Un virus...
Résolu
SpOke1503
Messages postés
12
Statut
Membre
-
SpOke1503 Messages postés 12 Statut Membre -
SpOke1503 Messages postés 12 Statut Membre -
Bonjour,Voila tout... J'ai attrapé un virus avant hier Mais il m'a Bloqué avast Malware-Antimaleware Internet Exploreur mozila etc... je peux plus allez faire de recherche sur internet J'ai fait un rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:59, on 13/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pristy Utils\Tray Agent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pristy Utils\CD Hotkey F9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\explorer.exe
J:\HiJackThis.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Tray Agent.lnk = C:\Program Files\Pristy Utils\Tray Agent.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2290217-1F67-41D2-A277-E62335CC781C}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{C402E126-ACC1-4537-AB6B-2B6DE61F00E8}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1ca0ddb7eee11f5) (gupdate1ca0ddb7eee11f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 9569 bytes
Merci de Me répondre Svp.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:59, on 13/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pristy Utils\Tray Agent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pristy Utils\CD Hotkey F9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\explorer.exe
J:\HiJackThis.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Tray Agent.lnk = C:\Program Files\Pristy Utils\Tray Agent.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2290217-1F67-41D2-A277-E62335CC781C}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\..\{C402E126-ACC1-4537-AB6B-2B6DE61F00E8}: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate1ca0ddb7eee11f5) (gupdate1ca0ddb7eee11f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 9569 bytes
Merci de Me répondre Svp.
Configuration: Windows XP Firefox 3.0.13
17 réponses
-
Bonjour,
--> Désactive l'UAC le temps de la désinfection.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix -
Voila Merci D'avoir répondu aussi vite J'ai mis un peu de temps dsl mais c'est le Scan...
ComboFix 09-08-10.06 - Benjamin 13/08/2009 18:51.1.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3326.2448 [GMT 2:00]
Running from: J:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1891926680-1825607294-912342561-500
c:\$recycle.bin\S-1-5-21-2615618031-1473878728-100546447-500
c:\windows\system32\drivers\ESQULqubtmkmucymiqhppsfvtpcbpvhdpbxsc.sys
c:\windows\System32\ESQULbeinejefessoaemkcobukpxuycqmrdiy.dll
c:\windows\System32\ESQULysxvniabogmwyrmmwrhrewyeqbvvgqpc.dll
c:\windows\TEMP\63693617.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-13 17:01 . 2009-08-13 17:04 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
2009-08-13 17:01 . 2009-08-13 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 11:27 . 2009-02-11 08:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 11:27 . 2009-02-11 08:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 11:27 . 2009-08-12 11:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 09:57 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-12 09:57 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-12 09:57 . 2009-08-12 09:57 -------- d-----w- c:\program files\Avira
2009-08-12 09:57 . 2009-08-12 09:57 -------- d-----w- c:\progra~2\Avira
2009-08-05 00:33 . 2009-08-05 00:33 3033712 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-08-05 00:33 . 2009-08-05 00:33 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-08-04 20:23 . 2009-08-11 18:44 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Pro Cycling Manager 2009
2009-08-04 19:55 . 2009-08-04 22:22 -------- d-----w- c:\program files\Cyanide
2009-08-04 19:45 . 2009-08-04 19:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-04 18:55 . 2009-08-04 18:55 -------- d-----w- c:\program files\MSN Messenger
2009-08-04 16:55 . 2009-08-04 16:55 -------- d-----w- c:\program files\SimBin
2009-07-31 17:36 . 2009-07-31 17:36 -------- d-----w- c:\program files\Codemasters
2009-07-28 08:55 . 2009-07-28 08:55 -------- dc----w- c:\progra~2\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-28 08:48 . 2009-07-28 08:48 -------- d-----w- c:\progra~2\PC Drivers HeadQuarters
2009-07-26 14:33 . 2009-07-31 13:30 -------- d-----w- c:\users\Benjamin\AppData\Roaming\dvdcss
2009-07-26 10:24 . 2009-07-26 10:24 -------- d-----w- c:\progra~2\Google Updater
2009-07-18 07:44 . 2009-08-02 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-18 07:44 . 2009-08-07 16:00 -------- d-----w- c:\program files\Norton Security Scan
2009-07-17 22:12 . 2009-07-17 22:12 -------- d-----w- c:\windows\system32\Adobe
2009-07-15 11:15 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:15 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:15 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:15 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 19:46 . 2009-07-14 19:49 170339 ----a-w- c:\windows\hpqins00.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 16:56 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-13 16:56 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-12 11:55 . 2008-12-16 03:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 11:50 . 2009-04-17 13:56 1 ----a-w- c:\users\Benjamin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-12 11:12 . 2009-06-16 12:08 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Skype
2009-08-12 11:11 . 2009-06-16 12:11 -------- d-----w- c:\users\Benjamin\AppData\Roaming\skypePM
2009-08-12 08:26 . 2009-07-12 18:07 -------- d-----w- c:\users\Benjamin\AppData\Roaming\vlc
2009-08-10 18:08 . 2009-03-06 22:58 -------- d-----w- c:\program files\Steam
2009-08-10 18:08 . 2009-08-10 18:08 125 ----a-w- c:\windows\tmp.tmp.tmp
2009-08-05 00:02 . 2009-03-22 17:54 -------- d-----w- c:\users\Benjamin\AppData\Roaming\uTorrent
2009-08-02 13:53 . 2009-06-16 08:56 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Mumble
2009-08-02 08:59 . 2009-03-10 07:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 16:20 . 2008-12-16 03:47 -------- d-----w- c:\progra~2\Symantec
2009-07-27 08:44 . 2009-03-22 19:49 -------- d-----w- c:\progra~2\HP
2009-07-27 08:27 . 2009-03-22 20:14 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Image Zone Express
2009-07-26 10:27 . 2008-12-27 12:41 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 07:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 07:41 . 2009-03-06 22:53 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-15 18:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 19:15 . 2009-07-13 19:15 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Canneverbe_Limited
2009-07-13 19:14 . 2009-07-13 19:14 -------- d-----w- c:\program files\CDBurnerXP
2009-07-13 17:07 . 2009-03-06 17:06 75824 ----a-w- c:\users\Benjamin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-13 17:01 . 2008-12-16 03:21 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-12 15:12 . 2009-04-17 13:39 -------- d-----w- c:\program files\Java
2009-07-11 20:41 . 2009-03-06 23:07 -------- d-----w- c:\program files\Common Files\Steam
2009-06-27 10:37 . 2009-06-27 10:37 -------- d-----w- c:\program files\Avanquest update
2009-06-27 10:35 . 2009-06-27 10:35 -------- d-----w- c:\progra~2\BVRP Software
2009-06-27 10:30 . 2009-06-27 10:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-26 19:37 . 2009-06-26 19:37 -------- d-----w- c:\program files\Sony Ericsson
2009-06-26 19:37 . 2009-06-26 19:37 -------- d-----w- c:\progra~2\Sony Ericsson
2009-06-22 13:47 . 2009-03-18 16:18 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Hamachi
2009-06-19 11:19 . 2009-06-19 11:19 10134 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-19 11:18 . 2009-06-19 11:18 -------- d-----w- c:\program files\Microsoft WSE
2009-06-19 11:08 . 2009-04-13 22:09 -------- d-----w- c:\program files\Electronic Arts
2009-06-18 17:25 . 2009-03-25 17:06 -------- d-----w- c:\users\Benjamin\AppData\Roaming\HP
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----r- c:\program files\Skype
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----w- c:\program files\Common Files\Skype
2009-06-16 12:08 . 2009-06-16 12:08 -------- d-----w- c:\progra~2\Skype
2009-06-16 08:56 . 2009-06-16 08:53 -------- d-----w- c:\program files\Mumble
2009-05-21 09:33 . 2009-04-18 09:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 18:13 . 2009-05-17 18:13 8854 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\UNINST_Uninstall_Cub_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
2009-05-17 18:13 . 2009-05-17 18:13 71542 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\ARPPRODUCTICON.exe
2009-05-17 18:13 . 2009-05-17 18:13 110592 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\NewShortcut1_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
2009-05-17 18:13 . 2009-05-17 18:13 110592 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}\Cube.exe1_E6B4523BA47C4DBA918CD9E220B3F4EC.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-10 397312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13584928]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-27 24064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-18 6793760]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Tray Agent.lnk - c:\program files\Pristy Utils\Tray Agent.exe [2009-4-25 12800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1D17A1B2-F82D-48D8-8765-1AF230282335}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F644351D-C165-468B-82A9-30066C4D89BB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF072197-A0A0-495C-B55A-48D48B918009}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{6232EE71-1427-4311-8520-15799F0C8A7F}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{27F5AF59-1BC3-411B-A5A6-F9FDE9745B21}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E96B3A2D-958D-434D-B96F-34FA2540B2AF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A8D550EE-E2CA-4ABC-B6BB-3804F509E8D4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{64A3640D-4334-46F1-8D7E-7488332532C9}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{114A3CFE-FC68-402B-B8D5-C0C15ABF95EB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B69285AC-3154-4E8F-B6B7-54A271E5AAA1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5EC7BFD9-2C99-4CFB-A47B-1424D8465CAF}"= UDP:c:\program files\eMule\emule.exe:eMule
"{D7A8910F-B6F3-40F7-98DF-0F3F8F5CA0D1}"= TCP:c:\program files\eMule\emule.exe:eMule
"4cfcce4d-f849-40d8-a8b7-242c7ae33eff"= %ProgramFiles%\eMule\emule.exe:Emule
"TCP Query User{8FF81173-624D-467A-84D7-F3F6B566589F}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\clouter73\counter-strike source\hl2.exe:hl2
"UDP Query User{E3A7ACF0-2F1B-4851-B0B9-D01636202322}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\clouter73\counter-strike source\hl2.exe:hl2
"TCP Query User{78FF6101-EDE5-4F20-91A4-BD153609E007}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{9DD01BA8-E108-4ADD-B991-E427DFBF9F73}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"{FCFDA27F-E6E3-458D-8B37-BB774C26FDD2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2A0457C3-0F7E-4D83-81E5-726D4C764563}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\clouter73\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{934A9FE1-3AB2-4F60-B4C3-4D3685312B96}c:\\program files\\steam\\steamapps\\clouter73\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\clouter73\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{E6AEDFBF-AC6B-4AAC-B747-DFE11BB85800}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3B6409D5-B9E0-4BA1-8279-03D1426E0EE1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{444C7645-544A-478F-95AE-DF1EF7660F6C}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead
"UDP Query User{3D9ABA87-ECBF-460B-BE8A-1D300C8FD67E}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead
"TCP Query User{41911C11-884D-4E4D-AEDB-4587C4F8C287}c:\\program files\\steam\\steamapps\\clouter73\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\clouter73\day of defeat source\hl2.exe:hl2
"UDP Query User{7D725196-28B2-4C05-BE72-5ACC05231D19}c:\\program files\\steam\\steamapps\\clouter73\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\clouter73\day of defeat source\hl2.exe:hl2
"TCP Query User{AC2E86A9-7FBB-4C8C-9492-3619DDE61E0C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{2BE4F0E2-516E-41C7-BAEC-A22CD1E68B78}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{83DBA98E-1148-4AA4-9BA1-D70A7FF62F02}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{636440CA-CFC1-4B0B-BF77-E0DD8F620DAB}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{4963FF7B-E3C8-478C-8E58-EA331840285D}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009
"{EA056C93-A5D1-429D-8E13-1E16B43BEF90}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\PCM.exe:Pro Cycling Manager - Season 2009
"{C16D6C0C-19A1-4C8D-8231-1B6D0FA8BADE}"= UDP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun
"{89DAB405-615D-45B8-96A0-EFF6E7A3EFCD}"= TCP:c:\program files\Cyanide\Pro Cycling Manager - Season 2009\Autorun\Exe\Autorun.exe:Pro Cycling Manager - Season 2009 - AutoRun
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [03/02/2009 17:39 63096]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [11/07/2006 09:30 42392]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [05/08/2009 02:33 3033712]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [05/06/2009 19:11 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 01:45 124832]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/08/2009 11:57 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [05/06/2009 19:11 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [05/06/2009 19:11 51792]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1ca0ddb7eee11f5;Service Google Update (gupdate1ca0ddb7eee11f5);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 12:26 133104]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [06/03/2009 22:52 28224]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [26/06/2009 21:37 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [26/06/2009 21:37 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [26/06/2009 21:37 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [26/06/2009 21:37 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [26/06/2009 21:37 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [26/06/2009 21:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [26/06/2009 21:37 110120]
S4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/12/2008 14:41 24064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=1208&m=imedia_a4730_fr
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1891926680-1825607294-912342561-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,81,18,34,a7,5c,3a,fe,0a,c4,79,50,1d,9b,dd,62,1e,4d,fc,f8,03,
b1,5e,54,da,2b,d6,10,56,e4,da,42,06,75,2f,20,4b,29,ba,75,3b,90,30,30,07,fc,\
"rkeysecu"=hex:3f,9c,78,ff,47,48,6d,75,26,24,a5,a3,5a,8d,9d,60
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Pristy Utils\CD Hotkey F9.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-13 19:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 17:09
Pre-Run: 855 973 928 960 octets libres
Post-Run: 855 913 099 264 octets libres
273 --- E O F --- 2009-08-10 15:37 -
-
Internet refonctionne ?
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Comment réactiver UAC Parce qu'il me mettes
"tentive d'opération non autorisé sur une clé du Registre marqué pour supression" le non de la fenètre c'est explorer.exe -
Il suffit de recocher la case que tu as décoché.
-
Oui mais je peux plus rien faire quoi que je fasse j'ai ce message..
-
Redémarre ton PC.
-
-
C'est bon j'redémarre l'ordi pour mettre l'UAC.
Je te dis après. -
J'peux aller sur internet explorer j'ai plus de message d'erreurs.
Maintenant qu'est-ce qu'il faut faire pour détruire complètement le virus ( s'il est pas détruit déja ) ? -
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse. -
D'accord. Merci Beaucoup Je met en pause les anti-virus pendant le scan? je te copierai Le Scan avant de suprimer
-
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
13/08/2009 20:20:18
mbam-log-2009-08-13 (20-20-03).txt
Type de recherche: Examen rapide
Eléments examinés: 84256
Temps écoulé: 6 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
Voila le Résultat. je suprime? -
-
Oui, supprime.
-
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
13/08/2009 20:43:58
mbam-log-2009-08-13 (20-43-58).txt
Type de recherche: Examen rapide
Eléments examinés: 84256
Temps écoulé: 6 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Voila. Merci Beaucoup Pour Tout, Je Mets un résolut. Merci Destrio