Bonjour à tous ! Récemment, j'ai eu un problème à cause de divers virus : ils sont arrivés d'un coup. Je viens de comprendre que cette arrivée a été déclenché grâce à la désactivation de la protection résidente de mon antivirus Avast. J'ai voulu le réactiver, mais impossible, il se désactive automatiquement. Je pense avoir des fichiers infectés dans Win32. De plus, mon ordinateur est depuis plus d'une semaine beaucoup plus lent, et certains jeux se quittent "automatiquement". :( Merci de votre aide, qui que vous soyez ! :) (Je pense qu'il faut que je télécharge plusieurs logiciel, mais je ne me rappelle plus du tout lesquels :-/ )

Ben je suis dans le regret de t'annoncer que tu devra tout reformater effectue une sauvegarde de ce tu as besoin et reformate le c'est la meilleur solution bah voyons ... Essaies ceci (si ca marche pas on essaiera autre chose, renommer ou heberger au cas ou ce serait une infection qui bloque les sites ou logiciels) Pour analyser ton pc : télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau. - Double-clique sur RSIT.exe afin de lancer le programme. - Clique sur Continue à l'écran Disclaimer. - Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches). Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Antirus désactivé

Réponse 21 / 55

Xotron Messages postés 62 Statut Membre

Voici enfin le rapport, il m'a demandé de redémarrer afin de supprimer trois fichiers.
J'attends ta réponse pour effectuer la tâche 16, si cela est nécessaire. (P.S. : oui je veux bien remplacer mon antivirus après ! )

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2255
Windows 5.1.2600 Service Pack 2

10/06/2009 12:37:08
mbam-log-2009-06-10 (12-37-08).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 234522
Temps écoulé: 15 hour(s), 23 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 94
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwim32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0aca16fe-1ab6-4ce2-a33c-a5dac5b8f782} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\dylan\menu démarrer\programmes\démarrage\rncsys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b3bf5352-b406-412e-936e-a9436f19c528}\RP680\A0121933.dll (Trojan.Vundo) -> Delete on reboot.
c:\system volume information\_restore{b3bf5352-b406-412e-936e-a9436f19c528}\RP680\A0121964.exe (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\3DViewery.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\winwim32.dll (Dialer) -> Quarantined and deleted successfully.
c:\documents and settings\Dylan\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Réponse 22 / 55

Xotron Messages postés 62 Statut Membre

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dylan at 2009-06-10 13:16:36
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 99 GB (33%) free of 297 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:42, on 10/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\APPS\SMP\SmpSys.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dylan\Bureau\RSIT.exe
C:\Program Files\trend micro\Dylan.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: icwsetup.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA1AFB78-C2F8-482B-9B01-F58D972DC5F1}: NameServer = 80.10.246.130,81.253.149.10
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Emplacement protégé ProtectedStorageCryptSvc (ProtectedStorageCryptSvc) - Unknown owner - C:\WINDOWS\system32\3DViewery.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 23 / 55

Utilisateur anonyme

on va maintenant faire du menage

Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner

Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.

ENSUITE

/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, il ne doit être utilisé qu'en dernier recours, et une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

------------------------------------- [ ! ATTENTION ! ] -----------------------------------------
! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

postes le rapport stp

Surtout pendant l'analyse : ne rien toucher, souris , clavier, tu risquerais de figer ton pc </souligne>

Réponse 24 / 55

Xotron Messages postés 62 Statut Membre

ComboFix 09-06-09.06 - Dylan 10/06/2009 13:33.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.575 [GMT 2:00]
Lancé depuis: c:\documents and settings\Dylan\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wgwbyijw.ini
c:\windows\system32\WS2Fix.exe

Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\win32x.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GLAIDE32
-------\Legacy_protectedstoragecryptsvc
-------\Legacy_win32x
-------\Service_ProtectedStorageCryptSvc

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-10 au 2009-06-10 ))))))))))))))))))))))))))))))))))))
.

2009-06-09 19:10 . 2009-06-09 19:10 -------- d-----w- c:\documents and settings\Dylan\Application Data\Malwarebytes
2009-06-09 19:10 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 19:10 . 2009-06-09 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 19:10 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 19:10 . 2009-06-09 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 17:33 . 2009-06-10 11:26 -------- d-----w- c:\program files\Trend Micro
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-02 09:46 . 2009-06-02 09:46 19968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
2009-05-30 22:07 . 2009-06-09 19:04 32 --s-a-w- c:\windows\system32\4242370810.dat
2009-05-22 23:13 . 2009-05-27 16:39 -------- d-----w- c:\documents and settings\Dylan\Application Data\Hamachi
2009-05-22 23:13 . 2009-05-22 23:13 -------- d-----w- c:\program files\Hamachi
2009-05-11 21:52 . 2009-05-11 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\1D6D
2009-05-11 21:51 . 2009-05-11 22:47 -------- d-----w- c:\documents and settings\Dylan\Local Settings\Application Data\BearShare
2009-05-11 21:51 . 2009-05-11 21:51 -------- d-----w- c:\program files\BearShare Applications

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 11:39 . 2007-01-26 18:10 -------- d-----w- c:\program files\Wanadoo
2009-06-10 11:38 . 2007-04-20 15:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 11:38 . 2007-12-27 20:27 -------- d-----w- c:\program files\Steam
2009-06-10 11:38 . 2008-10-14 12:29 -------- d-----w- c:\program files\DNA
2009-06-10 11:38 . 2008-10-14 12:29 -------- d-----w- c:\documents and settings\Dylan\Application Data\DNA
2009-06-09 19:06 . 2007-03-15 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 18:41 . 2006-12-09 05:08 -------- d-----w- c:\program files\Google
2009-06-09 11:24 . 2007-12-27 11:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 11:22 . 2007-12-27 11:59 -------- d-----w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab
2009-06-08 20:42 . 2007-03-10 12:19 -------- d-----w- c:\documents and settings\Dylan\Application Data\OpenOffice.org2
2009-06-01 12:36 . 2007-02-02 12:08 -------- d-----w- c:\program files\LucasArts
2009-06-01 12:36 . 2006-12-09 05:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-22 23:13 . 2008-08-12 13:47 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-14 17:58 . 2007-12-27 14:49 -------- d-----w- c:\program files\Canon
2009-05-14 17:58 . 2007-12-27 15:14 -------- d-----w- c:\documents and settings\Dylan\Application Data\Canon
2009-05-14 17:41 . 2008-01-03 00:44 -------- d-----w- c:\program files\Metal Gear Noël 3 - Hap Eater
2009-05-14 17:40 . 2007-03-17 18:17 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2009-05-12 16:45 . 2009-01-11 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-05-07 09:55 . 2007-06-01 15:36 -------- d-----w- c:\documents and settings\Dylan\Application Data\BitTorrent
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2007-12-05 00:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2006-11-09 08:59 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2006-11-09 08:57 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 20:02 . 2006-11-09 08:57 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 20:02 . 2006-11-09 08:57 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-30 20:02 . 2006-11-09 08:57 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2006-11-09 08:57 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 20:02 . 2006-11-09 08:57 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-26 22:42 . 2006-11-09 08:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-20 21:57 . 2009-04-20 21:57 -------- d-----w- c:\program files\Freezer+
2009-04-20 13:02 . 2004-09-23 17:12 85350 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-20 13:02 . 2004-09-23 17:12 493360 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-16 19:06 . 2008-01-27 14:52 -------- d-----w- c:\program files\World of Warcraft
2007-01-26 18:05 . 2007-01-26 18:05 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-09-29 04:44 . 2007-09-30 17:23 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Fraps"="c:\fraps\FRAPS.EXE" [2006-12-21 778240]
"Steam"="c:\program files\steam\steam.exe" [2009-05-21 1217784]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"EULA"="c:\apps\PB_TB\EULALauncher.exe" [2006-09-29 18944]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 160768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-09 98304]
"Ulead Memory Card Detector"="c:\program files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" [2002-09-11 40960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-29 29744]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Internet Connection Wizard Setup Tool"="c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe" [2009-06-02 19968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
icwsetup.exe [2009-6-2 19968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Allied Assault Breakthrough Demo\\moh_breakthrough_demo.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\cyberxotron\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Dylan\\Mes documents\\Ma musique Deezer\\freezer.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25390:TCP"= 25390:TCP:BitComet 25390 TCP
"25390:UDP"= 25390:UDP:BitComet 25390 UDP
"4662:TCP"= 4662:TCP:BitComet 4662 TCP
"4662:UDP"= 4662:UDP:BitComet 4662 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/07/2008 19:24 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/07/2008 19:24 20560]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [09/11/2006 10:59 882688]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [09/11/2006 11:01 7040]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [09/11/2006 11:24 29744]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
.
.
------- Examen supplémentaire -------
.
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
TCP: {EA1AFB78-C2F8-482B-9B01-F58D972DC5F1} = 80.10.246.130,81.253.149.10
FF - ProfilePath - c:\documents and settings\Dylan\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 13:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1232)
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-10 13:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-10 11:45

Avant-CF: 103 654 572 032 octets libres
Après-CF: 103 573 483 520 octets libres

249 --- E O F --- 2009-04-15 16:01

Réponse 25 / 55

Utilisateur anonyme

Désinstalle via Ajout/Suppression de Programmes (si présents) :

* Avast!

Télécharge et exécute Désinstalleur d'Avast!
Ceci effacera la majorité des traces du produit Avast! d'Alwil Software

Télécharge AntiVir sur ton Bureau.:

* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* À la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu’il soit bien à jour !

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Pourquoi changer ? Avast vs Antivir.

Aide : Comment installer et utiliser AntiVir.

Tuto Antivir

NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !

Réponse 26 / 55

Xotron Messages postés 62 Statut Membre

Voilà, j'ai installé Antivir et désinstallé Avast ! :)

Je fais un dernier scan ?

Réponse 27 / 55

Utilisateur anonyme

oui tu peux faire un scan avec, entre temps je jettes un oeil a ton rapport combo pour etre sur que c'est clean !

ensuite on passera a tes mises a jour et au nettoyage pour optimiser ton pc et ta ssecurite (si tu veux bien evidemment)

Réponse 28 / 55

Xotron Messages postés 62 Statut Membre

Bien sûr que je veux ! :) En tout cas, merci jusqu'à maintenant de m'avoir aidé !

J'attends à présent ta réponse pour la suite !

Réponse 29 / 55

Utilisateur anonyme

Bien sûr que je veux ! :)

lol je m'en doutais ;)

fais ceci stp et ensuite je voudrais que tu fasses un scan avec ton nouvel antivir stp :

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour Xotron, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier Xotron.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe ( comme sur ce lien )
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

Réponse 30 / 55

Xotron Messages postés 62 Statut Membre

Voilà !

ComboFix 09-06-09.06 - Dylan 10/06/2009 16:13.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.541 [GMT 2:00]
Lancé depuis: c:\documents and settings\Dylan\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Dylan\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\tmp.txt"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.txt

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-10 au 2009-06-10 ))))))))))))))))))))))))))))))))))))
.

2009-06-10 13:14 . 2009-06-10 13:14 -------- d-----w- c:\windows\LastGood
2009-06-10 13:13 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-10 13:13 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-10 13:13 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-10 13:13 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-10 13:13 . 2009-06-10 13:13 -------- d-----w- c:\program files\Avira
2009-06-10 13:13 . 2009-06-10 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-09 19:10 . 2009-06-09 19:10 -------- d-----w- c:\documents and settings\Dylan\Application Data\Malwarebytes
2009-06-09 19:10 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 19:10 . 2009-06-09 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 19:10 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 19:10 . 2009-06-09 19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 17:33 . 2009-06-10 11:26 -------- d-----w- c:\program files\Trend Micro
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-09 11:22 . 2009-06-09 11:22 290816 ----a-w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-02 09:46 . 2009-06-02 09:46 19968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe
2009-05-30 22:07 . 2009-06-09 19:04 32 --s-a-w- c:\windows\system32\4242370810.dat
2009-05-22 23:13 . 2009-05-27 16:39 -------- d-----w- c:\documents and settings\Dylan\Application Data\Hamachi
2009-05-22 23:13 . 2009-05-22 23:13 -------- d-----w- c:\program files\Hamachi
2009-05-11 21:52 . 2009-05-11 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\1D6D
2009-05-11 21:51 . 2009-05-11 22:47 -------- d-----w- c:\documents and settings\Dylan\Local Settings\Application Data\BearShare
2009-05-11 21:51 . 2009-05-11 21:51 -------- d-----w- c:\program files\BearShare Applications

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 14:08 . 2008-10-14 12:29 -------- d-----w- c:\documents and settings\Dylan\Application Data\DNA
2009-06-10 11:40 . 2007-01-26 18:10 -------- d-----w- c:\program files\Wanadoo
2009-06-10 11:38 . 2007-04-20 15:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-10 11:38 . 2007-12-27 20:27 -------- d-----w- c:\program files\Steam
2009-06-10 11:38 . 2008-10-14 12:29 -------- d-----w- c:\program files\DNA
2009-06-09 19:06 . 2007-03-15 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 18:41 . 2006-12-09 05:08 -------- d-----w- c:\program files\Google
2009-06-09 11:24 . 2007-12-27 11:59 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 11:22 . 2007-12-27 11:59 -------- d-----w- c:\documents and settings\Dylan\Application Data\SystemRequirementsLab
2009-06-08 20:42 . 2007-03-10 12:19 -------- d-----w- c:\documents and settings\Dylan\Application Data\OpenOffice.org2
2009-06-01 12:36 . 2007-02-02 12:08 -------- d-----w- c:\program files\LucasArts
2009-06-01 12:36 . 2006-12-09 05:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-22 23:13 . 2008-08-12 13:47 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-14 17:58 . 2007-12-27 14:49 -------- d-----w- c:\program files\Canon
2009-05-14 17:58 . 2007-12-27 15:14 -------- d-----w- c:\documents and settings\Dylan\Application Data\Canon
2009-05-14 17:41 . 2008-01-03 00:44 -------- d-----w- c:\program files\Metal Gear Noël 3 - Hap Eater
2009-05-14 17:40 . 2007-03-17 18:17 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2009-05-12 16:45 . 2009-01-11 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-05-07 09:55 . 2007-06-01 15:36 -------- d-----w- c:\documents and settings\Dylan\Application Data\BitTorrent
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-30 20:02 . 2007-12-05 00:41 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-04-30 20:02 . 2006-11-09 08:59 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-04-30 20:02 . 2006-11-09 08:57 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-04-30 20:02 . 2006-11-09 08:57 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-04-30 20:02 . 2006-11-09 08:57 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-30 20:02 . 2006-11-09 08:57 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-04-30 20:02 . 2006-11-09 08:57 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 20:02 . 2006-11-09 08:57 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-26 22:42 . 2006-11-09 08:59 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-20 21:57 . 2009-04-20 21:57 -------- d-----w- c:\program files\Freezer+
2009-04-20 13:02 . 2004-09-23 17:12 85350 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-20 13:02 . 2004-09-23 17:12 493360 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-16 19:06 . 2008-01-27 14:52 -------- d-----w- c:\program files\World of Warcraft
2007-01-26 18:05 . 2007-01-26 18:05 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-09-29 04:44 . 2007-09-30 17:23 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-10_11.38.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-06-10 13:13 . 2009-02-13 10:49 28376 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"Fraps"="c:\fraps\FRAPS.EXE" [2006-12-21 778240]
"Steam"="c:\program files\steam\steam.exe" [2009-05-21 1217784]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"EULA"="c:\apps\PB_TB\EULALauncher.exe" [2006-09-29 18944]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 160768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-09 98304]
"Ulead Memory Card Detector"="c:\program files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" [2002-09-11 40960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-29 29744]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Internet Connection Wizard Setup Tool"="c:\program files\Internet Explorer\Connection Wizard\icwsetup.exe" [2009-06-02 19968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\
icwsetup.exe [2009-6-2 19968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Allied Assault Breakthrough Demo\\moh_breakthrough_demo.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\cyberxotron\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Dylan\\Mes documents\\Ma musique Deezer\\freezer.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25390:TCP"= 25390:TCP:BitComet 25390 TCP
"25390:UDP"= 25390:UDP:BitComet 25390 UDP
"4662:TCP"= 4662:TCP:BitComet 4662 TCP
"4662:UDP"= 4662:UDP:BitComet 4662 UDP

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/06/2009 15:13 108289]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [09/11/2006 10:59 882688]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [09/11/2006 11:01 7040]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [09/11/2006 11:24 29744]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
.
.
------- Examen supplémentaire -------
.
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
TCP: {EA1AFB78-C2F8-482B-9B01-F58D972DC5F1} = 80.10.246.130,81.253.149.10
FF - ProfilePath - c:\documents and settings\Dylan\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 16:17
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-06-10 16:19
ComboFix-quarantined-files.txt 2009-06-10 14:19
ComboFix2.txt 2009-06-10 11:45

Avant-CF: 103 398 985 728 octets libres
Après-CF: 103 420 784 640 octets libres

234 --- E O F --- 2009-04-15 16:01

Réponse 31 / 55

Utilisateur anonyme

ok tu peux passer au scan antivir ( si ce 'est pas deja en cours)

Réponse 32 / 55

Xotron Messages postés 62 Statut Membre

L'antivirus a découvert un cheval de Troie TR/Wippy 19968 dans plusieurs de mes fichiers. ( Chose que n'avait pas du tout découvert Avast)

Réponse 33 / 55

Utilisateur anonyme

postes le rapport quand le scan sera fini

Réponse 34 / 55

Xotron Messages postés 62 Statut Membre

test, je ne peux plus poster

Réponse 35 / 55

Utilisateur anonyme

il manque les posts 35 36 , qu'est ce qui t'arrives ?

Réponse 36 / 55

Utilisateur anonyme

pas a poster ton rapport, essaies de l'enregistrer sur ton bureau en passant par le bloc notes, puis rends toi sur
cjoint.fr , ensuite clic sur parcourir, choisis ton rapport et valides, un lien sera généré , postes ce lien stp.

Réponse 37 / 55

Utilisateur anonyme

ton rapport est la : https://www.cjoint.com/?gks7ATAroS

je regarde et reviens ;)

Réponse 38 / 55

Utilisateur anonyme

ok,

pense a supprimer tout ce qu'il a troouvé (vides la quarantaine)
la majorité etaient dans ta restauration, en fait pour se re-créés si tu avais eu besoin de restaurer, on videra et on refera un point de restau propre a la fin :)

ensuite

Pour analyser ton pc, télécharges le fichier d'installation
HIJACKTHIS

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la licence en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout" (ou fais ctrl A), puis sur "Edition -> Copier" pour copier tout le contenu du rapport et poste le dans ton prochain message

A LIRE : Tutoriaux

(ne fixe rien pour le moment !! cela pourrait empêcher ton PC de fonctionner correctement)

Si vous êtes sous VISTA, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

Réponse 39 / 55

Xotron Messages postés 62 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:06, on 10/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\APPS\SMP\SmpSys.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA1AFB78-C2F8-482B-9B01-F58D972DC5F1}: NameServer = 80.10.246.130,81.253.149.10
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Réponse 40 / 55

Utilisateur anonyme

Relances HIJACKTHIS mais cette fois clic sur
DO A SYSTEM SCAN ONLY
puis coches toutes ces lignes (et seulement ces lignes : tu pourrais altérer le fonctionnement de ton pc!)
puis clic sur
FIX CHEKEED

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

+ toutes les lignes commencant par 016

ensuite

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C'est un service de FranceTelecom inutile, qui malheureusement est à l'origine de plantage sur certaines machines ...
(aucun probleme à l'enlever, tout fonctionnera parfaitement). Il collecte des infos sur ton PC.
Ce service n est pas infectueux mais il peut entrainer des dysfonctionnements sur le systeme!
Par ailleurs, il est installé sans le consentement de l utilisateur avec une update de wanadoo!

Clic sur « Démarrer » => « Exécuter » ; ensuite, dans la lucarne de saisie, coller ce qui est en gras :(recommencer pour chacune des trois commandes suivantes) :
# 1- sc stop FTRTSVC > valider par OK
# 2- sc config FTRTSVC start= disabled > valider par OK
# 3- sc delete FTRTSVC > valider par OK

dis moi quand tout ca est fait et rassures toi, on approche de la fin :)

Antirus désactivé

55 réponses

Votre réponse

Discussions similaires

Newsletters