Sujet Précédent Sujet Suivant

Trojan heur 11

jc66680 Messages postés 12 Statut Membre -  
jc66680 Messages postés 12 Statut Membre -
Bonjour ,
Mon pc est atteint par un trojan depuis hier le 28 février 2009
Version heur11 si je me confère au rapport bitdefender.
Mes compétences en informatique étant limitées, merci de me donner la marche à suivre pour éliminer ce virus.
D'avance merci au bienveillant ou à la bienveillante qui pourra m'apporter son aide.
A voir également:

9 réponses

Réponse 1 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

Commence par ceci
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés C:\rsit
0
Réponse 2 / 9
jc66680 Messages postés 12 Statut Membre
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by Nours at 2009-03-01 20:28:29
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 122 GB (54%) free of 226 GB
Total RAM: 2046 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:30, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Nours\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI56T1KA\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Nours.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9F3CC9-7CCC-4238-98FA-E5CE7D535D35}: NameServer = 192.168.1.1
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 3 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
Fiait ce qui suit

Télécharge ELIBAGLA (de MSC HotlineSat)
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Clique sur le bouton Descargar Elibagla 12.26
( tout en bas de la page au dessus de Tamaño Descargados Licencia Web 44,51 Kb.)
Pour télécharger le fichier sur le bureau.
Double-clique sur EliBaglA.exe.
Dans le cartouche Unidad, tu dois voir C:\

L'option en bas de la fenêtre "Eliminar Ficheros Automaticamente" doit être cochée.
Clique sur le bouton "Explorar" pour lancer l'analyse.

https://i18.servimg.com/u/f18/11/05/93/83/elibag10.jpg

poste le rapport de elibagla qui est dans c:\infosat.txt

0
jc66680 Messages postés 12 Statut Membre
 
et voili voila

Sun Mar 01 20:47:50 2009
EliBagle v12.26 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 25 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%WinSys%\Drivers\Downld"

Sun Mar 01 20:48:31 2009
EliBagle v12.26 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 25 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 23536
Nº Total de Ficheros: 182539
Nº de Ficheros Analizados: 20553
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
Réponse 4 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
Télécharge [url=http://oldtimer.geekstogo.com/OTMoveIt3.exe][color=#0000FF][b]OTMoveIt3[/b] (de Old_Timer).[/color][/url]
Enregistre-le sur ton[b] Bureau.
[/b]

[list]

[*] Double-clique sur OTMoveit3.exe pour le lancer.
( Si tu es sous Vista, click droit sur l'icone d'OTMoveIt3 --> exécuter en tant qu'administrateur pour le lancer )

[*] [b]Vérifie que l'option Unregister Dll's and Ocx's est cochée.[/b]

[*] Copie la liste qui se trouve dans la[b] zone code [/b]ci-dessous et colle-la dans le cadre de [b]gauche de OTMoveIt [/b]sous [b]Paste instructions for Items to be Moved.[/b][/list]

Code:
:Processes
explorer.exe

:Services
srosa

:Files
C:\Windows\system32\drivers\srosa.sys

:Commands
[purity]
[emptytemp]
[Reboot]

[list]

[*] Clique sur [b]MoveIt![/b] pour lancer la [b]suppression.[/b]
Le résultat apparaitra dans le cadre [b]"Results".[/b]

[*] [b]Copie [/b]toute la sélection apparaissant dans ce [b]cadre Résults.[/b] Colle ce rapport dans ton prochain message.

[*] Clique sur [b]Exit [/b]pour fermer.

[*] Si tu ne trouves plus le rapport,c'est un fichier .log qui se trouve en [b]C:\_OTMoveIt\MovedFiles.[/b][/list]

[color=green][u]Remarque[/u]: Il est possible qu'il te soit demandé de redémarrer ton ordinateur pour supprimer les fichiers.
Accepte. Dans ce cas, après redémarrage, tu trouveras justement le rapport dans le dossier C:\_OTMoveIt\MovedFiles.[/color]
0
jc66680 Messages postés 12 Statut Membre
 
impossible de copier "results"
La seule fenetre sur laquelle je peux travailler est celle d'internet explorer
Plus explorer de barre des taches ou d'icone sur le bureau!!!!
0
jc66680 Messages postés 12 Statut Membre
 
plus rien ne fonctionne excepté internet explorer
je ne peux pas accéder a C ni au bureau ni à la fenetre de old timer
0
jc66680 Messages postés 12 Statut Membre
 
Error: Unable to interpret <Code: > in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service srosa .
========== FILES ==========
File/Folder C:\Windows\system32\drivers\srosa.sys not found.
========== COMMANDS ==========
File delete failed. C:\Users\Nours\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Error: Unable to interpret <[list] > in the current context!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03012009_213015

Files moved on Reboot...
C:\Users\Nours\AppData\Local\Temp\ehmsas.txt moved successfully
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

Ensuite

* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68

=> Installe le
=> Ensuite va en mode sans echec

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

ensuite refais un nouveau rsit
0
jc66680 Messages postés 12 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:30, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Nours\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EI56T1KA\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Nours.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9F3CC9-7CCC-4238-98FA-E5CE7D535D35}: NameServer = 192.168.1.1
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
0
jc66680 Messages postés 12 Statut Membre
 
L
0
Réponse 6 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir,
il faut suivre les instructions si tu veux que je t'aide :)

@+
0
jc66680 Messages postés 12 Statut Membre
 
Bonsoir,
je suis désolé mais je ne pouvais pas me servir de l'ordi car l'affichage était completement desordonné. J'ai du redémarrer à de nombreuses reprises. j'ai suivi tes directives et je te poste le rapport demandé. Je fais également rsit et je joins le rapport. Merci pour ton aide.

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 6.0.6001 Service Pack 1

04/03/2009 20:55:05
mbam-log-2009-03-04 (20-55-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 225993
Time elapsed: 36 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)



Logfile of random's system information tool 1.05 (written by random/random)
Run by Nours at 2009-03-04 21:08:15
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 121 GB (53%) free of 226 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:16, on 04/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Nours\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OM268BC3\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Nours.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.commentcamarche.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9F3CC9-7CCC-4238-98FA-E5CE7D535D35}: NameServer = 192.168.1.1
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 7 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

très bien fait ce qui suit poue la suite de ta désinfection

Désactive le compte des utilisateurs
http://swl1f.net/viewtopic.php?f=17&t=433

ensuite

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Renomme le comme expliqué par Morgane sur ce lien
https://forum.pcastuces.com/combofix___renommer_au_telechargement-f31s22.htm
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Clique sur combofix.exe en faisant un clique droit et chosit Exécuter en tant qu'administrateur, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /! Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

@+
0
jc66680 Messages postés 12 Statut Membre
 
voili voila
tout comme tu as dit

ComboFix 09-03-03.01 - Nours 2009-03-04 21:58:12.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1333 [GMT 1:00]
Lancé depuis: c:\users\Nours\Desktop\bibitte.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 ))))))))))))))))))))))))))))))))))))
.

2009-03-03 03:30 . 2009-03-03 03:30 201,326,389 --a------ c:\windows\MEMORY.DMP
2009-03-03 03:15 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-03-03 03:15 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-03-03 03:15 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-03-03 03:15 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-03-03 03:15 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\users\Nours\AppData\Roaming\Malwarebytes
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\progra~2\Malwarebytes
2009-03-02 22:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 22:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 22:13 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-03-02 22:13 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-03-02 22:13 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2009-03-02 22:13 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2009-03-02 22:13 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-03-02 22:13 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2009-03-02 22:13 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2009-03-02 22:12 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2009-03-02 22:12 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2009-03-02 21:45 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-03-02 21:44 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-03-02 21:44 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-03-02 21:44 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2009-03-02 21:44 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-03-02 21:43 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-03-02 21:43 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-03-02 21:43 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-03-02 21:43 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-03-02 21:42 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2009-03-02 21:42 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-03-02 21:42 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-03-02 21:42 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-03-02 21:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-03-02 21:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-03-02 21:41 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-03-02 21:41 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-03-02 21:41 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-03-02 21:41 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-03-02 21:41 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-03-02 21:41 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2009-03-02 21:41 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-03-02 21:41 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-03-02 21:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-03-02 21:33 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-03-01 21:30 . 2009-03-01 21:30 <REP> d-------- C:\_OTMoveIt
2009-03-01 20:24 . 2009-03-01 20:43 <REP> d-------- C:\rsit
2009-03-01 19:21 . 2009-03-01 19:21 <REP> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 21:01 81,984 ----a-w c:\windows\System32\bdod.bin
2009-03-04 20:51 --------- d-----w c:\users\Nours\AppData\Roaming\OpenOffice.org2
2009-03-03 02:03 328,524,896 ----a-w c:\windows\DUMP400b.tmp
2009-03-03 02:03 --------- d-----w c:\program files\Windows Mail
2009-03-02 21:17 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 16:09 --------- d-----w c:\users\Nours\AppData\Roaming\vlc
2009-02-09 12:32 70,375 ----a-w c:\users\Nours\AppData\Roaming\nvModes.dat
2009-01-21 21:52 --------- d-----w c:\progra~2\NVIDIA
2008-12-06 10:07 201,728 ----a-w c:\windows\System32\anooki-v4-3.scr
2008-12-06 10:02 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-09-03 06:24 174 --sha-w c:\program files\desktop.ini
2008-09-25 19:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-25 19:48 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-25 19:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\users\Nours\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\users\Nours\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2649107530-1404008084-1406206150-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4757DF27-BB99-458F-80CB-DB0364C8F28F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{419E922C-2259-4F5C-8434-B5F1D2E96D3A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{ECCE1CEF-E35A-4D98-B328-225A47D70E75}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{595B2DC9-5E94-48C7-912B-810FB8C977C3}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5CD7F7F0-16A5-4A27-8CBC-A9BAEE1F4C52}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{FA1F36BE-77E7-4C96-B9EB-1C08B99EB2EA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-06-24 86792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.commentcamarche.net/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {DF9F3CC9-7CCC-4238-98FA-E5CE7D535D35} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 22:01:35
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4604)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Heure de fin: 2009-03-04 22:03:35
ComboFix-quarantined-files.txt 2009-03-04 21:03:32

Avant-CF: 126 457 147 392 octets libres
Après-CF: 126,446,161,920 octets libres

179 --- E O F --- 2009-03-04 18:58:13
0
jc66680 Messages postés 12 Statut Membre > jc66680 Messages postés 12 Statut Membre
 
Bonsoir,
Après étude attentive je me suis apercu que je n'avais pas enlevé le pare feu. Désolé.
J'ai refait le combo fix en enlevant l'antivirus et le pare feu.
Voici le rapport qui en résulte. A noter que ma bécane fonctionne parfaitement depuis hier soir.
Puis-je espèrer que tout soit rentré dans l'ordre et encore merci pour le coup de main.
ComboFix 09-03-03.01 - Nours 2009-03-05 21:10:05.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1252 [GMT 1:00]
Lancé depuis: c:\users\Nours\Desktop\bibitte.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-05 au 2009-03-05 ))))))))))))))))))))))))))))))))))))
.

2009-03-04 22:05 . 2009-03-04 22:06 <REP> d-------- c:\users\Nours\bibitte
2009-03-03 03:30 . 2009-03-03 03:30 201,326,389 --a------ c:\windows\MEMORY.DMP
2009-03-03 03:15 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-03-03 03:15 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-03-03 03:15 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-03-03 03:15 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-03-03 03:15 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\users\Nours\AppData\Roaming\Malwarebytes
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\users\All Users\Malwarebytes
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-02 22:47 . 2009-03-02 22:47 <REP> d-------- c:\progra~2\Malwarebytes
2009-03-02 22:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-02 22:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-02 22:13 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2009-03-02 22:13 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2009-03-02 22:13 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2009-03-02 22:13 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2009-03-02 22:13 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2009-03-02 22:13 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2009-03-02 22:13 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2009-03-02 22:12 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2009-03-02 22:12 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2009-03-02 21:45 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-03-02 21:44 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-03-02 21:44 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-03-02 21:44 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2009-03-02 21:44 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-03-02 21:43 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-03-02 21:43 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2009-03-02 21:43 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2009-03-02 21:43 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-03-02 21:42 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2009-03-02 21:42 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-03-02 21:42 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-03-02 21:42 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-03-02 21:42 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2009-03-02 21:42 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2009-03-02 21:41 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-03-02 21:41 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-03-02 21:41 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-03-02 21:41 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-03-02 21:41 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-03-02 21:41 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2009-03-02 21:41 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-03-02 21:41 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-03-02 21:40 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-03-02 21:33 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-03-01 21:30 . 2009-03-01 21:30 <REP> d-------- C:\_OTMoveIt
2009-03-01 20:24 . 2009-03-01 20:43 <REP> d-------- C:\rsit
2009-03-01 19:21 . 2009-03-01 19:21 <REP> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 20:13 81,984 ----a-w c:\windows\System32\bdod.bin
2009-03-05 20:05 --------- d-----w c:\users\Nours\AppData\Roaming\OpenOffice.org2
2009-03-05 06:26 --------- d-----w c:\progra~2\NVIDIA
2009-03-03 02:03 328,524,896 ----a-w c:\windows\DUMP400b.tmp
2009-03-03 02:03 --------- d-----w c:\program files\Windows Mail
2009-03-02 21:17 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 16:09 --------- d-----w c:\users\Nours\AppData\Roaming\vlc
2009-02-09 12:32 70,375 ----a-w c:\users\Nours\AppData\Roaming\nvModes.dat
2008-12-06 10:07 201,728 ----a-w c:\windows\System32\anooki-v4-3.scr
2008-12-06 10:02 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-09-03 06:24 174 --sha-w c:\program files\desktop.ini
2008-09-25 19:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-25 19:48 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-25 19:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-31 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\users\Nours\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2649107530-1404008084-1406206150-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4757DF27-BB99-458F-80CB-DB0364C8F28F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{419E922C-2259-4F5C-8434-B5F1D2E96D3A}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{ECCE1CEF-E35A-4D98-B328-225A47D70E75}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{595B2DC9-5E94-48C7-912B-810FB8C977C3}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5CD7F7F0-16A5-4A27-8CBC-A9BAEE1F4C52}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{FA1F36BE-77E7-4C96-B9EB-1C08B99EB2EA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-06-24 86792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.commentcamarche.net/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {DF9F3CC9-7CCC-4238-98FA-E5CE7D535D35} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 21:13:02
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5976)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Heure de fin: 2009-03-05 21:14:21
ComboFix-quarantined-files.txt 2009-03-05 20:14:18
ComboFix2.txt 2009-03-04 21:03:36

Avant-CF: 160 090 537 984 octets libres
Après-CF: 160,084,996,096 octets libres

171 --- E O F --- 2009-03-05 12:29:06
0
Réponse 8 / 9
ep44 Messages postés 7432 Statut Contributeur 3
 
bonsoir

Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

Ensuite

* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68

=> Installe le
=> Ensuite va en mode sans echec

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

@+
0
Réponse 9 / 9
jc66680 Messages postés 12 Statut Membre
 
Bonsoir,
voici le rapport demandé

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 6.0.6001 Service Pack 1

2009-03-06 20:00:16
mbam-log-2009-03-06 (20-00-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 226098
Time elapsed: 37 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0