Sujet Précédent Sujet Suivant

PC très infecté !!

le clown89 Messages postés 1526 Statut Membre -  
alabases Messages postés 113 Statut Membre -
Bonjour,
Quelqu'un pourrait-t'il m'aider à desinfecter mon pc ?
Scan hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:24, on 13/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\steve Lantoine\Bureau\logiciels\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Vqexupadewi] rundll32.exe "C:\WINDOWS\Wpehuwaqiqamalan.dll",e
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\1037n.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\1037n.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\1037n.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\1037n.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - C:\DOCUME~1\STEVEL~1\LOCALS~1\Temp\wndutl32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

22 réponses

Précédent
  • 1
  • 2
Réponse 21 / 22
le clown89 Messages postés 1526 Statut Membre 94
 
ComboFix 09-02-21.01 - steve Lantoine 2009-02-23 14:05:09.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1022.549 [GMT 1:00]
Lancé depuis: c:\documents and settings\steve Lantoine\Mes documents\Downloads\Programs\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SystemDoctor Free
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
c:\documents and settings\steve Lantoine\Application Data\SystemDoctor Free
c:\documents and settings\steve Lantoine\Application Data\SystemDoctor Free\Logs\update.log
c:\documents and settings\steve Lantoine\err.log
c:\documents and settings\steve Lantoine\ResErrors.log
c:\program files\Fichiers communs\SystemDoctor
c:\program files\Fichiers communs\SystemDoctor\err.log
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-23 au 2009-02-23 ))))))))))))))))))))))))))))))))))))
.

2009-02-23 13:47 . 2009-02-23 13:47 <REP> d-------- c:\program files\AskBardis
2009-02-22 14:59 . 2009-02-22 14:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 14:59 . 2009-02-22 14:59 <REP> d-------- c:\documents and settings\steve Lantoine\Application Data\Malwarebytes
2009-02-22 14:59 . 2009-02-22 14:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 14:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-22 14:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-22 14:56 . 2009-02-22 14:56 <REP> d-------- C:\rsit
2009-02-17 20:30 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-02-17 20:06 . 2009-02-17 20:06 <REP> d-------- c:\program files\Microsoft Games
2009-02-14 20:22 . 2009-02-15 13:54 <REP> d-------- c:\program files\Internet Download Manager
2009-02-14 15:50 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2009-02-14 15:50 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2009-02-14 15:50 . 2008-09-24 10:40 4,122,368 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2009-02-14 15:50 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2009-02-14 15:50 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe
2009-02-14 15:50 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
2009-02-14 15:50 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2009-02-14 14:52 . 2009-02-14 14:52 <REP> d-------- c:\program files\Lavalys
2009-02-14 11:36 . 2009-02-14 11:36 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-14 11:32 . 2009-02-14 11:33 <REP> d-------- c:\windows\ERUNT
2009-02-14 11:31 . 2009-02-14 11:51 <REP> d-------- C:\SDFix
2009-02-13 20:51 . 2009-02-22 13:40 <REP> d-------- C:\ToolBar SD
2009-02-13 16:14 . 2009-02-13 16:16 304 --ahs---- c:\windows\system32\283604008.dat
2009-01-25 18:51 . 2009-01-25 18:51 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 13:05 --------- d-----w c:\documents and settings\steve Lantoine\Application Data\DMCache
2009-02-23 12:49 --------- d-----w c:\program files\Steam
2009-02-16 17:39 --------- d-----w c:\documents and settings\steve Lantoine\Application Data\OpenOffice.org2
2009-02-14 19:23 --------- d-----w c:\documents and settings\steve Lantoine\Application Data\IDM
2009-02-14 14:50 --------- d-----w c:\program files\Realtek AC97
2009-02-14 13:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-14 13:28 --------- d-----w c:\program files\HPQ
2009-02-14 13:07 --------- d-----w c:\program files\Sony
2009-02-14 13:06 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-02-14 13:05 --------- d-----w c:\program files\Sonic
2009-02-14 13:02 --------- d-----w c:\program files\CONEXANT
2009-02-14 12:57 --------- d-----w c:\program files\Canon
2009-02-13 16:42 --------- d-----w c:\program files\eMule
2009-02-13 16:42 --------- d-----w c:\documents and settings\steve Lantoine\Application Data\Azureus
2009-02-13 16:41 --------- d-----w c:\documents and settings\steve Lantoine\Application Data\LimeWire
2009-01-01 16:50 --------- d-----w c:\program files\Veoh Networks
2008-12-12 17:02 3,088,896 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-21 16:45 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 16:45 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 16:45 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 16:45 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 16:45 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-07 18:14 308,224 --sha-r c:\windows\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2005-12-22 19:23 816,640 --sha-r c:\windows\system32\smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

------- Sigcheck -------

2005-05-25 20:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-05 09:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 20:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB917953$\tcpip.sys
2007-03-22 19:41 359808 b4e29943b4b04bd5e7381546848e6669 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 3497984]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]
"Steam"="c:\program files\steam\steam.exe" [2009-02-21 1410296]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-02-14 2577840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Steam\\SteamApps\\miroslaves\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\miroslaves\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Azureus\\Copie de Azureus.exe"=
"c:\\Program Files\\Steam\\SteamApps\\miroslaves\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\le_clown\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\le_clown\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\le_clown\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:shareaza
"6346:UDP"= 6346:UDP:shareaza

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-02-14 26224]
S3 gAGP440p;gAGP440p;\??\c:\docume~1\STEVEL~1\LOCALS~1\Temp\gAGP440p.sys --> c:\docume~1\STEVEL~1\LOCALS~1\Temp\gAGP440p.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-22 38496]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2007-02-23 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2007-02-23 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2007-02-23 94064]
.
Contenu du dossier 'Tâches planifiées'

2009-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
HKLM-Run-eabconfg.cpl - c:\program files\HPQ\Quick Launch Buttons\EabServr.exe
HKLM-Run-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HKLM-Run-Vqexupadewi - c:\windows\Wpehuwaqiqamalan.dll
SharedTaskScheduler-IPC Configuration Utility - (no file)

.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab
FF - ProfilePath - c:\documents and settings\steve Lantoine\Application Data\Mozilla\Firefox\Profiles\jagar0nb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
FF - component: c:\documents and settings\steve Lantoine\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 14:06:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h?j??@???? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-581552671-2635760975-1162083118-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,d5,b2,c0,c5,31,e3,5e,ec,7d,31,0e,e4,46,20,05,69,32,a0,ce,c5,57,26,
33,38,79,61,de,f7,e7,5b,a7,5f,37,ef,c3,7b,df,72,a9,48,d7,e6,37,c9,5e,23,e2,\
"??"=hex:7d,1a,39,6a,db,6f,2a,04,00,62,6e,21,35,64,c4,51

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):86,d7,e7,cd,f1,81,05,ce,be,86,13,cf,20,75,bf,21,a9,10,be,84,92,
ea,e9,c6,b1,7b,47,10,e4,e9,cb,18,f4,a5,c1,a0,47,7d,55,52,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e5d94912-c2cc-4f23-9671-47ef85076e03}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002d
"Therad"=dword:00000001
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,d6,dd,fc,07,46,36,ba,5a,b9,98,ab,a6,f4,ca,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-02-23 14:08:47
ComboFix-quarantined-files.txt 2009-02-23 13:08:28

Avant-CF: 12 276 989 952 octets libres
Après-CF: 12,272,701,440 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

257 --- E O F --- 2009-02-21 14:31:20
0
Réponse 22 / 22
alabases Messages postés 113 Statut Membre 6
 
Bonjour, tu as vraiment dû installer quelque chose de ... . Il y a des processus qui sont très peu connu, en tout cas ceux ci sont a supprimer immediatement:

c:\documents and settings\All Users\Application Data\SystemDoctor Free

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\Abbr

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\HOURS

c:\documents and settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode

c:\documents and settings\steve Lantoine\Application Data\SystemDoctor Free

c:\documents and settings\steve Lantoine\Application Data\SystemDoctor Free\Logs\update.log

c:\program files\Fichiers communs\SystemDoctor

c:\program files\Fichiers communs\SystemDoctor\err.log

c:\windows\system32\dllcache\user32.dll

c:\program files\CONEXANT

c:\windows\system32\dllcache\srv.sys

c:\windows\system32\dllcache\tcpip.sys

- - - - - - - > 'winlogon.exe'(776)
0