Suis-je infecter??? - Page 2

Précédent
  • 1
  • 2
Réponse 21 / 30
informaticologue Messages postés 353 Statut Membre 10
 
RSIT ????
0
Réponse 22 / 30
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 23 / 30
informaticologue Messages postés 353 Statut Membre 10
 
voila le rapport

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-01 19:26:06
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 195 GB (41%) free of 469 GB
Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:17, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jules\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [AGCoreCleanup] CMD /C RD /S /Q "C:/Program Files/AGI"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{940BE514-C863-41EE-94FE-5B6E28A8ED8A}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
0
Réponse 24 / 30
informaticologue Messages postés 353 Statut Membre 10
 
Destrio je n'arrive pas a le télécharger j'ai une page Erreur de chargement de la page
Nouveau symptôme je dois cliquer deux fois pour me rendre sur un site a partir de google la premiere j'ai une page qui me dit de télécharger E-mule
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 30
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 26 / 30
informaticologue Messages postés 353 Statut Membre 10
 
Voil&a le rapport

ComboFix 09-03-02.01 - Jules 2009-03-02 20:36:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1134 [GMT 1:00]
Lancé depuis: c:\users\Jules\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\recycler\S-0-9-40-100000880-100004925-100011867-8555.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxrqptwncr.sys
c:\windows\system32\gaopdxtgryfsii.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 19:54 . 2009-03-02 20:03 262,144 --a------ c:\windows\SPInstall.etl
2009-03-01 19:26 . 2009-03-01 19:26 <REP> d-------- C:\rsit
2009-03-01 18:58 . 2009-03-01 19:22 <REP> d-------- c:\program files\Ad-remover
2009-03-01 15:08 . 2009-03-01 15:08 <REP> d-------- c:\program files\MoviesPlay
2009-03-01 14:30 . 2009-03-01 14:30 <REP> d-------- c:\users\Colin\AppData\Roaming\agi
2009-02-28 21:39 . 2009-03-01 11:50 <REP> d-------- c:\program files\Navilog1
2009-02-28 11:22 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-28 11:22 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-28 11:22 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-28 11:22 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-27 22:39 . 2009-02-27 23:24 <REP> d-------- C:\perflogs
2009-02-24 19:52 . 2009-02-24 19:52 <REP> d-------- c:\program files\Kiwee Toolbar
2009-02-24 19:51 . 2009-02-24 19:51 2,117,632 --a------ c:\windows\System32\python25.dll
2009-02-24 19:51 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\System32\pythondll.zip
2009-02-24 19:51 . 2009-02-24 19:51 339,968 --a------ c:\windows\System32\pythoncom25.dll
2009-02-24 19:51 . 2009-02-24 19:51 114,688 --a------ c:\windows\System32\pywintypes25.dll
2009-02-21 12:23 . 2009-02-21 12:23 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-19 21:08 . 2009-02-19 21:08 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-15 15:15 . 2009-02-15 15:16 <REP> d-------- c:\program files\GameSpy Arcade
2009-02-15 15:11 . 2009-02-15 15:11 <REP> d-------- c:\program files\LucasArts
2009-02-15 12:24 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 12:24 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 12:24 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 12:24 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 12:24 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 12:16 . 2009-03-01 14:29 <REP> d-------- c:\users\Colin\Tracing
2009-02-13 12:14 . 2009-02-13 12:14 <REP> d-------- c:\users\Colin\Program Files
2009-02-13 12:14 . 2009-03-01 15:49 <REP> d-------- c:\users\Colin\AppData\Roaming\DNA
2009-02-11 19:43 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:43 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 13:02 . 2009-03-01 19:23 <REP> d-------- c:\program files\Dofus
2009-02-08 20:42 . 2009-03-02 20:26 <REP> d-------- c:\users\Jules\Tracing
2009-02-08 20:39 . 2009-02-08 20:39 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-08 20:35 . 2009-02-08 20:39 <REP> d-------- c:\program files\Microsoft
2009-02-08 20:33 . 2009-02-08 20:33 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-08 20:29 . 2009-02-08 20:29 <REP> d-------- c:\program files\Common Files\Windows Live
2009-02-08 09:48 . 2009-02-08 09:48 <REP> dr-h----- c:\users\Jules\AppData\Roaming\SecuROM
2009-02-08 09:41 . 2009-02-08 09:41 <REP> d-------- c:\program files\Zone Labs
2009-02-07 19:20 . 2009-02-07 19:20 <REP> d-------- c:\program files\Trend Micro
2009-02-07 17:49 . 2009-02-13 12:55 <REP> d-------- c:\programdata\Electronic Arts
2009-02-07 17:49 . 2009-02-07 17:49 7,760 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-02-07 17:21 . 2009-02-07 17:21 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-07 12:05 . 2009-02-07 12:05 43,520 --a------ c:\windows\System32\CmdLineExt03.dll
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- c:\program files\THQ
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Extras
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Autorun
2009-02-07 10:25 . 2009-02-08 15:51 139,264 --a------ c:\windows\War3Unin.exe
2009-02-07 10:25 . 2009-02-08 16:00 87,963 --a------ c:\windows\War3Unin.dat
2009-02-07 10:25 . 2009-02-08 15:51 2,829 --a------ c:\windows\War3Unin.pif
2009-02-07 10:22 . 2009-02-17 12:09 <REP> d-------- c:\program files\Warcraft III
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:22 --------- d-----w c:\programdata\avg8
2009-03-01 18:23 --------- d-----w c:\program files\Packard Bell
2009-03-01 14:50 --------- d-----w c:\users\Colin\AppData\Roaming\Azureus
2009-03-01 13:52 --------- d-----w c:\users\Colin\AppData\Roaming\LimeWire
2009-03-01 13:30 --------- d-----w c:\program files\Steam
2009-03-01 10:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 20:46 --------- d-----w c:\users\Jules\AppData\Roaming\Azureus
2009-02-28 18:09 --------- d-----w c:\users\Jules\AppData\Roaming\BraCa_Soft
2009-02-28 16:19 --------- d---a-w c:\programdata\Sports Interactive
2009-02-28 10:12 174 --sha-w c:\program files\desktop.ini
2009-02-27 22:27 --------- d-----w c:\program files\Windows Sidebar
2009-02-27 22:27 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-27 22:27 --------- d-----w c:\program files\Windows Mail
2009-02-27 22:27 --------- d-----w c:\program files\Windows Journal
2009-02-27 22:27 --------- d-----w c:\program files\Windows Defender
2009-02-27 22:27 --------- d-----w c:\program files\Windows Collaboration
2009-02-27 22:27 --------- d-----w c:\program files\Windows Calendar
2009-02-27 21:59 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-27 21:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-27 17:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 15:53 1,128 ----a-w c:\users\Jules\AppData\Roaming\wklnhst.dat
2009-02-21 11:24 --------- d-----w c:\program files\Windows Live
2009-02-21 08:58 --------- d-----w c:\programdata\Microsoft Help
2009-02-19 20:14 --------- d-----w c:\program files\MSBuild
2009-02-19 17:32 --------- d-----w c:\users\Jules\AppData\Roaming\LimeWire
2009-02-08 08:26 --------- d-----w c:\programdata\Symantec
2009-02-08 08:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-08 08:25 --------- d-----w c:\program files\Norton 360
2009-02-08 08:24 --------- d-----w c:\program files\Symantec
2009-02-08 08:14 --------- d-----w c:\program files\AVS4YOU
2009-02-07 18:26 --------- d-----w c:\users\Jules\AppData\Roaming\DNA
2009-02-07 16:49 --------- d-----w c:\program files\Electronic Arts
2009-02-06 21:01 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-28 16:07 --------- d-----w c:\users\Jules\AppData\Roaming\uTorrent
2009-01-24 17:16 --------- d-----w c:\program files\Common Files\Steam
2009-01-21 18:11 --------- d-----w c:\users\Jules\AppData\Roaming\Pro Cycling Manager 2008
2009-01-18 13:40 --------- d-----w c:\users\Jules\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-18 10:59 --------- d-----w c:\users\Colin\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-16 18:33 --------- d-----w c:\users\Jules\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-15 17:46 --------- d-----w c:\program files\eMule
2009-01-11 15:07 --------- d-----w c:\users\Jules\AppData\Roaming\Xilisoft Corporation
2009-01-11 15:06 --------- d-----w c:\program files\Xilisoft
2009-01-11 11:14 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-08 17:46 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu
2009-01-02 17:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-02 17:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-09 12:53 1,222 ----a-w c:\users\Colin\AppData\Roaming\wklnhst.dat
2007-12-25 08:34 22,328 ----a-w c:\users\Colin\AppData\Roaming\PnkBstrK.sys
2002-08-26 17:54 327,680 ----a-r c:\users\Colin\AppData\Roaming\MafiaSetup.exe
2007-09-13 06:33 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmpcSys"=c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E127600-40B6-404B-BC6F-10505B667627}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6716BF2E-4290-428B-8AAA-B2576E0CB495}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4AF04E4F-50E4-4488-AF37-01BF2BDC6B73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1CC8D575-55F2-4036-8F62-5AEBD69E6C3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B5921348-B33A-4036-A387-457D5DB5C309}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{94063043-830F-45ED-9EAA-CE45E379F78F}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{34E21BBA-C6F8-4561-BF2A-03593CCA0B90}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{8C838E28-6A3B-4BE1-B27A-50EDAE841FF8}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{D27EAE27-2056-45A0-901A-EC8C6A8BB36D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8BC378B9-DDB9-4644-8AB2-56CFF3966D43}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1880BC6B-AD2A-4F3A-96BB-9FCBDB2A310F}"= UDP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{7320722E-D587-4A42-BDDF-B214C6E67777}"= TCP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{A34346D3-32C6-4715-8998-D9F42015074D}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5C2B0933-D818-4922-8E4D-31FFF7F80023}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{A74B1AA0-0238-4B55-811A-F91A7A4BBA48}"= Disabled:UDP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{499627AA-0B81-445B-8800-6C418FD9A1AC}"= Disabled:TCP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AEA400C1-E10B-45C6-8B77-ABB4B937DE76}"= Disabled:UDP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{035722A8-4F5D-4523-9A63-93808CD7872D}"= Disabled:TCP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AC3311A6-A3D8-4345-9715-8A22299A04FA}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{A55680A5-C8E4-4507-9C9D-B19A463B603B}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{04A11CF4-F9E0-4794-B0F8-0774FA81F7DD}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{50226B5A-ED69-4D18-BD54-973A674300F4}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{773C09EA-6A63-47D4-9318-0F5A85972948}"= UDP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{E6B7ABC6-2EDF-49B5-A4F4-728AEE108CD3}"= TCP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{51681AAB-FA43-4EA2-B91D-84FF805BA778}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9C3A9E7D-00C8-473C-AD7A-15811C7D022F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43AF5FAC-725E-47F6-BFA8-5F35EE4ED0B5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{056117F4-FFC3-4DA9-9824-1B63BAFECAB3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3B23184-B673-45F1-A2F0-4EDE428290BD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0729F1AD-9560-4812-94FF-EA0308E76280}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-09-06 2915944]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-01-16 28224]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb503c0-f03e-11dc-8971-001c252f6b0c}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9ec-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\shell\dinstall\command - i:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9f3-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e32111ca-bc7d-11dc-bca7-001c252f6b0c}]
\shell\AutoRun\command - I:\OblivionLauncher.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-02 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2009-02-20 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-16 13:28]

2009-03-02 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{76461DD1-B6E6-4076-BBA9-EF584055E07F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{E9994E27-B913-4BBB-A62C-60E7B671623C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\DAEMON Tools Toolbar\DTToolbar.dll

.
------- Examen supplémentaire -------
.
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: orange.fr\www
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MICJE8&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jules\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:43:37
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
Heure de fin: 2009-03-02 20:45:33
ComboFix-quarantined-files.txt 2009-03-02 19:45:32

Avant-CF: 199,862,468,608 octets libres
Après-CF: 199,871,180,800 octets libres

270 --- E O F --- 2009-03-01 02:20:56
0
Réponse 27 / 30
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
Maintenant, tu peux installer le SP1.
0
Réponse 28 / 30
informaticologue Messages postés 353 Statut Membre 10
 
dESTRIO LE sp1 EST Déja installer SUR MON pc
0
Réponse 29 / 30
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
---> Relance RSIT et poste le rapport log.
0
Réponse 30 / 30
informaticologue Messages postés 353 Statut Membre 10
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-03 16:18:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 189 GB (40%) free of 469 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:48, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jules\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
0
Précédent
  • 1
  • 2

Discussions similaires

suis je infecté
mehditunisien -
buginformatik -

6 réponses
infecter par crossrider
maaxx712 -
bazfile -

10 réponses
Je dois être infecter par un virus ! PUP.Optional.StartPage
zentone -
bazfile -

15 réponses
Suis-je infecté par un trojan ?
ThibV -
Malekal_morte- -

5 réponses
Infecter par Trojan:Win32/Skeeyah.A!rfn
yukiwii- -
yukiwii- -

6 réponses