --a------ c:\windows\system32\drivers\avfwim.sys
2009-02-06 12:05 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-06 12:05 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
2009-02-04 21:26 . 2009-02-09 20:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-02 21:45 . 2009-02-02 21:56 <REP> d-------- c:\program files\Ghost Navigator2_8_2
2009-02-01 00:12 . 2009-02-01 00:13 <REP> d-------- c:\program files\Change Extension
2009-02-01 00:12 . 2009-02-01 00:13 88,064 --a------ c:\windows\AMUninst01c.exe
2009-01-25 00:47 . 2009-01-25 00:47 <REP> d-------- c:\windows\BDOSCAN8
2009-01-25 00:33 . 2009-01-25 00:40 <REP> d-------- c:\program files\Easy-Hide-IP
2009-01-25 00:33 . 2009-01-25 00:33 62 --a------ c:\windows\MyProg.ini
2009-01-22 19:36 . 2009-01-22 19:36 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-21 18:59 . 2009-01-21 18:59 <REP> d-------- c:\program files\Sunbelt Software
2009-01-20 23:56 . 2009-01-20 23:56 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Malwarebytes
2009-01-20 23:55 . 2009-01-20 23:55 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 23:55 . 2009-01-20 23:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-20 23:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 23:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-20 21:48 . 2009-01-20 21:48 <REP> d-------- c:\program files\Trend Micro
2009-01-20 18:09 . 2009-01-20 21:39 <REP> d-------- c:\program files\FindyKill
2009-01-19 12:03 . 2009-01-19 12:08 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\MyProxy
2009-01-19 11:51 . 2009-01-19 11:52 <REP> d-------- c:\program files\TigerCreep
2009-01-19 11:51 . 2009-01-19 11:52 125 --a------ C:\ioSpecial.ini
2009-01-18 19:08 . 2009-01-18 19:08 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Anonymizer
2009-01-18 19:08 . 2009-01-18 19:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Anonymizer
2009-01-17 12:28 . 2009-01-17 12:35 <REP> d-------- c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Hide IP NG
2009-01-17 12:24 . 2009-01-17 12:25 <REP> d-------- c:\program files\Max2k
2009-01-17 12:11 . 2009-01-18 19:37 <REP> d-------- c:\program files\FreeNinjaSurfing
2009-01-16 21:47 . 2009-01-16 21:47 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-16 21:47 . 2009-01-16 21:47 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 20:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 20:56 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-09 16:02 2,342 -c--a-w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\wklnhst.dat
2009-02-04 22:09 --------- d-----w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Azureus
2009-02-04 13:15 --------- d-----w c:\program files\Azureus
2009-02-02 22:28 --------- d-----w c:\program files\Norton AntiVirus
2009-02-02 22:27 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-02-02 22:27 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-27 17:15 --------- d-----w c:\program files\Google
2009-01-26 16:43 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-06 14:40 --------- d-----w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\HPQ
2009-01-04 10:03 --------- d-----w c:\program files\GordianKnot
2009-01-02 21:11 36,734 ----a-w c:\windows\system32\OggDSuninst.exe
2009-01-02 21:11 33,533 ----a-w c:\windows\system32\CoreVorbis-uninstall.exe
2009-01-02 21:11 --------- d-----w c:\program files\Morgan
2009-01-02 21:11 --------- d-----w c:\program files\ffdshow
2009-01-02 21:10 --------- d-----w c:\program files\XviD
2009-01-02 21:10 --------- d-----w c:\program files\DivX
2009-01-02 21:10 --------- d-----w c:\program files\AC3Filter
2009-01-02 21:09 --------- d-----w c:\program files\Gabest
2009-01-02 21:09 --------- d-----w c:\program files\AviSynth 2.5
2008-12-29 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-24 20:05 --------- d-----w c:\program files\Windows Live
2008-12-24 18:09 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-12 17:02 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:45 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-21 21:45 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-11-21 21:45 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-11-21 21:45 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-11-21 21:45 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-11-21 21:45 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-21 21:45 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-01 09:29 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\pcouffin.sys
2008-09-24 19:11 6,532 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2008-09-15 22:51 47,360 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\pcouffin.sys
2007-10-31 15:29 81,920 -c--a-w c:\documents and settings\Compaq_Propriétaire\Application Data\ezpinst.exe
2007-10-30 15:56 870,400 -c--a-w c:\documents and settings\Compaq_Propriétaire\autorun.dat
2006-10-25 12:17 258 -c--a-w c:\documents and settings\Compaq_Propriétaire\dat.bin
2008-10-11 12:58 56 --sh--r c:\windows\system32\7147340448.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-02-09_19.57.09.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-12 10:29:14 94,465 ----a-w c:\windows\system32\avsda.dll
+ 2008-05-09 11:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-19 7557120]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 147456]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-02 180269]
"avgnt"="c:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-04-19 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-02-09 71592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-06 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;c:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-02-09 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\program files\Avira\Avira Premium Security Suite\avmailc.exe [2009-02-09 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\program files\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-02-09 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;c:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2009-02-09 41217]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-02-09 71464]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-06 65576]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=63&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Ghost Navigator2_8_2\Ghost
LSP: avsda.dll
TCP: {808186BC-6144-45EF-BFE3-D11F4337EC02} = 208.67.220.220,208.67.222.222
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire.LAURENT\Application Data\Mozilla\Firefox\Profiles\g7t84lkf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 22:28:30
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'lsass.exe'(1200)
c:\windows\system32\avsda.dll
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-02-09 22:31:48 - La machine a redémarré [Compaq_Propriétaire]
ComboFix-quarantined-files.txt 2009-02-09 21:31:41
ComboFix2.txt 2009-02-09 18:59:00
Avant-CF: 101 251 375 104 octets libres
Après-CF: 101,241,786,368 octets libres
224 --- E O F --- 2009-01-13 19:16:04
Utilisateur anonyme
9 févr. 2009 à 23:57
9 févr. 2009 à 23:57
Re,
Redémarre ton pc normalement et refait un log avec RSIT
Redémarre ton pc normalement et refait un log avec RSIT
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
10 févr. 2009 à 10:14
10 févr. 2009 à 10:14
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Propriétaire at 2009-02-10 11:43:35
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 97 GB (52%) free of 185 GB
Total RAM: 1023 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:42, on 10/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire.LAURENT\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{808186BC-6144-45EF-BFE3-D11F4337EC02}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{808186BC-6144-45EF-BFE3-D11F4337EC02}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Run by Compaq_Propriétaire at 2009-02-10 11:43:35
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 97 GB (52%) free of 185 GB
Total RAM: 1023 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:42, on 10/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire.LAURENT\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{808186BC-6144-45EF-BFE3-D11F4337EC02}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{808186BC-6144-45EF-BFE3-D11F4337EC02}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Utilisateur anonyme
10 févr. 2009 à 11:48
10 févr. 2009 à 11:48
Re,
Désinstalle NORTON:
Comment le faire correctement
Ensuite fait un scan avec Antivir et poste le rapport et dit comment va le PC.
merci
Désinstalle NORTON:
Comment le faire correctement
Ensuite fait un scan avec Antivir et poste le rapport et dit comment va le PC.
merci
ça fait 5jours que j'ai désinstallé norton byzarre que tu ais vu que j'avais norton dans le rapport bon bref..
le scan je le fais en mode sans echec ???
le scan je le fais en mode sans echec ???
