Infecte par tdss et agent fbx

nico62 -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,

je suis infecte par agent fbx et tdss rtk sur vista quelqu un pourrait m'aider merci beaucoup
Configuration: Windows Vista Internet Explorer 7.0

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

L'infection sous Windows Vista est associée à un TDSS Rootkit et à un agent nommé FBX, avec des rapports et journaux décrivant des modifications système et des redirections. Des analyses telles que HijackThis et RSIT identifient des entrées de démarrage, des BHO et des services suspects, reflétant des composants malveillants insérés dans le registre et des processus actifs. Pour remédier, il faut supprimer les éléments détectés via ces outils, puis effectuer un balayage approfondi avec Malwarebytes' Anti-Malware et un antivirus à jour, et une vérification des services et des tâches planifiées. Des éléments listés montrent aussi des composants légitimes coexistant avec des entrées potentiellement dangereuses, soulignant l'importance de vérifier les signatures et de surveiller les modifications de démarrage après nettoyage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonjour,

    Me faire ceci pour un examen complet de ton PC.

    ▶ Télécharge Random's System Information Tool (RSIT).

    ▶ Un tutoriel est à ta disposition pour l'installer et l'utiliser correctement ici

    ▶ Double clique sur RSIT.exe pour lancer l'outil.

    ▶ Clique sur 'Continue' à l'écran Disclaimer.

    ▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ▶ Une fois le scan fini , 2 rapports vont apparaitre. ▶ Héberge le contenu des 2 rapports.

    ( C:\RSIT\log.txt et C:\RSIT\info.txt )

    CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller

    Petite chose à faire pour les rapports générés par RSIT avant de continuer

    ▶ Vous devez fusionner les deux rapports.
    ▶ C'est-à-dire, copier/coller le contenu du rapport info.txt à la suite du rapport log.txt dans un bloc note pour ne faire qu'un seul rapport.
    ▶ Ensuite enregistrer le rapport log.txt.

    Ensuite :

    ▶ Rendez-vous à cette adresse d'hébergement gratuit : http://www.cijoint.fr/

    ▶ Cliquez sur parcourir, puis sur créer le lien cjoint

    ▶ Une fois le lien crée, faite un clique droit dessus et copier l'adresse du lien pour venir le coller dans votre réponse

    0
    1. nico62
       
      ok merci de m ' aider , je te pose le rapport

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by nico at 2009-08-30 13:26:05
      Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
      System drive C: has 142 GB (62%) free of 229 GB
      Total RAM: 3069 MB (52% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:26:39, on 30/08/2009
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18294)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\IDT\WDM\sttray.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Users\nico\AppData\Local\zubvbup.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\Microsoft Money 2005\MNYCoreFiles\msmoney.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
      C:\Users\nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0CG7HZG\RSIT[1].exe
      C:\Program Files\trend micro\nico.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
      O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [zubvbup] "c:\users\nico\appdata\local\zubvbup.exe" zubvbup
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
      O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
      O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
      O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
      O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
      0
  2. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonjour, le rapport info.txt n'est pas complet pour me le faire comme demandé dans le message merci?
    0
  3. nico62
     
    merci , je suis desole je n y connait pas gd chose en informatique
    je vous copie le lien
    merci

    http://www.cijoint.fr/cjlink.php?file=cj200908/cijgdCUT0a.txt
    0
  4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Je dirais déjà infections navipromo je reviens tout à l'heure vers 8h00 :

    Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    * Va dans démarrer puis panneau de configuration
    * Double Clique sur l'icône "Comptes d'utilisateurs"
    * Clique ensuite sur désactiver et valide.
    * Redémarre le PC

    Ton PC est infecté par l'ad-aware Navipromo/Magic Control qui affiche des publicités intempestives.
    Il s'installe via certains programmes, dont ceux-ci :

    ● Funky Emoticons
    ● go-astro
    ● GoRecord
    ● HotTVPlayer / HotTVPlayer & Paris Hilton
    ● Live-Player
    ● MailSkinner
    ● Messenger Skinner
    ● Instant Access
    ● InternetGameBox
    ● Officiale Emule (Version d'Emule modifiée)
    ● Original Solitaire
    ● SuperSexPlayer
    ● Speed Downloading
    ● Sudoplanet
    ● Webmediaplayer

    /!\ Fais attention de ne pas faire la même erreur, donc évite ces programmes /!\

    ▶ Télécharge sur le bureau Navilog1

    *Si ton antivirus s'affole , le désactiver
    sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur"
    Sous XP : double-clic dessus pour l'installer et le lancer

    ▶ Quand installé
    ▶ taper F
    ▶ Appuyer sur une touche jusqu' arriver aux options
    ▶ Choisir Recherche ( = taper 1 )

    ▶ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

    ▶un rapport : fixnavi.txt dans ==> C:

    ▶le copier et le coller dans la réponse
    0
    1. nico62
       
      je me permet de vous relancer , je vous reposte le rapport merci
      je pense que je suis toujours infecte car j' ai fait un scan avec avast et j" ai 3 virus .
      cordialement
      nico62
      Fix Navipromo version 4.0.2 commencé le 30/08/2009 18:45:12,37

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!

      Outil exécuté depuis C:\Program Files\navilog1

      Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
      X86-based PC ( Multiprocessor Free : AMD Turion(tm) X2 Dual-Core Mobile RM-70 )
      BIOS : Default System BIOS
      USER : nico ( Administrator )
      BOOT : Normal boot




      C:\ (Local Disk) - NTFS - Total:223 Go (Free:139 Go)
      D:\ (Local Disk)
      E:\ (CD or DVD)
      F:\ (USB) - FAT32 - Total:950 Mo (Free:0 Go)


      Recherche executée en mode normal

      Nettoyage exécuté au redémarrage de l'ordinateur


      C:\Users\nico\AppData\Local\zubvbup.exe supprimé !
      C:\Users\nico\AppData\Local\zubvbup.dat supprimé !
      C:\Users\nico\AppData\Local\zubvbup_nav.dat supprimé !
      C:\Users\nico\AppData\Local\zubvbup_navps.dat supprimé !


      Nettoyage contenu C:\Windows\Temp effectué !
      Nettoyage contenu C:\Users\nico\AppData\Local\Temp effectué !


      *** Sauvegarde du Registre vers dossier Safebackup ***

      sauvegarde du Registre réalisée avec succès !

      *** Nettoyage Registre ***

      Nettoyage Registre Ok






      *** Scan terminé 30/08/2009 19:08:50,92 ***
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Désolé, je suis un peu perturbé, car y a des gens qui m'agresse ici et ça m'énerve, mais bon passons à toi :

    ▶ Télécharge OTM (de Old_Timer) sur ton Bureau

    ▶ Double-clique sur OTM.exe pour le lancer.

    ▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

    ▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".

    -----------------------------------------------------------------------------

    :Processes

    :services

    :reg

    :files
    c:\users\nico\appdata\local\ucqygucj.bat


    :Commands
    [purity]
    [emptytemp]
    [Reboot]


    -----------------------------------------------------------------------------

    ▶ clique sur MoveIt! pour lancer la suppression.

    ▶ Le résultat apparaitra dans le cadre "Results".

    ▶ Clique sur Exit pour fermer.

    ▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    ▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

    0
    1. nico62
       
      ok c'est fait quest ce que ca donne ?
      All processes killed
      ========== FILES ==========
      c:\users\nico\appdata\local\ucqygucj.bat moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS135YLE\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8Y88S4F\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLZ77JHX\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKDQWRYK\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS135YLE\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8Y88S4F\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLZ77JHX\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKDQWRYK\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
      ->Temporary Internet Files folder emptied: 33170 bytes

      User: nico
      ->Temp folder emptied: 66740 bytes
      ->Temporary Internet Files folder emptied: 63329179 bytes
      ->Java cache emptied: 12668 bytes
      ->Google Chrome cache emptied: 6985283 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
      Windows Temp folder emptied: 0 bytes
      RecycleBin emptied: 207286089 bytes

      Total Files Cleaned = 264,88 mb


      OTM by OldTimer - Version 3.0.0.6 log created on 08312009_002329

      Files moved on Reboot...
      File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS135YLE\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8Y88S4F\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLZ77JHX\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKDQWRYK\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS135YLE\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8Y88S4F\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLZ77JHX\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FKDQWRYK\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
      File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

      Registry entries deleted on Reboot...
      cordialement nico62
      0
  7. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Parfais maintenant tu vas me faire ceci :

    ▶ Télécharge malwarebyte's anti-malware

    ▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.

    ▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

    ▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

    ▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

    ▶ L'analyse peut durer un bon moment.....

    ▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

    ▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

    ▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

    * Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
    0
    1. nico62
       
      bonjour j"ai poste le rapport malware a un autre membre et on m'a dit de poser ce rapport la par combo fix je vous le poste
      ComboFix 09-09-01.04 - nico 01/09/2009 22:43.1.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3069.2024 [GMT 2:00]
      Running from: c:\users\nico\Desktop\ComboFix.exe
      SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\$recycle.bin\S-1-5-21-3266793670-3546034856-3136528560-500
      c:\windows\Installer\17dc8.msi

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_KBIWKMCXRJDKIP
      -------\Legacy_KBIWKMFHXDNDJH
      -------\Service_kbiwkmcxrjdkip
      -------\Service_kbiwkmfhxdndjh


      ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
      .

      2009-09-01 20:53 . 2009-09-01 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
      2009-09-01 20:18 . 2009-09-01 20:18 -------- d-----w- C:\GenProc
      2009-08-30 22:54 . 2009-08-30 22:54 -------- d-----w- c:\users\nico\AppData\Roaming\Malwarebytes
      2009-08-30 22:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-08-30 22:54 . 2009-08-30 22:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-08-30 22:54 . 2009-08-30 22:54 -------- d-----w- c:\programdata\Malwarebytes
      2009-08-30 22:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-08-30 22:23 . 2009-08-30 22:23 -------- d-----w- C:\_OTM
      2009-08-30 17:08 . 2008-06-05 16:18 5737 ----a-w- c:\users\nico\AppData\Local\gnc.exe
      2009-08-30 16:40 . 2009-08-30 17:08 -------- d-----w- c:\program files\Navilog1
      2009-08-30 13:51 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
      2009-08-30 13:51 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
      2009-08-30 13:51 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
      2009-08-30 13:51 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
      2009-08-30 13:51 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
      2009-08-30 13:50 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
      2009-08-30 13:50 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
      2009-08-30 13:50 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
      2009-08-30 11:26 . 2009-08-30 15:46 -------- d-----w- c:\program files\trend micro
      2009-08-30 11:26 . 2009-08-30 11:26 -------- d-----w- C:\rsit
      2009-08-29 23:23 . 2009-08-29 23:23 -------- d-----w- c:\users\nico\AppData\Roaming\PCToolsFirewallPlus
      2009-08-29 23:04 . 2009-03-06 14:45 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys
      2009-08-29 23:04 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
      2009-08-29 23:04 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
      2009-08-29 23:01 . 2009-08-29 23:04 -------- d-----w- c:\program files\Common Files\PC Tools
      2009-08-29 23:01 . 2008-09-22 09:29 97408 ----a-w- c:\windows\system32\drivers\pctfw.sys
      2009-08-29 23:01 . 2009-01-21 07:38 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
      2009-08-29 23:01 . 2009-08-30 01:20 -------- d-----w- c:\program files\PC Tools Firewall Plus
      2009-08-29 22:44 . 2009-08-29 22:44 -------- d-----w- c:\users\nico\AppData\Roaming\JonDo
      2009-08-29 22:42 . 2009-08-30 01:14 -------- d-----w- c:\program files\jap anonymat
      2009-08-29 20:36 . 2009-08-29 20:36 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
      2009-08-29 20:07 . 2009-08-29 20:07 -------- d-----w- c:\program files\Microsoft
      2009-08-29 17:52 . 2009-08-29 22:03 -------- d-----w- c:\programdata\Norton
      2009-08-29 17:52 . 2009-08-29 17:52 -------- d-----w- c:\programdata\NortonInstaller
      2009-08-29 16:40 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
      2009-08-29 16:28 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
      2009-08-29 16:28 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
      2009-08-29 16:28 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
      2009-08-29 16:28 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
      2009-08-29 16:28 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
      2009-08-29 16:28 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
      2009-08-29 16:28 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
      2009-08-29 16:21 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
      2009-08-29 16:21 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
      2009-08-29 16:21 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
      2009-08-29 16:21 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
      2009-08-29 16:21 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
      2009-08-29 16:19 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
      2009-08-29 16:19 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
      2009-08-27 22:09 . 2009-08-27 22:09 -------- d-----w- c:\program files\mplayer
      2009-08-27 22:08 . 2009-08-27 22:08 -------- d-----w- c:\program files\ivc_flv_players
      2009-08-27 20:27 . 2009-08-27 21:32 -------- d-----w- c:\users\nico\AppData\Roaming\Python-Eggs
      2009-08-27 20:26 . 2009-08-27 21:52 -------- d-----w- c:\users\nico\.moovida
      2009-08-27 20:25 . 2009-08-27 20:25 -------- d-----w- c:\users\nico\AppData\Local\aedgency
      2009-08-27 20:25 . 2009-08-27 20:25 -------- d-----w- c:\program files\Deenero
      2009-08-27 20:22 . 2009-08-27 20:25 -------- d-----w- c:\program files\Moovida
      2009-08-21 10:02 . 2009-08-21 10:02 -------- d-----w- c:\programdata\eMule
      2009-08-21 10:02 . 2009-08-21 10:02 -------- d-----w- c:\users\nico\AppData\Local\eMule
      2009-08-21 10:02 . 2009-08-21 10:02 -------- d-----w- c:\program files\emule
      2009-08-20 15:50 . 2009-08-27 21:36 -------- d-----w- c:\users\nico\AppData\Roaming\DivX
      2009-08-19 21:58 . 2009-08-28 17:12 -------- d--h--w- C:\$AVG8.VAULT$
      2009-08-19 21:13 . 2009-08-19 21:13 -------- d-----w- c:\program files\Common Files\DivX Shared(32)
      2009-08-18 21:01 . 2009-08-18 21:01 -------- d-----w- c:\program files\Sunbelt Software
      2009-08-18 20:40 . 2009-08-18 20:40 -------- d-----w- c:\programdata\MailFrontier
      2009-08-18 20:34 . 2009-08-18 20:50 -------- d-----w- c:\windows\Internet Logs
      2009-08-18 18:53 . 2009-08-18 18:53 -------- d-----w- c:\users\nico\AppData\Local\AVG Security Toolbar
      2009-08-18 18:50 . 2009-08-18 18:50 -------- d-----w- c:\program files\AVG
      2009-08-18 18:50 . 2009-08-18 18:50 -------- d-----w- c:\programdata\avg8
      2009-08-18 16:58 . 2009-08-18 16:58 -------- d-----w- c:\programdata\CheckPoint
      2009-08-17 19:35 . 2009-08-17 19:35 -------- d-----w- c:\users\nico\AppData\Roaming\Talkback
      2009-08-17 13:56 . 2009-08-17 13:56 -------- d-----w- c:\program files\FLV Player
      2009-08-15 23:12 . 2009-08-15 23:12 -------- d-----w- c:\program files\veoh video
      2009-08-14 23:49 . 2009-08-30 22:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
      2009-08-14 23:49 . 2009-08-30 01:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2009-08-14 23:42 . 2009-08-28 17:55 -------- d-----w- C:\revo uninstaller
      2009-08-14 09:53 . 2009-08-14 09:53 -------- d-----w- C:\Nouveau dossier
      2009-08-14 09:52 . 2009-08-28 17:54 -------- d-----w- c:\program files\c cleaner
      2009-08-12 22:43 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
      2009-08-12 22:43 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
      2009-08-12 22:43 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
      2009-08-12 22:43 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
      2009-08-12 22:43 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
      2009-08-12 22:43 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
      2009-08-12 22:41 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
      2009-08-11 00:09 . 2009-08-11 00:11 -------- d-----w- c:\users\nico\AppData\Local\Google
      2009-08-11 00:09 . 2009-08-19 21:16 -------- d-----w- c:\program files\Google

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-09-01 20:54 . 2008-06-13 02:03 12 ----a-w- c:\windows\bthservsdp.dat
      2009-09-01 20:48 . 2008-06-13 11:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
      2009-09-01 20:48 . 2008-06-13 11:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
      2009-08-30 16:20 . 2008-08-29 20:38 74872 ----a-w- c:\users\nico\AppData\Local\GDIPFONTCACHEV1.DAT
      2009-08-30 16:15 . 2008-06-13 03:39 -------- d-----w- c:\programdata\Microsoft Help
      2009-08-30 01:15 . 2008-06-13 03:59 -------- d-----w- c:\programdata\AOL
      2009-08-29 22:02 . 2008-06-13 02:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
      2009-08-29 20:07 . 2009-04-03 15:22 -------- d-----w- c:\program files\Windows Live
      2009-08-29 17:54 . 2008-06-13 02:20 -------- d-----w- c:\programdata\Symantec
      2009-08-28 17:59 . 2008-06-13 03:58 -------- d-----w- c:\program files\EasyBits For Kids
      2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
      2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
      2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
      2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
      2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
      2009-08-28 17:55 . 2008-06-13 03:43 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
      2009-08-28 17:55 . 2008-10-08 09:11 -------- d-----w- c:\program files\Microsoft Silverlight
      2009-08-28 17:55 . 2008-06-13 03:17 -------- d-----w- c:\program files\Microsoft Works
      2009-08-28 17:55 . 2009-08-01 16:27 -------- d-----w- c:\program files\Microsoft Money 2005
      2009-08-28 17:55 . 2008-08-29 22:03 -------- d-----w- c:\program files\Microsoft AutoRoute
      2009-08-28 17:54 . 2009-07-30 23:47 -------- d-----w- c:\program files\Free Music Zilla
      2009-08-28 17:54 . 2008-08-29 20:01 -------- d-----w- c:\program files\IDT
      2009-08-28 17:54 . 2008-06-13 03:00 -------- d-----w- c:\program files\HP Games
      2009-08-28 17:54 . 2008-06-13 03:43 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
      2009-08-17 16:10 . 2009-05-25 16:31 1279456 ----a-w- c:\windows\system32\aswBoot.exe
      2009-08-17 16:05 . 2009-05-25 16:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-08-17 16:05 . 2009-05-25 16:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-08-17 16:05 . 2009-05-25 16:31 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2009-08-17 16:04 . 2009-05-25 16:32 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-08-17 16:04 . 2009-05-25 16:32 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-08-17 16:02 . 2009-05-25 16:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-08-13 08:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
      2009-08-11 23:24 . 2009-07-28 13:48 -------- d-----w- c:\users\nico\AppData\Roaming\FMZilla
      2009-07-30 21:31 . 2008-09-15 09:05 -------- d-----w- c:\users\nico\AppData\Roaming\CyberLink
      2009-07-28 14:06 . 2009-07-28 14:03 -------- d-----w- c:\users\nico\AppData\Roaming\FLV Extract
      2009-07-27 19:23 . 2009-04-01 21:32 106 ----a-w- c:\users\nico\AppData\Roaming\wklnhst.dat
      2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
      2009-07-23 10:26 . 2009-07-23 10:26 -------- d-----w- c:\program files\Inventel
      2009-07-18 16:06 . 2009-08-12 22:42 827904 ----a-w- c:\windows\system32\wininet.dll
      2009-07-18 16:01 . 2009-08-12 22:42 78336 ----a-w- c:\windows\system32\ieencode.dll
      2009-07-18 09:46 . 2009-08-12 22:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe
      2009-07-14 13:00 . 2009-08-12 22:42 313344 ----a-w- c:\windows\system32\wmpdxm.dll
      2009-07-14 12:59 . 2009-08-12 22:42 4096 ----a-w- c:\windows\system32\dxmasf.dll
      2009-07-14 12:58 . 2009-08-12 22:42 7680 ----a-w- c:\windows\system32\spwmp.dll
      2009-07-14 10:59 . 2009-08-12 22:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
      2009-06-10 12:12 . 2009-08-12 22:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
      2009-06-10 12:07 . 2009-08-12 22:42 91136 ----a-w- c:\windows\system32\avifil32.dll
      2009-06-04 12:34 . 2009-08-12 22:42 2066432 ----a-w- c:\windows\system32\mstscax.dll
      2008-09-19 20:58 . 2008-09-19 20:58 38 ----a-w- c:\program files\LSLWIN.INI
      2007-05-21 13:44 . 2009-08-27 22:09 2376 ----a-w- c:\program files\LICENCE_Internet_Video_Converter.txt
      2007-03-06 14:40 . 2007-03-06 14:40 572 ----a-w- c:\program files\LICENCE_ffmpeg.txt
      2007-02-07 22:03 . 2007-02-07 22:03 3504 ----a-w- c:\program files\CHANGELOG_flvtool2.txt
      2007-02-07 21:29 . 2007-02-07 21:29 355 ----a-w- c:\program files\README_flvtool2.txt
      2006-12-08 15:42 . 2006-12-08 15:42 83216 ----a-w- c:\program files\ivc_by_anh_nguyen.bmp
      2006-10-10 21:46 . 2006-10-10 21:46 1465 ----a-w- c:\program files\LICENSE_flvtool2.txt
      2008-08-22 23:13 . 2008-08-25 09:32 22 --sha-w- c:\windows\SMINST\HPCD.SYS
      2008-06-13 11:53 . 2008-06-13 11:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
      "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
      "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
      "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
      "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
      "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
      "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
      "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
      "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
      "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
      "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
      "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      "HideFastUserSwitching"= 0 (0x0)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "mixer"=wdmaud.drv

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{298681CC-146E-4D0F-9739-4AC7FE000A44}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
      "{15290068-E38D-4FDF-892A-2074A8C55BBB}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
      "{5287C8DB-59FD-49C6-8D73-818120AB7A06}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
      "{7B36BEC0-4D7E-4CE9-B4F7-90A79959D9C1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
      "{4DEF0161-2F2D-48F3-BFC8-3DF6B56C89C0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
      "{F050DF70-EA33-48D8-87BF-2913B3F4AEFB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{C5A30A86-7A6A-4C63-81C8-692514475B4D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{6F411E93-F377-4983-B459-D91A02EA58C6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
      "TCP Query User{12CA6EDE-82AB-4C50-B3F7-EB1CF6027865}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
      "UDP Query User{E0E6CCAB-4BC2-4A72-BB78-A9810425BF28}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
      "{A4E95338-EF56-4BFC-A905-4045FE52CB1D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
      "{ED2C009A-E36D-40F0-B441-DE13CB6F838D}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= c:\program files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla

      R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/05/2009 18:32 114768]
      R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [30/08/2009 01:04 159600]
      R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe [29/08/2008 22:01 73728]
      R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/05/2009 18:32 20560]
      R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/05/2009 18:31 53328]
      R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
      R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16:24 24880]
      R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [30/08/2009 01:04 73840]
      R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [13/06/2008 06:04 341328]
      R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15/08/2009 01:49 1153368]
      R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [13/06/2008 04:47 193840]
      R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 15:23 52736]
      R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [11/04/2008 19:55 84240]
      R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [30/08/2009 01:01 95640]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      ezSharedSvc

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
      .
      Contents of the 'Scheduled Tasks' folder

      2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{B6C59394-ACC0-4D2C-8000-F47AF9875193}.job
      - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://fmz.qiwa.com
      mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-09-01 22:55
      Windows 6.0.6001 Service Pack 1 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...


      c:\users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@c.live[1].txt
      c:\users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@windowsmarketplace[1].txt 118 bytes

      scan completed successfully
      hidden files: 2

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\System32\Ati2evxx.exe
      c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
      c:\windows\System32\audiodg.exe
      c:\windows\System32\Ati2evxx.exe
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\windows\System32\wlanext.exe
      c:\program files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\PC Tools Firewall Plus\FWService.exe
      c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
      c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
      c:\program files\CyberLink\Shared Files\RichVideo.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      c:\program files\Alwil Software\Avast4\ashDisp.exe
      c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
      c:\windows\ehome\ehmsas.exe
      c:\program files\Windows Media Player\wmpnetwk.exe
      c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
      c:\program files\Synaptics\SynTP\SynTPHelper.exe
      c:\program files\Windows Live\Contacts\wlcomm.exe
      c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
      .
      **************************************************************************
      .
      Completion time: 2009-09-01 23:04 - machine was rebooted
      ComboFix-quarantined-files.txt 2009-09-01 21:04

      Pre-Run: 148 760 834 048 octets libres
      Post-Run: 148 347 977 728 octets libres

      311 --- E O F --- 2009-09-01 19:13
      0
      1. Utilisateur anonyme > nico62
         
        j"ai poste le rapport malware a un autre membre et on m'a dit de poser ce rapport la par combo fix je vous le poste ,

        Tsss..
        0
  8. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonjour,

    nico62, pourrais-je savoir qui t'a demandé de faire combo?
    0
  9. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Je comprends mieux maintenant les doublons merci.
    0
  10. nico62
     
    desole je vous trouvai plus
    c'est donc narco 14 qui a pris la suite, je vous poste le rapport combo et ensuite j' ai fait un scan avec anti maware il ya aucune infection , enfin je crois?
    ComboFix 09-09-01.04 - nico 02/09/2009 0:42.2.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3069.1899 [GMT 2:00]
    Running from: c:\users\nico\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
    .

    2009-09-01 22:50 . 2009-09-01 22:50 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-09-01 22:50 . 2009-09-01 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-09-01 21:34 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-09-01 21:34 . 2009-09-01 21:34 -------- d-----w- c:\program files\Panda Security
    2009-09-01 20:18 . 2009-09-01 20:18 -------- d-----w- C:\GenProc
    2009-08-30 22:54 . 2009-08-30 22:54 -------- d-----w- c:\users\nico\AppData\Roaming\Malwarebytes
    2009-08-30 22:54 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-30 22:54 . 2009-08-30 22:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-30 22:54 . 2009-08-30 22:54 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-30 22:54 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-30 22:23 . 2009-08-30 22:23 -------- d-----w- C:\_OTM
    2009-08-30 17:08 . 2008-06-05 16:18 5737 ----a-w- c:\users\nico\AppData\Local\gnc.exe
    2009-08-30 16:40 . 2009-08-30 17:08 -------- d-----w- c:\program files\Navilog1
    2009-08-30 13:51 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
    2009-08-30 13:51 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-08-30 13:51 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-08-30 13:51 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
    2009-08-30 13:51 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
    2009-08-30 13:50 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-08-30 13:50 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
    2009-08-30 13:50 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
    2009-08-30 11:26 . 2009-08-30 15:46 -------- d-----w- c:\program files\trend micro
    2009-08-30 11:26 . 2009-08-30 11:26 -------- d-----w- C:\rsit
    2009-08-29 23:23 . 2009-08-29 23:23 -------- d-----w- c:\users\nico\AppData\Roaming\PCToolsFirewallPlus
    2009-08-29 23:04 . 2009-03-06 14:45 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-08-29 23:04 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2009-08-29 23:04 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-08-29 23:01 . 2009-08-29 23:04 -------- d-----w- c:\program files\Common Files\PC Tools
    2009-08-29 23:01 . 2008-09-22 09:29 97408 ----a-w- c:\windows\system32\drivers\pctfw.sys
    2009-08-29 23:01 . 2009-01-21 07:38 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2009-08-29 23:01 . 2009-08-30 01:20 -------- d-----w- c:\program files\PC Tools Firewall Plus
    2009-08-29 22:44 . 2009-08-29 22:44 -------- d-----w- c:\users\nico\AppData\Roaming\JonDo
    2009-08-29 22:42 . 2009-08-30 01:14 -------- d-----w- c:\program files\jap anonymat
    2009-08-29 20:36 . 2009-08-29 20:36 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2009-08-29 20:07 . 2009-08-29 20:07 -------- d-----w- c:\program files\Microsoft
    2009-08-29 17:52 . 2009-08-29 22:03 -------- d-----w- c:\programdata\Norton
    2009-08-29 17:52 . 2009-08-29 17:52 -------- d-----w- c:\programdata\NortonInstaller
    2009-08-29 16:40 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-08-29 16:28 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-08-29 16:28 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-08-29 16:28 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-08-29 16:28 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-08-29 16:28 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-08-29 16:28 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-08-29 16:28 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-08-29 16:21 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
    2009-08-29 16:21 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
    2009-08-29 16:21 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2009-08-29 16:21 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
    2009-08-29 16:21 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
    2009-08-29 16:19 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2009-08-29 16:19 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
    2009-08-27 22:09 . 2009-08-27 22:09 -------- d-----w- c:\program files\mplayer
    2009-08-27 22:08 . 2009-08-27 22:08 -------- d-----w- c:\program files\ivc_flv_players
    2009-08-27 20:27 . 2009-08-27 21:32 -------- d-----w- c:\users\nico\AppData\Roaming\Python-Eggs
    2009-08-27 20:26 . 2009-08-27 21:52 -------- d-----w- c:\users\nico\.moovida
    2009-08-27 20:25 . 2009-08-27 20:25 -------- d-----w- c:\users\nico\AppData\Local\aedgency
    2009-08-27 20:25 . 2009-08-27 20:25 -------- d-----w- c:\program files\Deenero
    2009-08-27 20:22 . 2009-08-27 20:25 -------- d-----w- c:\program files\Moovida
    2009-08-21 10:02 . 2009-08-21 10:02 -------- d-----w- c:\programdata\eMule
    2009-08-21 10:02 . 2009-08-21 10:02 -------- d-----w- c:\users\nico\AppData\Local\eMule
    2009-08-21 10:02 . 2009-08-21 10:02 -------- d-----w- c:\program files\emule
    2009-08-20 15:50 . 2009-08-27 21:36 -------- d-----w- c:\users\nico\AppData\Roaming\DivX
    2009-08-19 21:58 . 2009-08-28 17:12 -------- d--h--w- C:\$AVG8.VAULT$
    2009-08-19 21:13 . 2009-08-19 21:13 -------- d-----w- c:\program files\Common Files\DivX Shared(32)
    2009-08-18 21:01 . 2009-08-18 21:01 -------- d-----w- c:\program files\Sunbelt Software
    2009-08-18 20:40 . 2009-08-18 20:40 -------- d-----w- c:\programdata\MailFrontier
    2009-08-18 20:34 . 2009-08-18 20:50 -------- d-----w- c:\windows\Internet Logs
    2009-08-18 18:53 . 2009-08-18 18:53 -------- d-----w- c:\users\nico\AppData\Local\AVG Security Toolbar
    2009-08-18 18:50 . 2009-08-18 18:50 -------- d-----w- c:\program files\AVG
    2009-08-18 18:50 . 2009-08-18 18:50 -------- d-----w- c:\programdata\avg8
    2009-08-18 16:58 . 2009-08-18 16:58 -------- d-----w- c:\programdata\CheckPoint
    2009-08-17 19:35 . 2009-08-17 19:35 -------- d-----w- c:\users\nico\AppData\Roaming\Talkback
    2009-08-17 13:56 . 2009-08-17 13:56 -------- d-----w- c:\program files\FLV Player
    2009-08-15 23:12 . 2009-08-15 23:12 -------- d-----w- c:\program files\veoh video
    2009-08-14 23:49 . 2009-09-01 22:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-08-14 23:49 . 2009-08-30 01:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-14 23:42 . 2009-08-28 17:55 -------- d-----w- C:\revo uninstaller
    2009-08-14 09:53 . 2009-08-14 09:53 -------- d-----w- C:\Nouveau dossier
    2009-08-14 09:52 . 2009-08-28 17:54 -------- d-----w- c:\program files\c cleaner
    2009-08-12 22:43 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
    2009-08-12 22:43 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-08-12 22:43 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-08-12 22:43 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-08-12 22:43 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-08-12 22:43 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
    2009-08-12 22:41 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-08-11 00:09 . 2009-08-11 00:11 -------- d-----w- c:\users\nico\AppData\Local\Google
    2009-08-11 00:09 . 2009-08-19 21:16 -------- d-----w- c:\program files\Google

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-01 22:43 . 2008-06-13 11:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
    2009-09-01 22:43 . 2008-06-13 11:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
    2009-09-01 22:35 . 2008-06-13 02:03 12 ----a-w- c:\windows\bthservsdp.dat
    2009-08-30 16:20 . 2008-08-29 20:38 74872 ----a-w- c:\users\nico\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-08-30 16:15 . 2008-06-13 03:39 -------- d-----w- c:\programdata\Microsoft Help
    2009-08-30 01:15 . 2008-06-13 03:59 -------- d-----w- c:\programdata\AOL
    2009-08-29 22:02 . 2008-06-13 02:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-08-29 20:07 . 2009-04-03 15:22 -------- d-----w- c:\program files\Windows Live
    2009-08-29 17:54 . 2008-06-13 02:20 -------- d-----w- c:\programdata\Symantec
    2009-08-28 17:59 . 2008-06-13 03:58 -------- d-----w- c:\program files\EasyBits For Kids
    2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
    2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
    2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
    2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
    2009-08-28 17:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
    2009-08-28 17:55 . 2008-06-13 03:43 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2009-08-28 17:55 . 2008-10-08 09:11 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-08-28 17:55 . 2008-06-13 03:17 -------- d-----w- c:\program files\Microsoft Works
    2009-08-28 17:55 . 2009-08-01 16:27 -------- d-----w- c:\program files\Microsoft Money 2005
    2009-08-28 17:55 . 2008-08-29 22:03 -------- d-----w- c:\program files\Microsoft AutoRoute
    2009-08-28 17:54 . 2009-07-30 23:47 -------- d-----w- c:\program files\Free Music Zilla
    2009-08-28 17:54 . 2008-08-29 20:01 -------- d-----w- c:\program files\IDT
    2009-08-28 17:54 . 2008-06-13 03:00 -------- d-----w- c:\program files\HP Games
    2009-08-28 17:54 . 2008-06-13 03:43 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
    2009-08-17 16:10 . 2009-05-25 16:31 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-17 16:05 . 2009-05-25 16:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-17 16:05 . 2009-05-25 16:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-17 16:05 . 2009-05-25 16:31 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-08-17 16:04 . 2009-05-25 16:32 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-17 16:04 . 2009-05-25 16:32 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-17 16:02 . 2009-05-25 16:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-13 08:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-11 23:24 . 2009-07-28 13:48 -------- d-----w- c:\users\nico\AppData\Roaming\FMZilla
    2009-07-30 21:31 . 2008-09-15 09:05 -------- d-----w- c:\users\nico\AppData\Roaming\CyberLink
    2009-07-28 14:06 . 2009-07-28 14:03 -------- d-----w- c:\users\nico\AppData\Roaming\FLV Extract
    2009-07-27 19:23 . 2009-04-01 21:32 106 ----a-w- c:\users\nico\AppData\Roaming\wklnhst.dat
    2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
    2009-07-23 10:26 . 2009-07-23 10:26 -------- d-----w- c:\program files\Inventel
    2009-07-18 16:06 . 2009-08-12 22:42 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-07-18 16:01 . 2009-08-12 22:42 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-07-18 09:46 . 2009-08-12 22:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-14 13:00 . 2009-08-12 22:42 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-14 12:59 . 2009-08-12 22:42 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-07-14 12:58 . 2009-08-12 22:42 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-07-14 10:59 . 2009-08-12 22:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-06-10 12:12 . 2009-08-12 22:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-10 12:07 . 2009-08-12 22:42 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-04 12:34 . 2009-08-12 22:42 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2008-09-19 20:58 . 2008-09-19 20:58 38 ----a-w- c:\program files\LSLWIN.INI
    2007-05-21 13:44 . 2009-08-27 22:09 2376 ----a-w- c:\program files\LICENCE_Internet_Video_Converter.txt
    2007-03-06 14:40 . 2007-03-06 14:40 572 ----a-w- c:\program files\LICENCE_ffmpeg.txt
    2007-02-07 22:03 . 2007-02-07 22:03 3504 ----a-w- c:\program files\CHANGELOG_flvtool2.txt
    2007-02-07 21:29 . 2007-02-07 21:29 355 ----a-w- c:\program files\README_flvtool2.txt
    2006-12-08 15:42 . 2006-12-08 15:42 83216 ----a-w- c:\program files\ivc_by_anh_nguyen.bmp
    2006-10-10 21:46 . 2006-10-10 21:46 1465 ----a-w- c:\program files\LICENSE_flvtool2.txt
    2008-08-22 23:13 . 2008-08-25 09:32 22 --sha-w- c:\windows\SMINST\HPCD.SYS
    2008-06-13 11:53 . 2008-06-13 11:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-01_20.55.46 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 01:58 . 2009-09-01 20:27 68442 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-01-21 01:58 . 2009-09-01 22:38 68442 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-09-01 22:38 98444 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-08-29 21:07 . 2009-09-01 22:38 18560 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3266793670-3546034856-3136528560-1000_UserData.bin
    + 2008-08-29 19:49 . 2009-09-01 22:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-08-29 19:49 . 2009-09-01 20:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-08-29 19:49 . 2009-09-01 22:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-08-29 19:49 . 2009-09-01 20:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-09-01 22:36 . 2009-09-01 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-09-01 22:36 . 2009-09-01 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-09-01 20:54 . 2009-09-01 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 10:33 . 2009-09-01 22:43 587178 c:\windows\System32\perfh009.dat
    - 2006-11-02 10:33 . 2009-09-01 20:48 587178 c:\windows\System32\perfh009.dat
    + 2006-11-02 10:33 . 2009-09-01 22:43 101250 c:\windows\System32\perfc009.dat
    - 2006-11-02 10:33 . 2009-09-01 20:48 101250 c:\windows\System32\perfc009.dat
    - 2008-08-29 19:49 . 2009-09-01 20:55 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-29 19:49 . 2009-09-01 22:40 147456 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-04-17 06:59 . 2009-04-17 06:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{298681CC-146E-4D0F-9739-4AC7FE000A44}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{15290068-E38D-4FDF-892A-2074A8C55BBB}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{5287C8DB-59FD-49C6-8D73-818120AB7A06}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{7B36BEC0-4D7E-4CE9-B4F7-90A79959D9C1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{4DEF0161-2F2D-48F3-BFC8-3DF6B56C89C0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{F050DF70-EA33-48D8-87BF-2913B3F4AEFB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C5A30A86-7A6A-4C63-81C8-692514475B4D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{6F411E93-F377-4983-B459-D91A02EA58C6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "TCP Query User{12CA6EDE-82AB-4C50-B3F7-EB1CF6027865}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
    "UDP Query User{E0E6CCAB-4BC2-4A72-BB78-A9810425BF28}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
    "{A4E95338-EF56-4BFC-A905-4045FE52CB1D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
    "{ED2C009A-E36D-40F0-B441-DE13CB6F838D}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= c:\program files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla

    R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [01/09/2009 23:34 28544]
    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/05/2009 18:32 114768]
    R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [30/08/2009 01:04 159600]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/05/2009 18:32 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/05/2009 18:31 53328]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
    R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16:24 24880]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [30/08/2009 01:04 73840]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [13/06/2008 06:04 341328]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15/08/2009 01:49 1153368]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [13/06/2008 04:47 193840]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 15:23 52736]
    R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [11/04/2008 19:55 84240]
    R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [30/08/2009 01:01 95640]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe [29/08/2008 22:01 73728]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - PAVBOOT

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{B6C59394-ACC0-4D2C-8000-F47AF9875193}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://fmz.qiwa.com
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-02 00:50
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-09-01 0:54
    ComboFix-quarantined-files.txt 2009-09-01 22:54
    ComboFix2.txt 2009-09-01 21:04

    Pre-Run: 148 322 635 776 octets libres
    Post-Run: 148 220 809 216 octets libres

    296 --- E O F --- 2009-09-01 19:13
    et ensuite anti malware
    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2728
    Windows 6.0.6001 Service Pack 1

    02/09/2009 02:28:06
    mbam-log-2009-09-02 (02-28-06).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
    Eléments examinés: 270452
    Temps écoulé: 1 hour(s), 25 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    quest que ca donne ?
    cordialement
    nico62
    0
  11. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    on va faire la suite alors , maintenant on va vérifier que tu n'est pas de spyware :

    Télécharge Superantispyware (SAS)

    Choisis "enregistrer" et enregistre-le sur ton bureau.

    Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

    Créé une icône sur le bureau.

    Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

    - Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    - Sous Configuration and Préférences, clique sur le bouton "Préférences"
    - Clique sur l'onglet "Scanning Control "
    - Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

    Close browsers before scanning (Fermer Navigateur avant le scan)

    Scan for tracking cookies (Scan pour dépister les cookies)

    Terminate memory threats before quarantining (Terminez les menaces de mémoire avant de mettre en quarantaine)

    - Laisse les autres lignes décochées.

    - Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

    - Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

    Dans la colonne de gauche, coche C:\Fixed Drive.

    Dans la colonne de droite, sous "Complète scan", clique sur "Perform Complète Scan"

    Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

    A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

    Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

    Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

    Pour recopier les informations sur le forum, fais ceci :

    - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    - Clique sur "Préférences" puis sur l'onglet "Statistics/Logs ".
    - Dans "scanners logs", double-clique sur SuperAntiSpyware Scan Log.

    - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

    - Copie son contenu dans ta réponse.

    Regarde bien le tuto SuperAntiSpyware il est très bien expliqué.
    0
    1. nico62
       
      ok je te poste le rapport
      SUPERAntiSpyware Scan Log
      https://www.superantispyware.com/

      Generated 09/02/2009 at 07:56 PM

      Application Version : 4.27.1002

      Core Rules Database Version : 4082
      Trace Rules Database Version: 2022

      Scan type : Quick Scan
      Total Scan Time : 00:44:13

      Memory items scanned : 571
      Memory threats detected : 0
      Registry items scanned : 461
      Registry threats detected : 19
      File items scanned : 37037
      File threats detected : 111

      Adware.Vundo/Variant
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E54729E8-BB3D-4270-9D49-7389EA579090}
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\InprocServer32
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\InprocServer32#ThreadingModel
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\ProgID
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\TypeLib
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\VersionIndependentProgID
      HKCR\ezUPBHook.ShellObj.1
      HKCR\ezUPBHook.ShellObj.1\CLSID
      HKCR\ezUPBHook.ShellObj
      HKCR\ezUPBHook.ShellObj\CLSID
      HKCR\ezUPBHook.ShellObj\CurVer
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\0
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\0\win32
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\FLAGS
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\HELPDIR
      C:\WINDOWS\SYSTEM32\EZUPBH~1.DLL

      Adware.Tracking Cookie
      C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@atdmt[2].txt
      C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@lorealparis.solution.weborama[2].txt
      C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@weborama[1].txt
      C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@imrworldwide[2].txt
      C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@serving-sys[1].txt
      C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@bs.serving-sys[2].txt
      ad.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      ad.zanox.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .adtech.de [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .content.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clicksor.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clicksor.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .content.yieldmanager.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .smartadserver.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .smartadserver.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .xiti.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .doubleclick.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .doubleclick.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .smartadserver.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .smartadserver.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .atdmt.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .atdmt.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .advertising.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .advertising.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .advertising.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .advertising.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .tradedoubler.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .tradedoubler.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .tradedoubler.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .zedo.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .zedo.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .zedo.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      fr.classic.clickintext.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      tracking.publicidees.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      tracking.publicidees.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      tracking.publicidees.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .bluestreak.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .apmebf.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      track.effiliation.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .aimfar.solution.weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .aimfar.solution.weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .myroitracking.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      adserving.favorit-network.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      adserving.favorit-network.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .bs.serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .serving-sys.com [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .fnacmagasin.solution.weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .fnacmagasin.solution.weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .fnacmagasin.solution.weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .fnacmagasin.solution.weborama.fr [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      .lgeeurope.122.2o7.net [ C:\Users\nico\AppData\Roaming\Mozilla\Firefox\Profiles\fiet23t0.default\cookies.txt ]
      0
  12. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    quand même il en a trouvé pas mal de chose, il faut supprimer tout ça qu'il à mis en quarantaine, ensuite on va vérifier qu'il n'y a plus de virus :

    Fais un scan en ligne avec Internet explorer
    Rend toi sur ce site : http://www.bitdefender.fr/scan_fr/scan8/ie.html
    0
    1. nico62
       
      bonjour impossible de faire scan avec bit defender manque controle x
      je l ai fait avec panda scan, je vous poste mon rapport :

      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2009-09-03 13:58:51
      PROTECTIONS: 3
      MALWARE: 7
      SUSPECTS: 2
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      Spybot - Search and Destroy 1.0.0.6 No Yes
      Windows Defender 1.1.1505.0 No Yes
      SUPERAntiSpyware 4, 27, 0, 1002 No Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@atdmt[2].txt
      00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@atdmt[2].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@xiti[1].txt
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@ad.yieldmanager[1].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@serving-sys[2].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@serving-sys[1].txt
      00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@bs.serving-sys[2].txt
      00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@bs.serving-sys[2].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@weborama[1].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\nico@weborama[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\nico\AppData\Roaming\Microsoft\Windows\Cookies\Low\nico@smartadserver[2].txt
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location ��U�����9
      ;===================================================================================================================================================================================
      No C:\Program Files\Navilog1\gnc.exe ��U�����9
      No C:\Users\nico\AppData\Local\gnc.exe ��U�����9
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description ��U�����9
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
  13. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    il ne voit pas de virus, mais détecte quand même ceci tu connais : C:\Users\nico\AppData\Local\gnc.exe
    0
  14. nico62
     
    oui ca vient de navilog comment le supprimer
    0
  15. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ah ok pas de problème alors il sera supprimé plus tard.

    Une dernière vérif :

    Télécharge List&Kill'em (par Gen-Hackman) et enregistre l'exécutable sur ton bureau.

    ! Désactive ton antivirus le temps de la manip ainsi que ton Pare-feu si présent !

    ! Déconnecte toi ferme toutes tes applications en cours !

    ▶ Double-clic sur l'icône présente sur le bureau pour le lancer (sous vista : clic droit > "exécuter en tant qu'administrateur").

    ▶ Choisis la langue souhaitée et valide par "entrée".

    ▶ Au second menu choisis l'option 1 : Mode Recherche

    ▶ Laisse travailler l'outil.

    ▶ Une fois le scan Terminé ,un rapport s'ouvre .

    Ensuite héberger le rapport :

    ▶ Rendez-vous à cette adresse d'hébergement gratuit : http://www.cijoint.fr/

    ▶ Cliquez sur parcourir, puis sur créer le lien cjoint

    ▶ Une fois le lien crée, faite un clique droit dessus et copier l'adresse du lien pour venir le coller dans votre réponse

    0
  16. nico62
     
    ok c est fait
    List'em by g3n-h@ckm@n 1.0.3.0

    updated on 03.09.2009 ::::: 0.25

    Microsoft Windows [version 6.0.6001]

    03/09/2009 21:42:50,74

    Nom de l'h“te: PC-DE-NICO
    Nom du systŠme d'exploitation: Microsoft© Windows VistaT dition Familiale Premium
    Version du systŠme: 6.0.6001 Service Pack 1 version 6001
    Fabricant du systŠme d'exploitation: Microsoft Corporation
    Configuration du systŠme d'exploitation: Station de travail autonome
    Type de version du systŠme d'exploitation: Multiprocessor Free
    Propri‚taire enregistr‚: nico
    Organisation enregistr‚e: Hewlett-Packard
    Identificateur de produit: 89578-OEM-7332157-00061
    Date d'installation originale: 29/08/2008, 21:50:00
    Heure de d‚marrage du systŠme: 03/09/2009, 21:16:58
    Fabricant du systŠme: Hewlett-Packard
    ModŠle du systŠme: HP Pavilion dv7 Notebook PC
    Type du systŠme: X86-based PC
    Processeur(s): 1 processeur(s) install‚(s).
    [01]ÿ: x64 Family 17 Model 3 Stepping 1 AuthenticAMD ~1000 MHz
    Version du BIOS: Hewlett-Packard F.21, 18/07/2008
    R‚pertoire Windows: C:\Windows
    R‚pertoire systŠme: C:\Windows\system32
    P‚riph‚rique d'amor‡age: \Device\HarddiskVolume1
    Option r‚gionale du systŠme: fr;Fran‡ais (France)
    ParamŠtres r‚gionaux d'entr‚e: fr;Fran‡ais (France)
    Fuseau horaire: (GMT+01:00) Bruxelles, Copenhague, Madrid, Paris
    M‚moire physique totale: 3ÿ069 Mo
    M‚moire physique disponible: 1ÿ976 Mo
    Fichier d'‚changeÿ: taille maximale: 6ÿ341 Mo
    Fichier d'‚changeÿ: disponible: 5ÿ015 Mo
    Fichier d'‚changeÿ: en cours d'utilisation: 1ÿ326 Mo
    Emplacements des fichiers d'‚change: C:\pagefile.sys
    Domaine: WORKGROUP
    Serveur d'ouverture de session: \\PC-DE-NICO
    Correctif(s): 95 Corrections install‚es.
    [01]: {D03EFEA4-C1D4-42E4-9691-21B526AC500B} - Installation de Microsoft Works
    [02]: {5D96A7C7-7CDB-434D-B9AA-E77BE2F11BFB}
    [03]: KB937286
    [04]: KB944036
    [05]: 944036
    [06]: 942567
    [07]: KB905866
    [08]: KB935509
    [09]: KB937287
    [10]: KB938371
    [11]: KB938464
    [12]: KB941693
    [13]: KB947880
    [14]: KB948590
    [15]: KB948609
    [16]: KB948610
    [17]: KB948881
    [18]: KB949246
    [19]: KB949247
    [20]: KB950124
    [21]: KB950125
    [22]: KB950126
    [23]: KB950186
    [24]: KB950582
    [25]: KB950762
    [26]: KB950974
    [27]: KB951066
    [28]: KB951072
    [29]: KB951698
    [30]: KB951978
    [31]: KB952004
    [32]: KB952069
    [33]: KB952287
    [34]: KB952709
    [35]: KB953155
    [36]: KB953733
    [37]: KB953838
    [38]: KB953839
    [39]: KB954154
    [40]: KB954211
    [41]: KB954366
    [42]: KB954459
    [43]: KB954708
    [44]: KB955020
    [45]: KB955069
    [46]: KB955302
    [47]: KB955430
    [48]: KB955519
    [49]: KB955839
    [50]: KB956390
    [51]: KB956391
    [52]: KB956572
    [53]: KB956744
    [54]: KB956802
    [55]: KB956841
    [56]: KB957095
    [57]: KB957097
    [58]: KB957200
    [59]: KB957321
    [60]: KB957388
    [61]: KB958215
    [62]: KB958481
    [63]: KB958483
    [64]: KB958623
    [65]: KB958624
    [66]: KB958644
    [67]: KB958687
    [68]: KB958690
    [69]: KB959108
    [70]: KB959130
    [71]: KB959426
    [72]: KB959772
    [73]: KB960225
    [74]: KB960544
    [75]: KB960714
    [76]: KB960715
    [77]: KB960803
    [78]: KB961260
    [79]: KB961371
    [80]: KB961501
    [81]: KB963027
    [82]: KB967632
    [83]: KB968389
    [84]: KB968537
    [85]: KB970238
    [86]: KB970653
    [87]: KB971557
    [88]: KB971657
    [89]: KB972260
    [90]: KB972260
    [91]: KB973346
    [92]: KB973507
    [93]: KB973540
    [94]: KB973874
    [95]: 940157
    Carte(s) r‚seau: 2 carte(s) r‚seau install‚e(s).
    [01]: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
    Nom de la connexionÿ: Connexion au r‚seau local
    tatÿ: Support d‚connect‚
    [02]: Atheros AR5007 802.11b/g WiFi Adapter
    Nom de la connexionÿ: Connexion r‚seau sans fil
    DHCP activ‚ÿ: Oui
    Serveur DHCPÿ: 192.168.0.1
    Adresse(s) IP
    [01]: 192.168.0.10
    [02]: fe80::389f:7992:69bd:7eff

    Nom de l'image PID Nom de la sessio Num‚ro de s Utilisation
    ========================= ======== ================ =========== ============
    System Idle Process 0 Services 0 24 Ko
    System 4 Services 0 2ÿ868 Ko
    smss.exe 528 Services 0 732 Ko
    csrss.exe 596 Services 0 6ÿ060 Ko
    wininit.exe 656 Services 0 3ÿ960 Ko
    csrss.exe 664 Console 1 9ÿ316 Ko
    services.exe 704 Services 0 6ÿ916 Ko
    lsass.exe 716 Services 0 2ÿ540 Ko
    lsm.exe 724 Services 0 4ÿ208 Ko
    svchost.exe 860 Services 0 6ÿ560 Ko
    winlogon.exe 916 Console 1 5ÿ640 Ko
    svchost.exe 964 Services 0 7ÿ344 Ko
    svchost.exe 1008 Services 0 37ÿ920 Ko
    Ati2evxx.exe 1060 Services 0 4ÿ268 Ko
    svchost.exe 1076 Services 0 13ÿ080 Ko
    svchost.exe 1112 Services 0 78ÿ836 Ko
    svchost.exe 1124 Services 0 37ÿ372 Ko
    stacsv.exe 1136 Services 0 6ÿ508 Ko
    audiodg.exe 1316 Services 0 16ÿ244 Ko
    svchost.exe 1408 Services 0 4ÿ868 Ko
    SLsvc.exe 1424 Services 0 10ÿ660 Ko
    svchost.exe 1468 Services 0 12ÿ140 Ko
    hpservice.exe 1536 Services 0 4ÿ720 Ko
    Ati2evxx.exe 1552 Console 1 6ÿ500 Ko
    svchost.exe 1664 Services 0 14ÿ544 Ko
    aswUpdSv.exe 1832 Services 0 308 Ko
    ashServ.exe 1852 Services 0 23ÿ152 Ko
    wlanext.exe 1888 Services 0 5ÿ556 Ko
    spoolsv.exe 544 Services 0 9ÿ808 Ko
    svchost.exe 556 Services 0 15ÿ892 Ko
    AEstSrv.exe 1660 Services 0 1ÿ628 Ko
    svchost.exe 1796 Services 0 3ÿ440 Ko
    LSSrvc.exe 1840 Services 0 3ÿ748 Ko
    FWService.exe 2100 Services 0 13ÿ892 Ko
    svchost.exe 2304 Services 0 4ÿ604 Ko
    QPCapSvc.exe 2316 Services 0 14ÿ132 Ko
    QPSched.exe 2336 Services 0 6ÿ472 Ko
    BLService.exe 2360 Services 0 6ÿ640 Ko
    RichVideo.exe 2400 Services 0 3ÿ968 Ko
    svchost.exe 2436 Services 0 6ÿ240 Ko
    svchost.exe 2472 Services 0 4ÿ120 Ko
    SearchIndexer.exe 2496 Services 0 14ÿ204 Ko
    SDWinSec.exe 2768 Services 0 8ÿ180 Ko
    WUDFHost.exe 3028 Services 0 5ÿ720 Ko
    dwm.exe 3748 Console 1 51ÿ236 Ko
    taskeng.exe 3780 Console 1 10ÿ872 Ko
    explorer.exe 3800 Console 1 59ÿ588 Ko
    taskeng.exe 3900 Services 0 5ÿ636 Ko
    MOM.exe 2720 Console 1 3ÿ300 Ko
    QPService.exe 336 Console 1 21ÿ920 Ko
    MSASCui.exe 3348 Console 1 9ÿ232 Ko
    QLBCTRL.exe 3388 Console 1 13ÿ072 Ko
    HPKBDAPP.exe 3508 Console 1 6ÿ964 Ko
    hpwuSchd2.exe 3132 Console 1 3ÿ036 Ko
    HPWAMain.exe 3624 Console 1 10ÿ644 Ko
    jusched.exe 3176 Console 1 3ÿ704 Ko
    sttray.exe 3664 Console 1 12ÿ916 Ko
    ashDisp.exe 3716 Console 1 6ÿ348 Ko
    FirewallGUI.exe 3772 Console 1 6ÿ144 Ko
    sidebar.exe 2068 Console 1 10ÿ504 Ko
    LightScribeControlPanel.e 1276 Console 1 9ÿ224 Ko
    ehtray.exe 1264 Console 1 1ÿ364 Ko
    msnmsgr.exe 1292 Console 1 11ÿ300 Ko
    wmpnscfg.exe 1368 Console 1 5ÿ028 Ko
    TeaTimer.exe 2456 Console 1 99ÿ532 Ko
    hpqwmiex.exe 2464 Services 0 5ÿ036 Ko
    SUPERAntiSpyware.exe 2864 Console 1 988 Ko
    WmiPrvSE.exe 3320 Services 0 6ÿ536 Ko
    ehmsas.exe 4176 Console 1 4ÿ256 Ko
    wmpnetwk.exe 4332 Services 0 10ÿ556 Ko
    WiFiMsg.exe 4516 Console 1 5ÿ040 Ko
    HpqToaster.exe 4672 Console 1 5ÿ924 Ko
    Com4QLBEx.exe 4868 Services 0 3ÿ756 Ko
    SynTPHelper.exe 5804 Console 1 2ÿ572 Ko
    wlcomm.exe 5852 Console 1 25ÿ684 Ko
    CCC.exe 5948 Console 1 8ÿ892 Ko
    HPHC_Service.exe 5200 Services 0 15ÿ896 Ko
    wuauclt.exe 5364 Console 1 5ÿ324 Ko
    List_Killem.exe 4884 Console 1 6ÿ136 Ko
    conime.exe 5724 Console 1 3ÿ368 Ko
    cmd.exe 5444 Console 1 2ÿ432 Ko
    WmiPrvSE.exe 5308 Services 0 11ÿ472 Ko
    WmiPrvSE.exe 3536 Services 0 5ÿ512 Ko
    TrustedInstaller.exe 2424 Services 0 26ÿ608 Ko
    tasklist.exe 5492 Console 1 4ÿ720 Ko

    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\Windows\system32\prntvpt.dll"
    C:\Users\nico\LOCAL Settings\Temp\SSUPDATE.EXE

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

    AgAppLaunch.db
    AgCx_SC1.db
    AgCx_SC1.db.trx
    AgCx_SC2.db
    AgGlFaultHistory.db
    AgGlFgAppHistory.db
    AgGlGlobalHistory.db
    AgGlUAD_P_S-1-5-21-3266793670-3546034856-3136528560-1000.db
    AgGlUAD_S-1-5-21-3266793670-3546034856-3136528560-1000.db
    AgRobust.db
    ASHMAISV.EXE-6E148274.pf
    ASHWEBSV.EXE-ABC7BAA7.pf
    ATBROKER.EXE-FF58B71D.pf
    AUTOROUT.EXE-6C37173E.pf
    AUTOROUT.EXE-D25779F6.pf
    AVAST.SETUP-84A5483F.pf
    CACLS.EXE-1F538DC1.pf
    CCC.EXE-ECD4BD27.pf
    CMD.EXE-89305D47.pf
    COM4QLBEX.EXE-6F9FBD83.pf
    CONIME.EXE-B273009A.pf
    CONSENT.EXE-65F6206D.pf
    CONTROL.EXE-9459D5A0.pf
    DFRGNTFS.EXE-4F838A89.pf
    DLLHOST.EXE-4AD9D628.pf
    DLLHOST.EXE-60D2D74F.pf
    DLLHOST.EXE-71214090.pf
    DLLHOST.EXE-893DDF55.pf
    DWM.EXE-AEABE78B.pf
    EHMSAS.EXE-6BE9D904.pf
    ESETSMARTINSTALLER.EXE-BB43B9E8.pf
    EXCEL.EXE-63933DC7.pf
    EXPLORER.EXE-7A3328DA.pf
    FIREFOX.EXE-E60C0AA7.pf
    FLASHUTIL9E.EXE-821D7733.pf
    GNC.EXE-9DDC32BC.pf
    GNC.EXE-ECFC66BE.pf
    HELPER.EXE-36267E56.pf
    HELPPANE.EXE-D1016F9E.pf
    HPHC_SERVICE.EXE-B8B935C8.pf
    HPQTOASTER.EXE-3B718527.pf
    HPQWMIEX.EXE-47BFC017.pf
    IE4UINIT.EXE-0BC11EF2.pf
    IE8-WINDOWSVISTA-X86-FRA.EXE-39A0FE2D.pf
    IEINSTAL.EXE-6C8EA198.pf
    IELOWUTIL.EXE-79D45B69.pf
    IESETUP.EXE-CCDB541B.pf
    IEUSER.EXE-D895AB54.pf
    IEXPLORE.EXE-1B894AFB.pf
    Layout.ini
    LIST_KILLEM.EXE-A8CB0E49.pf
    LOGONUI.EXE-1BEE4A84.pf
    MBAM.EXE-CD3441D7.pf
    MFPMP.EXE-73140A33.pf
    MMLOADDRV.EXE-FA5EC687.pf
    MNYIMPRT.EXE-25C54726.pf
    MODE.COM-0F3F3F6D.pf
    MPAS-D.EXE-C74E749D.pf
    MPSIGSTUB.EXE-590AC4AF.pf
    MSFEEDSSYNC.EXE-1F01ED17.pf
    MSMONEY.EXE-AE4D1FEE.pf
    NOTEPAD.EXE-EB1B961A.pf
    NTOSBOOT-B00DFAAD.pf
    ONLINECMDLINESCANNER.EXE-407BBF51.pf
    PDMSETUP.EXE-CEC10DD5.pf
    PfSvPerfStats.bin
    POQEXEC.EXE-CFF63269.pf
    ReadyBoot
    REG.EXE-26976709.pf
    REGISTERIEPKEYS.EXE-A8651B1E.pf
    REGSVR32.EXE-55A4EE79.pf
    REVOUNINSTALLER.EXE-F84C9160.pf
    RUNDLL32.EXE-41E85287.pf
    RUNDLL32.EXE-42709310.pf
    RUNDLL32.EXE-B9EF4314.pf
    RUNDLL32.EXE-F452D79D.pf
    RUNONCE.EXE-E33ED995.pf
    SCHTASKS.EXE-2DE769BF.pf
    SEARCHFILTERHOST.EXE-AA7A1FDD.pf
    SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf
    SETDEPNX.EXE-0520665A.pf
    SETIEINSTALLEDDATE.EXE-A2F270A3.pf
    SPYBOTSD.EXE-8CD4E785.pf
    SSUPDATE.EXE-31DEAB46.pf
    SSVAGENT.EXE-527A509B.pf
    SSVAGENT.EXE-C26271B1.pf
    SUPERANTISPYWARE.EXE-794980AD.pf
    SVCHOST.EXE-8FD92526.pf
    SYNTPHELPER.EXE-4B6F43CF.pf
    SYSTEMINFO.EXE-F360EB78.pf
    TASKENG.EXE-5BAF290C.pf
    TASKLIST.EXE-9811F41E.pf
    TRUSTEDINSTALLER.EXE-031B6478.pf
    UPDATE.EXE-BE263E06.pf
    UPDATER.EXE-1FA191F8.pf
    USERINIT.EXE-F39AB672.pf
    VDS.EXE-AD27F0DC.pf
    VDSLDR.EXE-85F9A1C6.pf
    VERCLSID.EXE-4D95F5A7.pf
    VLC.EXE-CE8E9BE1.pf
    VSSVC.EXE-04D079CC.pf
    WERCON.EXE-FE5CD389.pf
    WERFAULT.EXE-B7E27BE5.pf
    WERMGR.EXE-2A1BCBC7.pf
    WINWORD.EXE-6AC9169C.pf
    WLCOMM.EXE-648065CA.pf
    WMIADAP.EXE-369DF1CD.pf
    WMIPRVSE.EXE-43972D0F.pf
    WMPLAYER.EXE-9DE758AE.pf
    WMPNETWK.EXE-BD0344CA.pf
    WUAUCLT.EXE-830BCC14.pf
    WUSA.EXE-2455B4B3.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  17. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ! Déconnecte toi ferme toutes tes applications en cours !

    ▶ Double-clic sur l'icône présente sur le bureau pour le lancer (sous vista : clic droit > "Exécuter en tant qu'administrateur").

    ▶ Choisis la langue souhaitée et valide par "entrée".

    ▶ Choisis cette fois ci l'option 2 : Mode Destruction

    ▶ Laisse travailler l'outil.

    ▶ Une fois Terminé , poste le contenu du 2éme rapport qui s'ouvre dans ta prochaine réponse.

    Note: le Rapport sur trouve en outre a cet emplacement: C:\Kill'em.txt
    0
  18. nico62
     
    ok rapport pointe

    Kill'em by g3n-h@ckm@n 1.0.3.0

    updated on 03.09.2009 ::::: 0.25

    Microsoft Windows [version 6.0.6001]

    04/09/2009 21:59:44,81

    Fichiers analysés :
    =================

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\Windows\system32\prntvpt.dll"

    ¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

    Quarantaine :

    ¤¤¤¤¤¤¤¤¤¤ Verification :

    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\Windows\system32\prntvpt.dll"

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

    AgAppLaunch.db
    AgCx_SC1.db
    AgCx_SC1.db.trx
    AgCx_SC2.db
    AgGlFaultHistory.db
    AgGlFgAppHistory.db
    AgGlGlobalHistory.db
    AgGlUAD_P_S-1-5-21-3266793670-3546034856-3136528560-1000.db
    AgGlUAD_S-1-5-21-3266793670-3546034856-3136528560-1000.db
    AgRobust.db
    Layout.ini
    NTOSBOOT-B00DFAAD.pf
    PfSvPerfStats.bin
    ReadyBoot
    WERMGR.EXE-2A1BCBC7.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  19. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Il ne reste plus maintenant qu'à faire un dernier RSIT histoire de faire un peu de ménage et de mise à jour.
    0
  20. nico62
     
    rapport poste
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by nico at 2009-09-05 11:46:13
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 165 GB (72%) free of 229 GB
    Total RAM: 3069 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:46:57, on 05/09/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\nico\Desktop\infection\RSIT.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\trend micro\nico.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fmz.qiwa.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    0
  • 1
  • 2
  • 3